From 4b9e4a3ac71174c8f172da479a21bec9994f533f Mon Sep 17 00:00:00 2001 From: Andrey Arapov Date: Thu, 22 Aug 2024 11:46:38 +0200 Subject: [PATCH] fix(base-ssh,ssh-ubuntu): use tini for zombie reaping and signal handling (#565) Use tini as an init system to manage orphaned child processes, ensuring they don't become zombie (defunct) processes by reaping (cleaning up) them when their parent process doesn't. Tini will also correctly handle signals like SIGTERM (15), allowing child processes to terminate gracefully within the allotted time, rather than being forcefully killed with SIGKILL after a 15-second timeout. --- base-ssh/Dockerfile.centos | 12 ++++++++++-- base-ssh/Dockerfile.debian | 12 ++++++++++-- base-ssh/Dockerfile.suse | 12 ++++++++++-- base-ssh/Dockerfile.ubuntu | 12 ++++++++++-- ssh-ubuntu/Dockerfile.ubuntu | 12 ++++++++++-- 5 files changed, 50 insertions(+), 10 deletions(-) diff --git a/base-ssh/Dockerfile.centos b/base-ssh/Dockerfile.centos index c43db92d..41edce77 100644 --- a/base-ssh/Dockerfile.centos +++ b/base-ssh/Dockerfile.centos @@ -13,8 +13,16 @@ RUN dnf -y update && \ COPY ssh-entrypoint.sh /usr/local/bin/init.sh RUN chmod +x /usr/local/bin/init.sh -ENTRYPOINT ["/usr/local/bin/init.sh"] +# Use tini as an init system to manage orphaned child processes, ensuring they +# don't become zombie (defunct) processes by reaping (cleaning up) them when +# their parent process doesn't. +# Tini will also correctly handle signals like SIGTERM (15), allowing child +# processes to terminate gracefully within the allotted time, rather than +# being forcefully killed with SIGKILL after a 15-second timeout. +ADD https://github.com/krallin/tini/releases/download/v0.19.0/tini /tini +RUN chmod +x /tini +ENTRYPOINT ["/tini", "--", "/usr/local/bin/init.sh"] CMD ["tail", "-f", "/dev/null"] -EXPOSE 22 \ No newline at end of file +EXPOSE 22 diff --git a/base-ssh/Dockerfile.debian b/base-ssh/Dockerfile.debian index 28a99d25..4a11f9c7 100644 --- a/base-ssh/Dockerfile.debian +++ b/base-ssh/Dockerfile.debian @@ -10,8 +10,16 @@ RUN apt-get update; \ COPY ssh-entrypoint.sh /usr/local/bin/init.sh RUN chmod +x /usr/local/bin/init.sh -ENTRYPOINT ["/usr/local/bin/init.sh"] +# Use tini as an init system to manage orphaned child processes, ensuring they +# don't become zombie (defunct) processes by reaping (cleaning up) them when +# their parent process doesn't. +# Tini will also correctly handle signals like SIGTERM (15), allowing child +# processes to terminate gracefully within the allotted time, rather than +# being forcefully killed with SIGKILL after a 15-second timeout. +ADD https://github.com/krallin/tini/releases/download/v0.19.0/tini /tini +RUN chmod +x /tini +ENTRYPOINT ["/tini", "--", "/usr/local/bin/init.sh"] CMD ["tail", "-f", "/dev/null"] -EXPOSE 22 \ No newline at end of file +EXPOSE 22 diff --git a/base-ssh/Dockerfile.suse b/base-ssh/Dockerfile.suse index aa0f452a..eef9b2c9 100644 --- a/base-ssh/Dockerfile.suse +++ b/base-ssh/Dockerfile.suse @@ -14,8 +14,16 @@ RUN mkdir -p /run/sshd && \ COPY ssh-entrypoint.sh /usr/local/bin/init.sh RUN chmod +x /usr/local/bin/init.sh -ENTRYPOINT ["/usr/local/bin/init.sh"] +# Use tini as an init system to manage orphaned child processes, ensuring they +# don't become zombie (defunct) processes by reaping (cleaning up) them when +# their parent process doesn't. +# Tini will also correctly handle signals like SIGTERM (15), allowing child +# processes to terminate gracefully within the allotted time, rather than +# being forcefully killed with SIGKILL after a 15-second timeout. +ADD https://github.com/krallin/tini/releases/download/v0.19.0/tini /tini +RUN chmod +x /tini +ENTRYPOINT ["/tini", "--", "/usr/local/bin/init.sh"] CMD ["tail", "-f", "/dev/null"] -EXPOSE 22 \ No newline at end of file +EXPOSE 22 diff --git a/base-ssh/Dockerfile.ubuntu b/base-ssh/Dockerfile.ubuntu index 8ad2d8f7..1ea53c19 100644 --- a/base-ssh/Dockerfile.ubuntu +++ b/base-ssh/Dockerfile.ubuntu @@ -10,8 +10,16 @@ RUN apt-get update; \ COPY ssh-entrypoint.sh /usr/local/bin/init.sh RUN chmod +x /usr/local/bin/init.sh -ENTRYPOINT ["/usr/local/bin/init.sh"] +# Use tini as an init system to manage orphaned child processes, ensuring they +# don't become zombie (defunct) processes by reaping (cleaning up) them when +# their parent process doesn't. +# Tini will also correctly handle signals like SIGTERM (15), allowing child +# processes to terminate gracefully within the allotted time, rather than +# being forcefully killed with SIGKILL after a 15-second timeout. +ADD https://github.com/krallin/tini/releases/download/v0.19.0/tini /tini +RUN chmod +x /tini +ENTRYPOINT ["/tini", "--", "/usr/local/bin/init.sh"] CMD ["tail", "-f", "/dev/null"] -EXPOSE 22 \ No newline at end of file +EXPOSE 22 diff --git a/ssh-ubuntu/Dockerfile.ubuntu b/ssh-ubuntu/Dockerfile.ubuntu index 8ad2d8f7..1ea53c19 100644 --- a/ssh-ubuntu/Dockerfile.ubuntu +++ b/ssh-ubuntu/Dockerfile.ubuntu @@ -10,8 +10,16 @@ RUN apt-get update; \ COPY ssh-entrypoint.sh /usr/local/bin/init.sh RUN chmod +x /usr/local/bin/init.sh -ENTRYPOINT ["/usr/local/bin/init.sh"] +# Use tini as an init system to manage orphaned child processes, ensuring they +# don't become zombie (defunct) processes by reaping (cleaning up) them when +# their parent process doesn't. +# Tini will also correctly handle signals like SIGTERM (15), allowing child +# processes to terminate gracefully within the allotted time, rather than +# being forcefully killed with SIGKILL after a 15-second timeout. +ADD https://github.com/krallin/tini/releases/download/v0.19.0/tini /tini +RUN chmod +x /tini +ENTRYPOINT ["/tini", "--", "/usr/local/bin/init.sh"] CMD ["tail", "-f", "/dev/null"] -EXPOSE 22 \ No newline at end of file +EXPOSE 22