From 387fb1af1fe3476a9fe9652082ee9e496625a6d1 Mon Sep 17 00:00:00 2001 From: Dan Heath <76443935+Dan-Heath@users.noreply.github.com> Date: Tue, 20 Aug 2024 15:49:03 +0000 Subject: [PATCH 01/11] backport of commit 66890fa76f22ca5c3a425034d732a0e942142759 --- .../content/docs/release-notes/v0_16_0.mdx | 115 +++++++++++++++--- .../content/docs/release-notes/v0_17_0.mdx | 67 +++++++++- 2 files changed, 165 insertions(+), 17 deletions(-) diff --git a/website/content/docs/release-notes/v0_16_0.mdx b/website/content/docs/release-notes/v0_16_0.mdx index e22d21ab0d..22f58bbeb7 100644 --- a/website/content/docs/release-notes/v0_16_0.mdx +++ b/website/content/docs/release-notes/v0_16_0.mdx @@ -11,11 +11,38 @@ description: |- @include 'release-notes/intro.mdx' - +## Important changes - In a future version Boundary will no longer automatically create roles when new scopes are created. This was implemented prior to multi-scope grants to ensure administrators and users had default permissions in new scopes. Since Boundary 0.15, initial roles created for new clusters provide these permissions by default to all scopes using multi-scope grants. + + + + + + + + - + + + + + + + + + + +
ChangeDescription
+ Role creation + + In a future version Boundary will no longer automatically create roles when new scopes are created. This was implemented prior to multi-scope grants to ensure administrators and users had default permissions in new scopes. Since Boundary 0.15, initial roles created for new clusters provide these permissions by default to all scopes using multi-scope grants. +
+ curl no longer included in Boundary Enterprise + + As of version 0.16.3 and later, the curl binary is no longer included in the published Docker container image for Boundary Enterprise. If your workflow depends on having curl in the image, you can dynamically install it using apk. +

+ Learn more:  Known issues and breaking changes +
## New features @@ -37,13 +64,13 @@ description: |- GA - A new resource was introduced in this release. Aliases let you associate a string with a Boundary target. You can then establish a session to the target by referencing its alias, instead of having to provide a target ID or target name and scope ID. + A new resource was introduced in this release. Aliases let you associate a string with a Boundary target. You can then establish a session to the target by referencing its alias, instead of having to provide a target ID or target name and scope ID.

Learn more: Aliases. - + MinIO support for session recording @@ -144,6 +171,26 @@ description: |- + + + 0.16.0 +

+ (Fixed in 0.16.0) + + + Users cannot log in to Boundary Desktop + + + A bug caused Boundary Desktop to incorrectly assume the controller was running an unsupported version. It would prevent users from being able to log in to the Desktop client. +

+ Learn more:  Boundary Desktop issue #4370 +

+ This issue is fixed in Boundary version 0.16.0. +

+ Upgrade to the latest version of Boundary + + + 0.16.0 @@ -202,27 +249,65 @@ description: |- - + + + 0.16.3+ + + + Docker image no longer contains curl + + + As of version 0.16.3 and later, the curl binary is no longer included in the published Docker container image for Boundary Enterprise. +

+ If your workflow depends on having curl in the image, you can dynamically install it using apk. Refer to the following commands for examples of using apk to install curl: +

+ <CONTAINER-ID> apk add curl +

+ or +

+ kubectl exec -ti <NAME> -- apk add curl + + + + 0.16.0

- (Fixed in 0.16.0) + (Fixed in 0.16.3) - Users cannot log in to Boundary Desktop + Using an invalid alias results in a 401 message - A bug caused Boundary Desktop to incorrectly assume the controller was running an unsupported version. It would prevent users from being able to log in to the Desktop client. + If you tried to connect to an invalid alias, Boundary returned a message with the 401 status code. The 401 status code could cause users to believe that they did not properly authenticate, rather than realizing the alias resource was invalid.

- Learn more:  + This issue is fixed in Boundary version 0.16.3. If you use an invalid alias, Boundary now properly returns a 404 status code, indicating that it could not find the alias resource.

