Health Check

The built-in health check reports the status of DAP Server (Master and Standbys).

Overview

When you are scaling and managing DAP, the health check helps to determine when DAP Servers are up and ready for traffic. The health check reports the following information about a DAP Server: 

  • Status of each service running on the DAP Server

  • Status of the internal database on the DAP Server

  • Status of replication

  • Overall status of the DAP Server

Health check using the API

You can request health checks against any cluster node using the Conjur API. These routes do not require authentication.

The health check attempts an internal HTTP or TCP connection to each DAP service. It also attempts a simple transaction against all internal databases. If all of these tests are successful, the response is HTTP 200. Otherwise it is HTTP 502.

Health route

To check the health of the Master, use the health route. The following example shows how to submit the request on the command line:

 
$ curl --cacert conjur-myorg.pem https://conjur.myorg.com/health
 

{
"services": {
  "ldap": "ok",
  "authn": "ok",
  "authz": "ok",
  "expiration": "ok",
  "host-factory": "ok",
  "core": "ok",
  "pubkeys": "ok",
  "audit": "ok",
  "ok": true
},
"database": {
  "ok": true,
  "connect": {
    "main": "ok"
  },
  "replication_status": {
    "pg_current_xlog_location": "0/1D9D3A8",
    "pg_current_xlog_location_bytes": 31052712
  }
},
"ok": true
}

Remote health route

Use the remote_health route to check the health of any DAP Server from any other DAP Server. With this route, you can check master health relative to a follower, or follower health relative to a standby, and so on. The following example shows how to submit a remote request on the command line:

 
$ curl --cacert conjur-myorg.pem 
https://conjur.myorg.com/remote_health/conjur-standby.myorg.com
{
... // same format as /health route response
"ok": true
}                     

Check follower health

Run the health route on a Follower to determine if that Follower is able to service requests. If the follower returns HTTP 200, or its status is ok in a curl response, it means that the Follower is operational.

A health check on a follower does not reflect the status of the Master. A Follower's status can be ok, meaning that it is available to service requests, even when the master is experiencing problems.

Health check in the UI

The DAP UI shows a summary of health status for the nodes in a DAP cluster. If you have a simple configuration with just one node, the UI shows the status of the single node.

In 5.2.3 and later, the UI does not show the health status of followers.

To see the health summary in the UI: 

  1. Log into the UI. See User Interface.

  2. Click the Tools icon in the top right corner.

  3. Select Conjur Cluster.

    The window lists nodes and health for each one in the following categories: Services, Database, Replication Status, and Free Space. The Good status indicates healthy.

 
TrueApplication Access Manager DocsDynamic Access Provider10.9