docker: Use tini unilaterally and stop tailing /dev/null

tini is a hyper-minimal PID 0 which spawns a child process (watchfrr.sh
in our case), reaps zombies and forwards signals to the script. Starting
watchfrr.sh directly instead of through the old `tail /dev/null` or
`sleep 365d` helps keep things clean too :)

While tini was previously only used in the Alpine container it is useful
to apply this PID 0 to all containers except the special CI ones.

Fixes: #8788
Signed-off-by: Wesley Coakley <w@wesleycoakley.com>

8 files changed, 64 insertions, 48 deletions

diff --git a/docker/alpine/Dockerfile b/docker/alpine/Dockerfile
index cb2b3eb69e..8fc36c0e5f 100644
--- a/docker/alpine/Dockerfile
+++ b/docker/alpine/Dockerfile
@@ -55,5 +55,14 @@ RUN apk add \
 		--no-cache \
 		--allow-untrusted /pkgs/apk/*/*.apk \
 	&& rm -rf /pkgs
+
+# Own the config / PID files
+RUN mkdir -p /var/run/frr
+RUN chown -R frr:frr /etc/frr /var/run/frr
+
+# Simple init manager for reaping processes and forwarding signals
+ENTRYPOINT ["/sbin/tini", "--"]
+
+# Default CMD starts watchfrr
 COPY docker/alpine/docker-start /usr/lib/frr/docker-start
-CMD [ "/sbin/tini", "--", "/usr/lib/frr/docker-start" ]
+CMD ["/usr/lib/frr/docker-start"]
diff --git a/docker/alpine/docker-start b/docker/alpine/docker-start
index 3f7737d3bf..c20df42e8e 100755
--- a/docker/alpine/docker-start
+++ b/docker/alpine/docker-start
@@ -1,12 +1,4 @@
-#!/bin/sh
+#!/bin/ash
 
-set -e
-
-##
-# For volume mounts...
-##
-chown -R frr:frr /etc/frr || true
-/usr/lib/frr/frrinit.sh start
-
-# Sleep forever
-exec tail -f /dev/null
+source /usr/lib/frr/frrcommon.sh
+/usr/lib/frr/watchfrr $(daemon_list)
diff --git a/docker/centos-7/Dockerfile b/docker/centos-7/Dockerfile
index 748b5345a1..303a33fe4a 100644
--- a/docker/centos-7/Dockerfile
+++ b/docker/centos-7/Dockerfile
@@ -39,5 +39,19 @@ COPY --from=centos-7-builder /rpmbuild/RPMS/ /pkgs/rpm/
 
 RUN yum install -y /pkgs/rpm/*/*.rpm \
     && rm -rf /pkgs
+
+# Own the config / PID files
+RUN mkdir -p /var/run/frr
+RUN chown -R frr:frr /etc/frr /var/run/frr
+
+# Add tini because no CentOS7 package
+ENV TINI_VERSION v0.19.0
+ADD https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini /sbin/tini
+RUN chmod +x /sbin/tini
+
+# Simple init manager for reaping processes and forwarding signals
+ENTRYPOINT ["/sbin/tini", "--"]
+
+# Default CMD starts watchfrr
 COPY docker/centos-7/docker-start /usr/lib/frr/docker-start
-CMD [ "/usr/lib/frr/docker-start" ]
+CMD ["/usr/lib/frr/docker-start"]
diff --git a/docker/centos-7/docker-start b/docker/centos-7/docker-start
index a3913245b6..d954142ab9 100755
--- a/docker/centos-7/docker-start
+++ b/docker/centos-7/docker-start
@@ -1,12 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 
-set -e
-
-##
-# Change owner for docker volume mount
-##
-chown -R frr:frr /etc/frr
-/usr/lib/frr/frrinit.sh start
-
-# Sleep forever
-exec tail -f /dev/null
+source /usr/lib/frr/frrcommon.sh
+/usr/lib/frr/watchfrr $(daemon_list)
diff --git a/docker/centos-8/Dockerfile b/docker/centos-8/Dockerfile
index e273be055b..8a0c28e13b 100644
--- a/docker/centos-8/Dockerfile
+++ b/docker/centos-8/Dockerfile
@@ -40,5 +40,19 @@ COPY --from=centos-8-builder /rpmbuild/RPMS/ /pkgs/rpm/
 