- Boundary Desktop issue #4370 + Learn more:  Aliases

- This issue is fixed in Boundary version 0.16.0. + Upgrade to the latest version of Boundary + + + + + + 0.16.0 +

(Fixed in 0.16.3) + + + Session recording fails when you use Secure File Copy (SCP) + + + If you tried to use SCP during a recorded session, the session recording details may shown the recording state as Failed, and you may not have been able to play back the session. +

+ This issue occurs when a recorded session file is too large. It can happen when you use SCP to transfer large files during a recorded session, In Boundary version 0.16.3, we have increased the maximum size for recorded session files to 5 GB. This issue should happen less often now, but be careful when you use SCP during a recorded session, because it can result in large recorded session files. +

+ Learn more:  Session recording storage considerations

Upgrade to the latest version of Boundary + @@ -242,7 +327,7 @@ description: |- boundary daemon command - The boundary daemon command has been deprecated in favor of the new boundary cache command. The functionality remains the same. + The boundary daemon command has been deprecated in favor of the new boundary cache command. The functionality remains the same.

Learn more:  boundary cache @@ -254,7 +339,7 @@ description: |- include_terminated field removed - The include_terminated field from the list sessions command has been deprecated and will be removed in an upcoming release. Boundary will return terminated sessions in all list session responses, unless they are filtered out using the filter field. For more information, refer to the filter resource documentation. + The include_terminated field from the list sessions command has been deprecated and will be removed in an upcoming release. Boundary will return terminated sessions in all list session responses, unless they are filtered out using the filter field. For more information, refer to the filter resource documentation.

Learn more:  sessions list command options and Filter resource listings @@ -266,7 +351,7 @@ description: |- grant_scope_id field removed from roles - The grant_scope_id field, which was deprecated in release 0.15.0, has been removed from roles. You can now manage roles using the add-grant-scopes, remove-grant-scopes, and set-grant-scopes commands. + The grant_scope_id field, which was deprecated in release 0.15.0, has been removed from roles. You can now manage roles using the add-grant-scopes, remove-grant-scopes, and set-grant-scopes commands.

Learn more: add-grant-scopes, remove-grant-scopes, and set-grant-scopes diff --git a/website/content/docs/release-notes/v0_17_0.mdx b/website/content/docs/release-notes/v0_17_0.mdx index 09f2dac178..9bd13d55cc 100644 --- a/website/content/docs/release-notes/v0_17_0.mdx +++ b/website/content/docs/release-notes/v0_17_0.mdx @@ -11,6 +11,13 @@ description: |- @include 'release-notes/intro.mdx' +## Important change + +As of version 0.17.1 and later, the curl binary is no longer included in the published Docker container image for Boundary Enterprise. +If your workflow depends on having curl in the image, you can dynamically install it using apk. + +Refer to [Known issues and breaking changes](#known-issues-and-breaking-changes) for more information. + ## New features @@ -31,13 +38,13 @@ description: |- GA - + @@ -125,5 +132,61 @@ description: |- + + + + + + + + + + + + + + + + + +
- Prior to this version, if you wanted to edit or update worker tags, you had to do it using the worker configuration file, the CLI, or the API. Now, you can edit worker tags directly in the Boundary UI. + Prior to this version, if you wanted to edit or update worker tags, you had to do it using the worker configuration file, the CLI, or the API. Now, you can edit worker tags directly in the Boundary UI.

Learn more: Worker tags.
Multi-scope roles and inheritance
+ 0.17.1+ + + Docker image no longer contains curl + + As of version 0.17.1 and later, the curl binary is no longer included in the published Docker container image for Boundary Enterprise. +

+ If your workflow depends on having curl in the image, you can dynamically install it using apk. Refer to the following commands for examples of using apk to install curl: +

+ <CONTAINER-ID> apk add curl +

+ or +

+ kubectl exec -ti <NAME> -- apk add curl +
+ 0.17.0 (Fixed in 0.17.1) + + Using an invalid alias results in a 401 message + + If you tried to connect to an invalid alias, Boundary returned a message with the 401 status code. The 401 status code could cause users to believe that they did not properly authenticate, rather than realizing the alias resource was invalid. +

+ This issue is fixed in Boundary version 0.17.1. If you use an invalid alias, Boundary now properly returns a 404 status code, indicating that it could not find the alias resource. +

+ Learn more:  Aliases +

+ Upgrade to the latest version of Boundary +
+ 0.17.0 (Fixed in 0.17.1) + + Session recording fails when you use Secure File Copy (SCP) + + If you tried to use SCP during a recorded session, the session recording details may shown the recording state as Failed, and you may not have been able to play back the session. +

