From 6e9f8546952ef962b6644987b00909f4b6a08623 Mon Sep 17 00:00:00 2001 From: Bertrand Gouny Date: Fri, 4 May 2018 12:30:23 +0200 Subject: [PATCH 01/11] [twgit] Init hotfix 'hotfix-1.1.2'. From 386250d5da30d28ba827f7430832bbc4664cfbce Mon Sep 17 00:00:00 2001 From: Bertrand Gouny Date: Fri, 20 Jul 2018 16:07:11 +0200 Subject: [PATCH 02/11] cfssl update + traefik 1.6+ support --- CHANGELOG.md | 119 +++++++++++++----- Makefile | 2 +- README.md | 16 +-- example/multiple-process-image/Dockerfile | 2 +- example/single-process-image/Dockerfile | 2 +- .../:ssl-tools/assets/jsonssl-default-env | 2 +- .../:ssl-tools/assets/tool/jsonssl-helper | 7 ++ .../service-available/:ssl-tools/download.sh | 4 +- 8 files changed, 112 insertions(+), 42 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index fe4e41c2..170ba1f3 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,23 +1,41 @@ # Changelog -# 1.1.1 +## [1.1.2] - Unreleased +### Added + - jsonssl add support for traefik >= v1.6 acme.json file + +### Changed + - "traefik" JSONSSL_PROFILE be becomes "traefik_up_to_v1_6" + - "traefik" JSONSSL_PROFILE is now for traefik >= v1.6 acme.json file + - Upgrade CFSSL version to 1.3.2 + +## [1.1.1] - 2017-10-25 +### Changed - chmod 444 logrotate config files - - fix jsonssl-helper get traefik ca certificate on alpine -# 1.1.0 +### Fixed + - Fix jsonssl-helper get traefik ca certificate on alpine + +## [1.1.0] - 2017-07-19 +### Changed - Use debian stretch-slim as baseimage -## 1.0.0 - - run tool now use 2 environmen variable KILL_PROCESS_TIMEOUT and KILL_ALL_PROCESSES_TIMEOUT - - change default local to en_US.UTF-8 +## [1.0.0] - 2017-07-05 +### Added + - Run tool now use 2 environmen variable KILL_PROCESS_TIMEOUT and KILL_ALL_PROCESSES_TIMEOUT + +### Changed + - Default local to en_US.UTF-8 -## 0.2.6 +## [0.2.6] - 2016-11-06 +### Added - Add to the 'run' tool option --dont-touch-etc-hosts Don't add in /etc/hosts a line with the container ip and $HOSTNAME environment variable value. + +### Fixed - Fix wait-process script -## 0.2.5 - - Fix is_runit_installed check /usr/bin/sv instead of /sbin/runit #6 - - Upgrade cfssl 1.2.0 +## [0.2.5] - 2016-09-03 +### Added - Add ssl-helper that allow certificate auto-renew and let choose certificate generator (cfssl-helper default, or jsonssl-helper) - Add jsonssl-helper that get certificates from a json file @@ -25,32 +43,42 @@ --keepalived becomes --keepalive-force, --keepalive now only keep alive container if all startup files and process exited without error. + +### Changed + - Upgrade cfssl 1.2.0 - Change .yaml.startup and .json.startup files to .startup.yaml and .startup.json + +### Fixed + - Fix is_runit_installed check /usr/bin/sv instead of /sbin/runit #6 - Fix logrotate config -## 0.2.4 +## [0.2.4] - 2016-06-09 +### Changed - Periodic update of debian baseimage and packages -## 0.2.3 +## [0.2.3] - 2016-05-02 +### Changed - Periodic update of debian baseimage and packages -## 0.2.2 +## [0.2.2] - 2016-02-20 +### Fixed - Fix --copy-service error if /container/run/service already exists - Fix /container/run/startup.sh file detection if no other startup files exists - Fix set_env_hostname_to_etc_hosts() on container restart -## 0.2.1 +## [0.2.1] - 2016-01-25 +### Added - Add cfssl as available service to generate ssl certs - Warning: ssl-helper ssl-helper-openssl and ssl-helper-gnutls - have been removed - Add tag #PYTHON2BASH and #JSON2BASH to convert env var to bash - Add multiple env file importation - Add setup only env file - Add json env file support - Rename my_init to run (delete previous run script) - Add run tool