Container Autoheal Service

This feature provides a way to restart failing appliance’s services. it builds on a Docker’s healthcheck functionality.

Docker provides the option to define a healthcheck for a container. A healthcheck helps detect, through regular testing, when an application in a container is not functioning properly (i.e. it has crashed, is unable to connect to the database or has incorrect configuration). Based on the healthcheck result, the container can be restarted or another automated action can be performed.

In the IAM Appliance, there is optional RPM package iam-docker-autoheal which contains a systemd service for automatically restarting containers and a systemd timer that ensures the service is run regularly. You can install the package using the command dnf install iam-docker-autoheal.

After installation, the following systemd units will be available in the system:

  • iam-docker-autoheal.service

  • iam-docker-autoheal.timer

The iam-docker-autoheal.service service, when started, will find all containers with the tag autoheal=enabled and status unhealthy. It then extracts the systemd service name from the container’s tag autoheal.service.name and restarts corresponding systemd service.

The iam-docker-autoheal.timer timer runs every 20 seconds and starts the iam-docker-autoheal.service.

How to set up Autoheal service

Install the iam-docker-autoheal package if not already installed. Newer versions of packages (e.g., iam-app-connector-server-0.4-1.el8.noarch) will install it automatically as a dependency.

  1. Install the package

    • dnf install iam-docker-autoheal.noarch

  2. Enable the timer

    • systemctl enable --now iam-docker-autoheal.timer

  3. Configure containers you want to be checked