+ This issue occurs when a recorded session file is too large. It can happen when you use SCP to transfer large files during a recorded session, In Boundary version 0.17.1, we have increased the maximum size for recorded session files to 5 GB. This issue should happen less often now, but be careful when you use SCP during a recorded session, because it can result in large recorded session files. +

+ Learn more:  Session recording storage considerations +

+ Upgrade to the latest version of Boundary +
\ No newline at end of file From a4eae18bbc9078967e827277ee7504a9293e8d7b Mon Sep 17 00:00:00 2001 From: Dan Heath <76443935+Dan-Heath@users.noreply.github.com> Date: Tue, 20 Aug 2024 16:01:07 +0000 Subject: [PATCH 02/11] backport of commit f43b1a5860075bc0a9b9d5d6377c22018bad2dc1 --- website/content/docs/release-notes/v0_16_0.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/content/docs/release-notes/v0_16_0.mdx b/website/content/docs/release-notes/v0_16_0.mdx index 22f58bbeb7..9670e506f9 100644 --- a/website/content/docs/release-notes/v0_16_0.mdx +++ b/website/content/docs/release-notes/v0_16_0.mdx @@ -33,7 +33,7 @@ description: |- - curl no longer included in Boundary Enterprise + Docker image no longer contains curl As of version 0.16.3 and later, the curl binary is no longer included in the published Docker container image for Boundary Enterprise. If your workflow depends on having curl in the image, you can dynamically install it using apk. From 10ea916d71b204839c581981e235aa6e4339af9e Mon Sep 17 00:00:00 2001 From: Dan Heath <76443935+Dan-Heath@users.noreply.github.com> Date: Tue, 20 Aug 2024 19:22:54 +0000 Subject: [PATCH 03/11] backport of commit 273ccfadee4606fb5020212bfd258e348f25dd23 --- .../content/docs/release-notes/v0_17_0.mdx | 34 ++++++++++++++++--- 1 file changed, 30 insertions(+), 4 deletions(-) diff --git a/website/content/docs/release-notes/v0_17_0.mdx b/website/content/docs/release-notes/v0_17_0.mdx index 9bd13d55cc..5d6df25226 100644 --- a/website/content/docs/release-notes/v0_17_0.mdx +++ b/website/content/docs/release-notes/v0_17_0.mdx @@ -11,12 +11,38 @@ description: |- @include 'release-notes/intro.mdx' -## Important change +## Important changes -As of version 0.17.1 and later, the curl binary is no longer included in the published Docker container image for Boundary Enterprise. -If your workflow depends on having curl in the image, you can dynamically install it using apk. + + + + + + + + + + + + + -Refer to [Known issues and breaking changes](#known-issues-and-breaking-changes) for more information. + + + + + +
ChangeDescription
+ Role creation + + In a future version Boundary will no longer automatically create roles when new scopes are created. This was implemented prior to multi-scope grants to ensure administrators and users had default permissions in new scopes. Since Boundary 0.15, initial roles created for new clusters provide these permissions by default to all scopes using multi-scope grants. +
+ Docker image no longer contains curl + + As of version 0.17.1 and later, the curl binary is no longer included in the published Docker container image for Boundary Enterprise. If your workflow depends on having curl in the image, you can dynamically install it using apk. +

