IBM Verify

IBM Verify

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

  • 1.  Bug in 10.0.2.0 health_check.sh?

    Posted Fri March 04, 2022 05:58 AM
    Edited by Jan Lindstam Fri March 04, 2022 06:05 AM
    Hi,

    We have experienced weird behaviour occasionally with our ISVA containers. Liveness or readiness- probes have failed with following message

     Error> an invalid response code was received from the service. cat: /tmp/health_check.hdr: No such file or directory 

    Our liveness and readiness- probes were both configured to run with 10 s interval. When looking at the health_check.sh, script is storing curl- commands results to these files. After curl is executed, script checks the outcome from the files.

    # Some temporary files used by this script.
    result_file=/tmp/health_check.out
    error_file=/tmp/health_check.err
    hdr_file=/tmp/health_check.hdr
    cert_file=/tmp/health_check.pem

    The script also contains this trap- command, clearing the files
    trap "rm -f $result_file $error_file $hdr_file" EXIT

    We cannot be sure if the problem is in fact on above, but when we modified the probe intervals so that liveness is executed every 10s and readiness every 7s, problem vanished.

    Just by looking at the script, it seems that there is in fact possiblity that if both liveness and readiness- probes are executing at same time with just small time difference, the first execution clears the output files (on exit) which the second execution has just written - causing the second execution failing.  

    Could somebody confirm this is the case?

    Edit:  The script file seems to have other  references to various fixed temporary files  under /tmp, which may equally well either ruin the runs or even provide wrong results if both probes execute same time. Migth be good to try insulate runs for liveness and readiness-probe to use fully separate tmp files.

    Br Jan 






    ------------------------------
    Jan Lindstam
    ------------------------------


  • 2.  RE: Bug in 10.0.2.0 health_check.sh?

    Posted Sun March 06, 2022 03:16 PM

    Jan,

     

    I agree that this is an issue with the health check script.  The development team will ensure that this issue is fixed in time for the next release, but if you need a fix prior to then please raise a ticket with the support team so that they can create a fix-pack for you.  This is currently only an issue with the health check scripts for the verify-access and verify-access-dsc images.  The lightweight verify-access-wrp and verify-access-runtime images do not suffer from this same problem.

     

    Thanks.

     

     

    Scott A. Exton
    Senior Software Engineer
    Chief Programmer - IBM Security Verify Access
    IBM Master Inventor

     

     




    Original Message


Related Content