option --copy-service that copy /container/service to /container/run/service on startup - - Remove run tool option --quiet - Add run tool option --loglevel (default : info) with possible values : none, error, warning, info, debug. + - Add bash log-helper + +### Changed - Container environment config directory /etc/container_environment moved to /container/environment - Container run environment is now saved in /container/run/environment - Container run environment bash export /etc/container_environment.sh moved to /container/run/environment.sh @@ -58,35 +86,70 @@ - Container runit process directory /etc/service moved to /container/run/process - Container startup script directory /etc/my_init.d/ moved to /container/run/startup - Container final startup script /etc/rc.local moved to /container/run/startup.sh - - Add bash log-helper - Rename install-multiple-process-stack to add-multiple-process-stack - Rename install-service-available to add-service-available -## 0.2.0 +### Removed + - ssl-helper ssl-helper-openssl and ssl-helper-gnutls + - Remove run tool option --quiet + +## [0.2.0] - 2015-12-16 +### Added + - Makefile with build no cache + +### Changed - Allow more easy image inheritance + +### Fixed - Fix cron NUMBER OF HARD LINKS > 1 - - Makefile with build no cache -## 0.1.5 + +## [0.1.5] - 2015-11-20 +### Fixed - Fix bug with host network -## 0.1.4 +## [0.1.4] - 2015-11-19 +### Added - Add run cmd arguments when it's a single process image + +### Changed - Remove bash from command when it's a single process image -## 0.1.3 +## [0.1.3] - 2015-11-06 +### Added - Add hostname env variable to /etc/hosts to make the image more friendly with kubernetes again :) -## 0.1.2 +## [0.1.2] - 2015-10-23 +### Added - Load env.yaml file from /container/environment directory to make the image more friendly with kubernetes secrets :) -## 0.1.1 - - Fix remove-service #1 +## [0.1.1] - 2015-08-18 +### Added - Add python and PyYAML + +### Fixed + - Fix remove-service #1 - Fix locales - Fix my_init -## 0.1.0 - - Initial release +## 0.1.0 - 2015-07-23 +Initial release + +[1.1.2]: https://github.com/osixia/docker-light-baseimage/compare/v1.1.1...v1.1.2 +[1.1.1]: https://github.com/osixia/docker-light-baseimage/compare/v1.1.0...v1.1.1 +[1.1.0]: https://github.com/osixia/docker-light-baseimage/compare/v1.0.0...v1.1.0 +[1.0.0]: https://github.com/osixia/docker-light-baseimage/compare/v0.2.2...v1.0.0 +[0.2.6]: https://github.com/osixia/docker-light-baseimage/compare/v0.2.5...v0.2.6 +[0.2.5]: https://github.com/osixia/docker-light-baseimage/compare/v0.2.4...v0.2.5 +[0.2.4]: https://github.com/osixia/docker-light-baseimage/compare/v0.2.3...v0.2.4 +[0.2.3]: https://github.com/osixia/docker-light-baseimage/compare/v0.2.2...v0.2.3 +[0.2.2]: https://github.com/osixia/docker-light-baseimage/compare/v0.2.1...v0.2.2 +[0.2.1]: https://github.com/osixia/docker-light-baseimage/compare/v0.2.0...v0.2.1 +[0.2.0]: https://github.com/osixia/docker-light-baseimage/compare/v0.1.5...v0.2.0 +[0.1.5]: https://github.com/osixia/docker-light-baseimage/compare/v0.1.4...v0.1.5 +[0.1.4]: https://github.com/osixia/docker-light-baseimage/compare/v0.1.3...v0.1.4 +[0.1.3]: https://github.com/osixia/docker-light-baseimage/compare/v0.1.2...v0.1.3 +[0.1.2]: https://github.com/osixia/docker-light-baseimage/compare/v0.1.1...v0.1.2 +[0.1.1]: https://github.com/osixia/docker-light-baseimage/compare/v0.1.0...v0.1.1 diff --git a/Makefile b/Makefile index 16117038..a4f2321f 100644 --- a/Makefile +++ b/Makefile @@ -1,5 +1,5 @@ NAME = osixia/light-baseimage -VERSION = 1.1.1 +VERSION = 1.1.2 .PHONY: build