+ Learn more:  Known issues and breaking changes +
## New features From 2d6b69990a696c149794b3e1fa522909f95f2237 Mon Sep 17 00:00:00 2001 From: Dan Heath <76443935+Dan-Heath@users.noreply.github.com> Date: Thu, 22 Aug 2024 15:52:12 +0000 Subject: [PATCH 04/11] backport of commit ebe94139283ce218095a8dd456b00d0120cc13f2 --- website/content/docs/operations/health.mdx | 30 ++++++++++++++++++- .../content/docs/release-notes/v0_16_0.mdx | 6 +++- .../content/docs/release-notes/v0_17_0.mdx | 6 +++- 3 files changed, 39 insertions(+), 3 deletions(-) diff --git a/website/content/docs/operations/health.mdx b/website/content/docs/operations/health.mdx index c0a5349ad8..a415b644f6 100644 --- a/website/content/docs/operations/health.mdx +++ b/website/content/docs/operations/health.mdx @@ -55,9 +55,37 @@ The controller health service introduces a single read-only endpoint: All responses return empty bodies. `GET /health` does not support any input. +## Check the health endpoint using `wget` + +You can use `wget` to check the health endpoint. +The Boundary Enterprise binary includes `wget`. + +Use the following `wget` command to check a worker's status to determine if it is healthy: + +```shell-session +wget -q -O - http://localhost:9203/health?worker_info=1 | grep -c 'READY' +``` + +- `-q` - Prints the response instead of saving it to a file. +- `-0` - Allows Boundary to pass the worker's URL. + +If Boundary returns a `1`, it means the worker is healthy. + +You can also use the following command without `grep -c 'READY'` to print a more verbose response that includes the worker's state, active session count, and connection state: + +```shell-session +wget -q -O - http://localhost:9203/health?worker_info=1 +``` + ## Example response -When you check the health endpoint, Boundary returns a response with the following worker information: +When you check the health endpoing using `wget`, Boundary returns a response with the folowing worker information: + +```shell-session +{"worker_process_info":{"state":"active", "active_session_count":0, "upstream_connection_state":"READY"}} +``` + +When you check the health endpoint using `curl`, Boundary returns a response with the following worker information: ```json ❯ curl "worker:9403/health?worker_info=1" diff --git a/website/content/docs/release-notes/v0_16_0.mdx b/website/content/docs/release-notes/v0_16_0.mdx index 9670e506f9..760436681f 100644 --- a/website/content/docs/release-notes/v0_16_0.mdx +++ b/website/content/docs/release-notes/v0_16_0.mdx @@ -36,7 +36,7 @@ description: |- Docker image no longer contains curl - As of version 0.16.3 and later, the curl binary is no longer included in the published Docker container image for Boundary Enterprise. If your workflow depends on having curl in the image, you can dynamically install it using apk. + As of version 0.16.3 and later, the curl binary is no longer included in the published Docker container image for Boundary Enterprise. The image now includes wget, which you can alternatively use to check the health endpoint for a worker. If your workflow depends on having curl in the image, you can dynamically install it using apk.

Learn more:  Known issues and breaking changes @@ -259,6 +259,10 @@ description: |- As of version 0.16.3 and later, the curl binary is no longer included in the published Docker container image for Boundary Enterprise.

+ The image now includes wget. You can use wget to check the health endpoint for workers. +

+ Learn more:  Check the health endpoint using wget +

If your workflow depends on having curl in the image, you can dynamically install it using apk. Refer to the following commands for examples of using apk to install curl:

<CONTAINER-ID> apk add curl diff --git a/website/content/docs/release-notes/v0_17_0.mdx b/website/content/docs/release-notes/v0_17_0.mdx index 5d6df25226..d89d7baa5d 100644 --- a/website/content/docs/release-notes/v0_17_0.mdx +++ b/website/content/docs/release-notes/v0_17_0.mdx @@ -36,7 +36,7 @@ description: |- Docker image no longer contains curl - As of version 0.17.1 and later, the curl binary is no longer included in the published Docker container image for Boundary Enterprise. If your workflow depends on having curl in the image, you can dynamically install it using apk. + As of version 0.17.1 and later, the curl binary is no longer included in the published Docker container image for Boundary Enterprise. The image now includes wget, which you can alternatively use to check the health endpoint for a worker. If your workflow depends on having curl in the image, you can dynamically install it using apk.

Learn more:  Known issues and breaking changes @@ -168,6 +168,10 @@ description: |- As of version 0.17.1 and later, the curl binary is no longer included in the published Docker container image for Boundary Enterprise.

+ The image now includes wget. You can use wget to check the health endpoint for workers. +

+ Learn more:  Check the health endpoint using wget +

If your workflow depends on having curl in the image, you can dynamically install it using apk. Refer to the following commands for examples of using apk to install curl:

