Running service health checks
Learn how to run service health checks in Cloud Identity Plane (CIP). This document describes internal service health check APIs intended to be used by developers, for example, to write a monitoring script that reports the system status. Health checks are available only for services mentioned in this document.
Prerequisites
-
CIP is up and running.
-
Access to service configuration data (for example a docker-compose file) or information about the service domain from other sources.
api-gateway health check
Send a request to the /status endpoint of api-gateway. Use the service name and port configured
for your deployment.
curl -v http://api-gateway-host:4050/status
The response can be either 200 OK if all services are up:
{
"kafka": "UP",
"hazelcast": "UP",
"acp": "UP",
"customerService": "UP",
"authz": "UP"
}
or 503 Service Unavailable if one or more services are down:
{
"kafka": "UP",
"hazelcast": "UP",
"acp": "DOWN",
"customerService": "UP",
"authz": "UP"
}
All of the following components are checked by default:
| Component | Description |
|---|---|
| kafka | Kafka message broker used by the service |
| hazelcast | Storage for token information, authentication and authorization sessions, authentication events shared data caches, and more |
| acp | Checks if ACP is alive. This check should only be used when CIP is used as an ACP component. Disable this check in your api-gateway configuration otherwise. |
| customerService | Service used to track and store information regarding organizations |
| authz | Service used to track and store authorization information |
You can disable the health check on any components from the above list. For more information, read Configuring health checks for api-gateway.
authz-service health check
Send a request to the /status endpoint of authz_service. Use the service name and port configured
for your deployment.
curl -v http://authz_service-host:9050/status
The response can be either 200 OK if all services are up:
{
"kafka": "UP",
"hazelcast": "UP"
}
or 503 Service Unavailable if one or more services are down:
{
"kafka": "UP",
"hazelcast": "DOWN"
}
All of the following components are checked by default:
| Component | Description |
|---|---|
| kafka | Kafka message broker used by the service |
| hazelcast | Storage for token information, authentication and authorization sessions, authentication events, shared data caches, and more |
You can disable the health check on any components from the above list. For more information, read Configuring health checks for authz_service.
devices-service health check
Send a request to the /status endpoint of devices-service. Use the service name and port configured
for your deployment.
curl -v http://devices-service-host:8090/status
The response can be either 200 OK if all services are up:
{
"deviceStorage":"UP"
}
or 503 Service Unavailable if one or more services are down:
{
"deviceStorage":"DOWN"
}
All of the following components are checked by default:
| Component | Description |
|---|---|
| deviceStorage | Data store holding device data |
You can disable the health check on any components from the above list. For more information, read Configuring health checks for devices-service.
iam-services health check
Send a request to the /status endpoint of iam-services. Use the service name and port configured
for your deployment.
curl -v http://iam-services-host:7900/status
The response can be either 200 OK if all services are up:
{
"userStorage": "UP",
"sessionStorage": "UP",
"kafka": "UP",
"acp": "UP",
"deviceService": "UP",
"permissionService": "UP"
}
or 503 Service Unavailable if one or more services are down:
{
"userStorage": "UP",
"sessionStorage": "UP",
"kafka": "UP",
"acp": "UP",
"deviceService": "DOWN",
"permissionService": "UP"
}
All of the following components are checked by default:
| Component | Description |
|---|---|
| userStorage | Data store holding user data. |
| sessionStorage | Data store holding session information. |
| kafka | Kafka message broker used by the service |
| acp | Checks if ACP is alive. This check should only be used when CIP is used as an ACP component. Disable this check in your iam-services configuration otherwise. |
| deviceService | Service used to track and store device information. |
You can disable the health check on any components from the above list.. For more information, read Configuring health checks for iam-services.
permission-service health check
Send a request to the /status endpoint of permission-service. Use the service name and port configured
for your deployment.
curl -v http://permission-service-host:6969/status
The response can be either 200 OK if all services are up:
{
"permissionStorage":"UP"
}
or 503 Service Unavailable if one or more services are down:
{
"permissionStorage":"DOWN"
}
All of the following components are checked by default:
| Component | Description |
|---|---|
| permissionStorage | Data store holding permission data |
You can disable the health check on any components from the above list. For more information, read Configuring health checks for permission-service.