From d8e76090b71422b611013d26e5d6104962f870c7 Mon Sep 17 00:00:00 2001 From: Wesley Coakley Date: Tue, 8 Jun 2021 23:50:43 -0400 Subject: [PATCH] docker: Use tini unilaterally and stop tailing /dev/null tini is a hyper-minimal PID 0 which spawns a child process (watchfrr.sh in our case), reaps zombies and forwards signals to the script. Starting watchfrr.sh directly instead of through the old `tail /dev/null` or `sleep 365d` helps keep things clean too :) While tini was previously only used in the Alpine container it is useful to apply this PID 0 to all containers except the special CI ones. Fixes: #8788 Signed-off-by: Wesley Coakley --- docker/alpine/Dockerfile | 11 ++++++++++- docker/alpine/docker-start | 14 +++----------- docker/centos-7/Dockerfile | 16 +++++++++++++++- docker/centos-7/docker-start | 14 +++----------- docker/centos-8/Dockerfile | 16 +++++++++++++++- docker/centos-8/docker-start | 11 +++-------- docker/debian/Dockerfile | 16 ++++++++++++---- docker/debian/docker-start | 14 +++----------- 8 files changed, 64 insertions(+), 48 deletions(-) diff --git a/docker/alpine/Dockerfile b/docker/alpine/Dockerfile index cb2b3eb69e..8fc36c0e5f 100644 --- a/docker/alpine/Dockerfile +++ b/docker/alpine/Dockerfile @@ -55,5 +55,14 @@ RUN apk add \ --no-cache \ --allow-untrusted /pkgs/apk/*/*.apk \ && rm -rf /pkgs + +# Own the config / PID files +RUN mkdir -p /var/run/frr +RUN chown -R frr:frr /etc/frr /var/run/frr + +# Simple init manager for reaping processes and forwarding signals +ENTRYPOINT ["/sbin/tini", "--"] + +# Default CMD starts watchfrr COPY docker/alpine/docker-start /usr/lib/frr/docker-start -CMD [ "/sbin/tini", "--", "/usr/lib/frr/docker-start" ] +CMD ["/usr/lib/frr/docker-start"] diff --git a/docker/alpine/docker-start b/docker/alpine/docker-start index 3f7737d3bf..c20df42e8e 100755 --- a/docker/alpine/docker-start +++ b/docker/alpine/docker-start @@ -1,12 +1,4 @@ -#!/bin/sh +#!/bin/ash -set -e - -## -# For volume mounts... -## -chown -R frr:frr /etc/frr || true -/usr/lib/frr/frrinit.sh start - -# Sleep forever -exec tail -f /dev/null +source /usr/lib/frr/frrcommon.sh +/usr/lib/frr/watchfrr $(daemon_list) diff --git a/docker/centos-7/Dockerfile b/docker/centos-7/Dockerfile index 748b5345a1..303a33fe4a 100644 --- a/docker/centos-7/Dockerfile +++ b/docker/centos-7/Dockerfile @@ -39,5 +39,19 @@ COPY --from=centos-7-builder /rpmbuild/RPMS/ /pkgs/rpm/ RUN yum install -y /pkgs/rpm/*/*.rpm \ && rm -rf /pkgs + +# Own the config / PID files +RUN mkdir -p /var/run/frr +RUN chown -R frr:frr /etc/frr /var/run/frr + +# Add tini because no CentOS7 package +ENV TINI_VERSION v0.19.0 +ADD https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini /sbin/tini +RUN chmod +x /sbin/tini + +# Simple init manager for reaping processes and forwarding signals +ENTRYPOINT ["/sbin/tini", "--"] + +# Default CMD starts watchfrr COPY docker/centos-7/docker-start /usr/lib/frr/docker-start -CMD [ "/usr/lib/frr/docker-start" ] +CMD ["/usr/lib/frr/docker-start"] diff --git a/docker/centos-7/docker-start b/docker/centos-7/docker-start index a3913245b6..d954142ab9 100755 --- a/docker/centos-7/docker-start +++ b/docker/centos-7/docker-start @@ -1,12 +1,4 @@ -#!