<CONTAINER-ID> apk add curl From bc4a42f34eb73f6cbbaf81a8eb3256dd2ca9d0d4 Mon Sep 17 00:00:00 2001 From: Dan Heath <76443935+Dan-Heath@users.noreply.github.com> Date: Thu, 22 Aug 2024 15:55:07 +0000 Subject: [PATCH 05/11] backport of commit 7057f4acc20d262cc55d9a44acef565eba1224d2 --- website/content/docs/operations/health.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/content/docs/operations/health.mdx b/website/content/docs/operations/health.mdx index a415b644f6..b10041bbc8 100644 --- a/website/content/docs/operations/health.mdx +++ b/website/content/docs/operations/health.mdx @@ -79,7 +79,7 @@ wget -q -O - http://localhost:9203/health?worker_info=1 ## Example response -When you check the health endpoing using `wget`, Boundary returns a response with the folowing worker information: +When you check the health endpoint using `wget`, Boundary returns a response with the following worker information: ```shell-session {"worker_process_info":{"state":"active", "active_session_count":0, "upstream_connection_state":"READY"}} From 2c7b8fa6165059c9826d6c41afa8062f0c8805c3 Mon Sep 17 00:00:00 2001 From: Dan Heath <76443935+Dan-Heath@users.noreply.github.com> Date: Thu, 22 Aug 2024 16:08:46 +0000 Subject: [PATCH 06/11] backport of commit e5eef4ac91f4febcb94c01f44bd2fda85f6a7ce7 --- website/content/docs/operations/health.mdx | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/website/content/docs/operations/health.mdx b/website/content/docs/operations/health.mdx index b10041bbc8..8a4a46e108 100644 --- a/website/content/docs/operations/health.mdx +++ b/website/content/docs/operations/health.mdx @@ -57,10 +57,11 @@ All responses return empty bodies. `GET /health` does not support any input. ## Check the health endpoint using `wget` -You can use `wget` to check the health endpoint. The Boundary Enterprise binary includes `wget`. +It is also available to HCP Boundary users. +You can use it to check the health endpoint. -Use the following `wget` command to check a worker's status to determine if it is healthy: +Use the following command to check a worker's status to determine if it is healthy: ```shell-session wget -q -O - http://localhost:9203/health?worker_info=1 | grep -c 'READY' From eeb9f043ce85c4cb726cb1e40619422c60ab56e9 Mon Sep 17 00:00:00 2001 From: stellarsquall Date: Thu, 22 Aug 2024 17:16:37 +0000 Subject: [PATCH 07/11] backport of commit 61ccb4170c84ed6b7d70124ea0c5248ea3e03c68 --- website/content/docs/operations/health.mdx | 66 ++++++++-------------- 1 file changed, 23 insertions(+), 43 deletions(-) diff --git a/website/content/docs/operations/health.mdx b/website/content/docs/operations/health.mdx index 8a4a46e108..c4f0556628 100644 --- a/website/content/docs/operations/health.mdx +++ b/website/content/docs/operations/health.mdx @@ -2,46 +2,27 @@ layout: docs page_title: Boundary health endpoints description: |- - Verify the Boundary controller server is up and able to receive requests + Verify the Boundary controller and worker server status using health endpoints. --- # Boundary health endpoints -Boundary provides health monitoring through the `/health` path using a listener -with the `"ops"` purpose. By default, a listener with that purpose runs on port -`9203`. See the [example configuration](#example-configuration) section for an -example listener stanza in a `config.hcl` file. +Boundary provides health monitoring through the `/health` path using a listener with the `"ops"` purpose. By default, a listener with that purpose runs on port `9203`. See the [example configuration](#example-configuration) section for an example listener stanza in a `config.hcl` file. ## Requirements -To enable the controller health endpoint, any Boundary instance must be -started with a controller. That is, a `controller` block and a `purpose = "api"` -listener must be defined in Boundary's configuration file. Additionally, a -`purpose = "ops"` listener must also be defined in Boundary's configuration -file. Under these conditions, the `ops` server (which hosts the controller health -api) will be exposed. +To enable the controller health endpoint, any Boundary instance must be started with a controller. That is, a `controller` block and a `purpose = "api"` +listener must be defined in Boundary's configuration file. Additionally, a `purpose = "ops"` listener must also be defined in Boundary's configuration file. Under these conditions, the `ops` server (which hosts the controller health api) will be exposed. ## Shutdown grace period -Optionally, when the controller health endpoint is enabled, Boundary can be -configured to change the controller health response to `503 Service Unavailable` -upon receiving a shutdown signal, and wait a configurable amount of time before -starting the shutdown process. +Optionally, when the controller health endpoint is enabled, you can configure the controller health response to `503 Service Unavailable` upon receiving a shutdown signal, and wait a configurable amount of time before starting the shutdown process. -This feature is designed to integrate with load balancers to reduce the risk of -an outgoing Boundary instance causing disruption to incoming requests. +This feature supports load balancing by reducing the risk of an outgoing Boundary instance causing disruption to incoming requests. -In this state, Boundary is still capable of processing requests as normal, but -will report as unhealthy through the controller health endpoint. In -load-balanced environments, this would cause this "unhealthy" instance to be -removed from the pool of instances eligible to handle requests, and thereby, reducing the -likelihood that it will receive a request to handle during shutdown. +In this state, Boundary is still capable of processing requests as normal, but will report as unhealthy through the controller health endpoint. In load-balanced