[containers] Add healthcheck for SSO redirections

This will help us catch issues in e.g. moodle, nextcloud and wp.

dd-apps/docker/moodle/Dockerfile

@@ -8,6 +8,7 @@ COPY src/rootfs/ /
 COPY 02-configure-moodle.sh /docker-entrypoint-init.d/
 COPY 03-plugins.sh /docker-entrypoint-init.d/
 COPY src/rootfs/var/www/html/admin/cli/isinstalled.php /
+COPY is_moodle_ready.sh /
 RUN echo "user=nobody" >> /etc/php7/php-fpm.d/www.conf
 RUN echo "group=nobody" >> /etc/php7/php-fpm.d/www.conf
 RUN apk add --no-cache dcron libcap && \

dd-apps/docker/moodle/is_moodle_ready.sh

@@ -0,0 +1,12 @@
+#!/bin/sh -eu
+
+# Check exclusively whether moodle has been installed and the web service is up
+if test -f /var/www/html/admin/cli/isinstalled.php && \
+	! php -d max_input_vars=$max_input_vars \
+		/var/www/html/admin/cli/isinstalled.php 2>&1 > /dev/null && \
+	curl -s --output /dev/null localhost:8080; then
+	exit 0
+else
+	# Force exit status 1, docker reserves exit status 2
+	exit 1
+fi

dd-apps/docker/moodle/moodle.yml

@@ -47,5 +47,14 @@ services:
       - max_input_vars=5000
       - max_execution_time=${MOODLE_MAX_EXECUTION_TIME}
       - memory_limit=${MOODLE_MEMORY_LIMIT}
+    healthcheck:
+        test: |
+          curl -L --max-redirs 1 \
+            --proxy-basic 'http://localhost:8080' \
+            -sw '%{redirect_url}' \
+            'http://moodle.${DOMAIN}/' | grep -q 'https://sso.${DOMAIN}'
+        interval: 30s
+        timeout: 10s
+        retries: 5
     networks:
       - dd_net

dd-apps/docker/nextcloud/nextcloud.yml

@@ -56,5 +56,14 @@ services:
     volumes:
       - ${BUILD_APPS_ROOT_PATH}/docker/nextcloud/nginx.conf:/etc/nginx/nginx.conf:ro
       - ${SRC_FOLDER}/nextcloud:/var/www/html:ro
+    healthcheck:
+        test: |
+          curl -L --max-redirs 1 \
+            --proxy-basic 'http://localhost:8080' \
+            -sw '%{redirect_url}' \
+            'https://nextcloud.${DOMAIN}/login' | grep -q 'https://sso.${DOMAIN}'
+        interval: 30s
+        timeout: 10s
+        retries: 5
     networks:
       - dd_net

dd-apps/docker/wordpress/wordpress.yml

@@ -47,7 +47,11 @@ services:
       - dd-apps-mariadb
     restart: unless-stopped
     healthcheck:
-        test: ["CMD", "curl", "-f", "http://localhost:80"]
+        test: |
+          curl \
+            --proxy-basic 'http://localhost' \
+            -sw '%{redirect_url}' \
+            'https://wp.${DOMAIN}/' | grep -q 'https://sso.${DOMAIN}'
         interval: 30s
         timeout: 10s
         retries: 5

dd-ctl

@@ -500,7 +500,14 @@ saml_certificates(){
 wait_for_moodle(){
 	echo "Waiting for system to be fully up before customizing... It can take some minutes..."
 	echo " (you can monitorize install with: docker logs dd-apps-moodle --follow"
-	while ! docker inspect -f '{{.State.Health.Status}}' dd-apps-moodle | grep -q "^healthy$"; do     sleep 2; done
+	# This previously waited for the container to be 'healthy',
+	# but that was not what is actually required here, which is:
+	#  - Is moodle installed?
+	#  - Is the web service up?
+	# That is now checked in /is_moodle_ready.sh
+	while ! docker exec dd-apps-moodle /is_moodle_ready.sh; do
+		sleep 2;
+	done
 }
 
 upgrade_moodle(){
@@ -865,6 +872,16 @@ case "$OPERATION" in
 	listpatches)
 		listpatches
 	;;
+	failing-containers)
+		fc="$(docker ps --format '{{.Names}}' -f 'health=unhealthy')"
+		if [ -n "${fc}" ]; then
+			cat >&2  <<-EOF
+			Failing containers:
+			${fc}
+			EOF
+			exit 1
+		fi
+	;;
 	genpatches)
 		genpatches
 	;;