/bin/sh +#!/bin/bash -set -e - -## -# Change owner for docker volume mount -## -chown -R frr:frr /etc/frr -/usr/lib/frr/frrinit.sh start - -# Sleep forever -exec tail -f /dev/null +source /usr/lib/frr/frrcommon.sh +/usr/lib/frr/watchfrr $(daemon_list) diff --git a/docker/centos-8/Dockerfile b/docker/centos-8/Dockerfile index e273be055b..8a0c28e13b 100644 --- a/docker/centos-8/Dockerfile +++ b/docker/centos-8/Dockerfile @@ -40,5 +40,19 @@ COPY --from=centos-8-builder /rpmbuild/RPMS/ /pkgs/rpm/ RUN yum install -y /pkgs/rpm/*/*.rpm \ && rm -rf /pkgs + +# Own the config / PID files +RUN mkdir -p /var/run/frr +RUN chown -R frr:frr /etc/frr /var/run/frr + +# Add tini because no CentOS8 package +ENV TINI_VERSION v0.19.0 +ADD https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini /sbin/tini +RUN chmod +x /sbin/tini + +# Simple init manager for reaping processes and forwarding signals +ENTRYPOINT ["/sbin/tini", "--"] + +# Default CMD starts watchfrr COPY docker/centos-8/docker-start /usr/lib/frr/docker-start -CMD [ "/usr/lib/frr/docker-start" ] +CMD ["/usr/lib/frr/docker-start"] diff --git a/docker/centos-8/docker-start b/docker/centos-8/docker-start index 935b22209e..d954142ab9 100755 --- a/docker/centos-8/docker-start +++ b/docker/centos-8/docker-start @@ -1,9 +1,4 @@ -#!/bin/sh +#!/bin/bash -set -e - -chown -R frr:frr /etc/frr -/usr/lib/frr/frrinit.sh start - -# Sleep forever -exec tail -f /dev/null +source /usr/lib/frr/frrcommon.sh +/usr/lib/frr/watchfrr $(daemon_list) diff --git a/docker/debian/Dockerfile b/docker/debian/Dockerfile index cc9217f103..7476e5fe3e 100644 --- a/docker/debian/Dockerfile +++ b/docker/debian/Dockerfile @@ -6,8 +6,8 @@ ENV APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE=DontWarn RUN apt-get update && \ apt-get install -y libpcre3-dev apt-transport-https ca-certificates curl wget logrotate \ - libc-ares2 libjson-c3 vim procps libreadline7 gnupg2 lsb-release apt-utils && \ - rm -rf /var/lib/apt/lists/* + libc-ares2 libjson-c3 vim procps libreadline7 gnupg2 lsb-release apt-utils \ + tini && rm -rf /var/lib/apt/lists/* RUN curl -s https://deb.frrouting.org/frr/keys.asc | apt-key add - RUN echo deb https://deb.frrouting.org/frr $(lsb_release -s -c) frr-stable | tee -a /etc/apt/sources.list.d/frr.list @@ -16,5 +16,13 @@ RUN apt-get update && \ apt-get install -y frr frr-pythontools && \ rm -rf /var/lib/apt/lists/* -ADD docker-start /usr/sbin/docker-start -CMD ["/usr/sbin/docker-start"] +# Own the config / PID files +RUN mkdir -p /var/run/frr +RUN chown -R frr:frr /etc/frr /var/run/frr + +# Simple init manager for reaping processes and forwarding signals +ENTRYPOINT ["/usr/bin/tini", "--"] + +# Default CMD starts watchfrr +COPY docker-start /usr/lib/frr/docker-start +CMD ["/usr/lib/frr/docker-start"] diff --git a/docker/debian/docker-start b/docker/debian/docker-start index a0f31f5ac5..d954142ab9 100755 --- a/docker/debian/docker-start +++ b/docker/debian/docker-start @@ -1,12 +1,4 @@ -#!/bin/sh +#!/bin/bash -set -e - -## -# For volume mounts... -## -chown -R frr:frr /etc/frr -/etc/init.d/frr start - -# Sleep forever -exec tail -f /dev/null +source /usr/lib/frr/frrcommon.sh +/usr/lib/frr/watchfrr $(daemon_list) -- 2.39.5