environments, this would cause this "unhealthy" instance to be removed from the pool of instances eligible to handle requests, reducing the likelihood that it will receive a request to handle during shutdown. -This feature is disabled by default, even if the controller health endpoint is -enabled. You can set it up by defining `graceful_shutdown_wait_duration` in the -`controller` block of Boundary's configuration file. The value should be set to -a string that is parseable by -[ParseDuration](https://pkg.go.dev/time#ParseDuration). +This feature is disabled by default, even if the controller health endpoint is enabled. You can enable it by defining `graceful_shutdown_wait_duration` in the `controller` block of Boundary's configuration file. The value should be set to a string that is parseable by [ParseDuration](https://pkg.go.dev/time#ParseDuration). ## API @@ -57,14 +38,12 @@ All responses return empty bodies. `GET /health` does not support any input. ## Check the health endpoint using `wget` -The Boundary Enterprise binary includes `wget`. -It is also available to HCP Boundary users. -You can use it to check the health endpoint. +The Boundary Enterprise binary includes `wget`. It is also available to HCP Boundary users. You can use it to check the health endpoint. Use the following command to check a worker's status to determine if it is healthy: ```shell-session -wget -q -O - http://localhost:9203/health?worker_info=1 | grep -c 'READY' +$ wget -q -O - http://localhost:9203/health?worker_info=1 | grep -c 'READY' ``` - `-q` - Prints the response instead of saving it to a file. @@ -75,7 +54,7 @@ If Boundary returns a `1`, it means the worker is healthy. You can also use the following command without `grep -c 'READY'` to print a more verbose response that includes the worker's state, active session count, and connection state: ```shell-session -wget -q -O - http://localhost:9203/health?worker_info=1 +$ wget -q -O - http://localhost:9203/health?worker_info=1 ``` ## Example response @@ -83,14 +62,14 @@ wget -q -O - http://localhost:9203/health?worker_info=1 When you check the health endpoint using `wget`, Boundary returns a response with the following worker information: ```shell-session +$ wget -q -O - http://localhost:9203/health?worker_info=1 | grep -c 'READY' {"worker_process_info":{"state":"active", "active_session_count":0, "upstream_connection_state":"READY"}} ``` When you check the health endpoint using `curl`, Boundary returns a response with the following worker information: -```json -❯ curl "worker:9403/health?worker_info=1" - +```shell-session +$ curl "worker:9403/health?worker_info=1" { "worker_process_info":{ "state":"active", @@ -99,14 +78,20 @@ When you check the health endpoint using `curl`, Boundary returns a response wit } } ``` + The response contains the following fields: - `state` - The operational state of the worker. + Possible worker states include active, shutdown, and unknown. + - `active_session_count` - The number of active sessions on the worker. - `upstream_connection_state` - The connection state of the worker. + This value indicates whether the worker can connect to an upstream address or connection. + It can be any of the following states: + - `CONNECTING` - The channel is trying to make a connection and is waiting for name resolution or the connection establishment. - `READY` - The channel has successfully established a connection, and any attempts to communicate have succeeded. - `TRANSIENT_FAILURE` - The channel suffered a transient failure such as a time out or socket error. @@ -118,9 +103,7 @@ It can be any of the following states: ## Example configuration -Health checks are available for a controller defined with a `purpose = "ops"` -listener stanza. For details on what fields are allowed in this stanza, refer to -the documentation about [TCP Listener](/boundary/docs/configuration/listener/tcp). +Health checks are available for a controller defined with a `purpose = "ops"` listener stanza. For details on what fields are allowed in this stanza, refer to the documentation about [TCP Listener](/boundary/docs/configuration/listener/tcp). An example listener stanza: @@ -143,8 +126,7 @@ listener "tcp" { } ``` -To enable a shutdown grace period, update the `controller` block with a defined -wait duration: +To enable a shutdown grace period, update the `controller` block with a defined wait duration: ```hcl controller { @@ -156,6 +138,4 @@ controller { } ``` -A complete example can be viewed under the [Controller -configuration](/boundary/docs/configuration/controller#complete-configuration-example) -docs. \ No newline at end of file +A complete example can be found under the [Controller configuration](/boundary/docs/configuration/controller#complete-configuration-example) docs. \ No newline at end of file From 76cf68635394d1e505dcb4c19dd3c43a7d9de3ad Mon Sep 17 00:00:00 2001 From: Dan Heath <76443935+Dan-Heath@users.noreply.github.com> Date: Thu, 22 Aug 2024 17:37:12 +0000 Subject: [PATCH 08/11] backport of commit efe99a8dd9218479eecd65f98b7a4c4f6f946bae --- website/content/docs/operations/health.