 RUN yum install -y /pkgs/rpm/*/*.rpm \
     && rm -rf /pkgs
+
+# Own the config / PID files
+RUN mkdir -p /var/run/frr
+RUN chown -R frr:frr /etc/frr /var/run/frr
+
+# Add tini because no CentOS8 package
+ENV TINI_VERSION v0.19.0
+ADD https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini /sbin/tini
+RUN chmod +x /sbin/tini
+
+# Simple init manager for reaping processes and forwarding signals
+ENTRYPOINT ["/sbin/tini", "--"]
+
+# Default CMD starts watchfrr
 COPY docker/centos-8/docker-start /usr/lib/frr/docker-start
-CMD [ "/usr/lib/frr/docker-start" ]
+CMD ["/usr/lib/frr/docker-start"]
diff --git a/docker/centos-8/docker-start b/docker/centos-8/docker-start
index 935b22209e..d954142ab9 100755
--- a/docker/centos-8/docker-start
+++ b/docker/centos-8/docker-start
@@ -1,9 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 
-set -e
-
-chown -R frr:frr /etc/frr
-/usr/lib/frr/frrinit.sh start
-
-# Sleep forever
-exec tail -f /dev/null
+source /usr/lib/frr/frrcommon.sh
+/usr/lib/frr/watchfrr $(daemon_list)
diff --git a/docker/debian/Dockerfile b/docker/debian/Dockerfile
index cc9217f103..7476e5fe3e 100644
--- a/docker/debian/Dockerfile
+++ b/docker/debian/Dockerfile
@@ -6,8 +6,8 @@ ENV APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE=DontWarn
 
 RUN apt-get update && \
     apt-get install -y libpcre3-dev apt-transport-https ca-certificates curl wget logrotate \
-    libc-ares2 libjson-c3 vim procps libreadline7 gnupg2 lsb-release apt-utils && \
-    rm -rf /var/lib/apt/lists/*
+    libc-ares2 libjson-c3 vim procps libreadline7 gnupg2 lsb-release apt-utils \
+    tini && rm -rf /var/lib/apt/lists/*
 
 RUN curl -s https://deb.frrouting.org/frr/keys.asc | apt-key add -
 RUN echo deb https://deb.frrouting.org/frr $(lsb_release -s -c) frr-stable | tee -a /etc/apt/sources.list.d/frr.list
@@ -16,5 +16,13 @@ RUN apt-get update && \
     apt-get install -y frr frr-pythontools && \
     rm -rf /var/lib/apt/lists/*
 
-ADD docker-start /usr/sbin/docker-start
-CMD ["/usr/sbin/docker-start"]
+# Own the config / PID files
+RUN mkdir -p /var/run/frr
+RUN chown -R frr:frr /etc/frr /var/run/frr
+
+# Simple init manager for reaping processes and forwarding signals
+ENTRYPOINT ["/usr/bin/tini", "--"]
+
+# Default CMD starts watchfrr
+COPY docker-start /usr/lib/frr/docker-start
+CMD ["/usr/lib/frr/docker-start"]
diff --git a/docker/debian/docker-start b/docker/debian/docker-start
index a0f31f5ac5..d954142ab9 100755
--- a/docker/debian/docker-start
+++ b/docker/debian/docker-start
@@ -1,12 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 
-set -e
-
-##
-# For volume mounts...
-##
-chown -R frr:frr /etc/frr
-/etc/init.d/frr start
-
-# Sleep forever
-exec tail -f /dev/null
+source /usr/lib/frr/frrcommon.sh
+/usr/lib/frr/watchfrr $(daemon_list)