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/content/docs/operations/health.mdx b/website/content/docs/operations/health.mdx index c4f0556628..a618d785f4 100644 --- a/website/content/docs/operations/health.mdx +++ b/website/content/docs/operations/health.mdx @@ -38,7 +38,7 @@ All responses return empty bodies. `GET /health` does not support any input. ## Check the health endpoint using `wget` -The Boundary Enterprise binary includes `wget`. It is also available to HCP Boundary users. You can use it to check the health endpoint. +The Boundary Enterprise Docker image includes `wget`. It is also available to HCP Boundary users. You can use it to check the health endpoint. Use the following command to check a worker's status to determine if it is healthy: From c1ea9a4119cc0b84c3017150b5b6ba85ad486ad3 Mon Sep 17 00:00:00 2001 From: Dan Heath <76443935+Dan-Heath@users.noreply.github.com> Date: Thu, 22 Aug 2024 18:13:47 +0000 Subject: [PATCH 09/11] backport of commit 079f46032a5148d8343f601dab583299382c9615 --- website/content/docs/operations/health.mdx | 12 ++---------- 1 file changed, 2 insertions(+), 10 deletions(-) diff --git a/website/content/docs/operations/health.mdx b/website/content/docs/operations/health.mdx index a618d785f4..66d1bfdedd 100644 --- a/website/content/docs/operations/health.mdx +++ b/website/content/docs/operations/health.mdx @@ -81,17 +81,9 @@ $ curl "worker:9403/health?worker_info=1" The response contains the following fields: -- `state` - The operational state of the worker. - -Possible worker states include active, shutdown, and unknown. - +- `state` - The operational state of the worker. Possible worker states include active, shutdown, and unknown. - `active_session_count` - The number of active sessions on the worker. -- `upstream_connection_state` - The connection state of the worker. - -This value indicates whether the worker can connect to an upstream address or connection. - -It can be any of the following states: - +- `upstream_connection_state` - The connection state of the worker. This value indicates whether the worker can connect to an upstream address or connection. It can be any of the following states: - `CONNECTING` - The channel is trying to make a connection and is waiting for name resolution or the connection establishment. - `READY` - The channel has successfully established a connection, and any attempts to communicate have succeeded. - `TRANSIENT_FAILURE` - The channel suffered a transient failure such as a time out or socket error. From 82cb0ce59dddff61c942ad4ad8063f3391f60b32 Mon Sep 17 00:00:00 2001 From: Dan Heath <76443935+Dan-Heath@users.noreply.github.com> Date: Thu, 22 Aug 2024 20:39:45 +0000 Subject: [PATCH 10/11] backport of commit a092610fd9a70823fa03b6f83587e8852cd75b10 --- website/content/docs/operations/health.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/content/docs/operations/health.mdx b/website/content/docs/operations/health.mdx index 66d1bfdedd..6854d1c383 100644 --- a/website/content/docs/operations/health.mdx +++ b/website/content/docs/operations/health.mdx @@ -49,7 +49,7 @@ $ wget -q -O - http://localhost:9203/health?worker_info=1 | grep -c 'READY' - `-q` - Prints the response instead of saving it to a file. - `-0` - Allows Boundary to pass the worker's URL. -If Boundary returns a `1`, it means the worker is healthy. +If the command prints 1 to `stdout` or exits with exit code 0, it means the worker is healthy. Exit code > 0, is unhealthy You can also use the following command without `grep -c 'READY'` to print a more verbose response that includes the worker's state, active session count, and connection state: From 5a51120e05143a041a0f7bb68d33a75547ea612b Mon Sep 17 00:00:00 2001 From: Dan Heath <76443935+Dan-Heath@users.noreply.github.com> Date: Thu, 22 Aug 2024 20:48:15 +0000 Subject: [PATCH 11/11] backport of commit aefbab83fbed1f902ea3e2d436a9cd8bfc5a184c --- website/content/docs/operations/health.mdx | 4 ++-- website/content/docs/release-notes/v0_16_0.mdx | 4 ++-- website/content/docs/release-notes/v0_17_0.mdx | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/website/content/docs/operations/health.mdx b/website/content/docs/operations/health.mdx index 6854d1c383..3144f5c19d 100644 --- a/website/content/docs/operations/health.mdx +++ b/website/content/docs/operations/health.mdx @@ -38,7 +38,7 @@ All responses return empty bodies. `GET /health` does not support any input. ## Check the health endpoint using `wget` -The Boundary Enterprise Docker image includes `wget`. It is also available to HCP Boundary users. You can use it to check the health endpoint. +The Boundary Docker image includes `wget`. You can use it to check the health endpoint. Enterprise and Community edition users can check the health of controllers and workers. HCP Boundary users can check the health of their self-managed workers. Use the following command to check a worker's status to determine if it is healthy: @@ -49,7 +49,7 @@ $ wget -q -O - http://localhost:9203/health?worker_info=1 | grep -c 'READY' - `-q` - Prints the response instead of saving it to a file. - `-0` - Allows Boundary to pass the worker's URL. -If the command prints 1 to `stdout` or exits with exit code 0, it means the worker is healthy. Exit code > 0, is unhealthy +If the command prints 1 to `stdout` or exits with exit code 0, it means the worker is healthy. If the exit code is greater than 0, the worker is unhealthy. You can also use the following command without `grep -c 'READY'` to print a more verbose response that includes the worker's state, active session count, and connection state: diff --git a/website/content/docs/release-notes/v0_16_0.mdx b/website/content/docs/release-notes/v0_16_0.mdx index 760436681f..c78c61ae6c 100644 --- a/website/content/docs/release-notes/v0_16_0.mdx +++ b/website/content/docs/release-notes/v0_16_0.mdx @@ -36,7 +36,7 @@ description: |- Docker image no longer contains curl - As of version 0.16.3 and later, the curl binary is no longer included in the published Docker container image for Boundary Enterprise. The image now includes wget, which you can alternatively use to check the health endpoint for a worker. If your workflow depends on having curl in the image, you can dynamically install it using apk. + As of version 0.16.3 and later, the curl binary is no longer included in the published Docker container image for Boundary. The image now includes wget, which you can alternatively use to check the health endpoint for a worker. If your workflow depends on having curl in the image, you can dynamically install it using apk.

Learn more:  Known issues and breaking changes @@ -257,7 +257,7 @@ description: |- Docker image no longer contains curl - As of version 0.16.3 and later, the curl binary is no longer included in the published Docker container image for Boundary Enterprise. + As of version 0.16.3 and later, the curl binary is no longer included in the published Docker container image for Boundary.

The image now includes wget. You can use wget to check the health endpoint for workers.

diff --git a/website/content/docs/release-notes/v0_17_0.mdx b/website/content/docs/release-notes/v0_17_0.mdx index d89d7baa5d..0ffe2889a2 100644 --- a/website/content/docs/release-notes/v0_17_0.mdx +++ b/website/content/docs/release-notes/v0_17_0.mdx @@ -36,7 +36,7 @@ description: |- Docker image no longer contains curl - As of version 0.17.1 and later, the curl binary is no longer included in the published Docker container image for Boundary Enterprise. The image now includes wget, which you can alternatively use to check the health endpoint for a worker. If your workflow depends on having curl in the image, you can dynamically install it using apk. + As of version 0.17.1 and later, the curl binary is no longer included in the published Docker container image for Boundary. The image now includes wget, which you can alternatively use to check the health endpoint for a worker. If your workflow depends on having curl in the image, you can dynamically install it using apk.

Learn more:  Known issues and breaking changes @@ -166,7 +166,7 @@ description: |- Docker image no longer contains curl - As of version 0.17.1 and later, the curl binary is no longer included in the published Docker container image for Boundary Enterprise. + As of version 0.17.1 and later, the curl binary is no longer included in the published Docker container image for Boundary.

The image now includes wget. You can use wget to check the health endpoint for workers.