build-nocache test tag-latest push push-latest release git-tag-version diff --git a/README.md b/README.md index 56317e71..acff746d 100644 --- a/README.md +++ b/README.md @@ -6,7 +6,7 @@ [hub]: https://hub.docker.com/r/osixia/light-baseimage/ -Latest release: 1.1.1 (debian stretch) - 1.0.1 (debian jessie) [Changelog](CHANGELOG.md) +Latest release: 1.1.2 (debian stretch) - 1.0.1 (debian jessie) [Changelog](CHANGELOG.md) | [Docker Hub](https://hub.docker.com/r/osixia/light-baseimage/)  A Debian 9 (Stretch) based docker image to build reliable image quickly. This image provide a simple opinionated solution to build multiple or single process image with minimum of layers and an optimized build. @@ -143,7 +143,7 @@ In the Dockerfile we are going to: # Use osixia/light-baseimage # https://github.com/osixia/docker-light-baseimage - FROM osixia/light-baseimage:1.1.1 + FROM osixia/light-baseimage:1.1.2 MAINTAINER Your Name # Download nginx from apt-get and clean apt-get files @@ -386,7 +386,7 @@ In the Dockerfile we are going to: # Use osixia/light-baseimage # https://github.com/osixia/docker-light-baseimage - FROM osixia/light-baseimage:1.1.1 + FROM osixia/light-baseimage:1.1.2 MAINTAINER Your Name # Install multiple process stack, nginx and php7.0-fpm and clean apt-get files @@ -588,7 +588,7 @@ Here simple Dockerfile example how to add a service-available to an image: # Use osixia/light-baseimage # https://github.com/osixia/docker-light-baseimage - FROM osixia/light-baseimage:1.1.1 + FROM osixia/light-baseimage:1.1.2 MAINTAINER Your Name # Add cfssl and cron service-available @@ -658,7 +658,7 @@ What it does: *Run tool* takes several options, to list them: - docker run osixia/light-baseimage:1.1.1 --help + docker run osixia/light-baseimage:1.1.2 --help usage: run [-h] [-e] [-s] [-p] [-f] [-o {startup,process,finish}] [-c COMMAND [WHEN={startup,process,finish} ...]] [-k] [--wait-state FILENAME] [--wait-first-startup] [--keep-startup-env] @@ -769,7 +769,7 @@ If a main command is set for example: If a main command is set *run tool* launch it otherwise bash is launched. Example: - docker run -it osixia/light-baseimage:1.1.1 + docker run -it osixia/light-baseimage:1.1.2 ##### Extra environment variables @@ -845,8 +845,8 @@ Note this yaml definition: Can also be set by command line converted in python or json: - docker run -it --env FRUITS="#PYTHON2BASH:['orange','apple']" osixia/light-baseimage:1.1.1 printenv - docker run -it --env FRUITS="#JSON2BASH:[\"orange\",\"apple\"]" osixia/light-baseimage:1.1.1 printenv + docker run -it --env FRUITS="#PYTHON2BASH:['orange','apple']" osixia/light-baseimage:1.1.2 printenv + docker run -it --env FRUITS="#JSON2BASH:[\"orange\",\"apple\"]" osixia/light-baseimage:1.1.2 printenv ### Tests diff --git a/example/multiple-process-image/Dockerfile b/example/multiple-process-image/Dockerfile index a2820bae..339d1dc5 100644 --- a/example/multiple-process-image/Dockerfile +++ b/example/multiple-process-image/Dockerfile @@ -1,6 +1,6 @@ # Use osixia/light-baseimage # https://github.com/osixia/docker-light-baseimage -FROM osixia/light-baseimage:1.1.1 +FROM osixia/light-baseimage:1.1.2 MAINTAINER Your Name # Install multiple process stack, nginx and php7.0-fpm and clean apt-get files diff --git a/example/single-process-image/Dockerfile b/example/single-process-image/Dockerfile index 6e4f3f9c..20c42c75 100644 --- a/example/single-process-image/Dockerfile +++ b/example/single-process-image/Dockerfile @@ -1,6 +1,6 @@ # Use osixia/light-baseimage # https://github.com/osixia/docker-light-baseimage -FROM osixia/light-baseimage:1.1.1 +FROM osixia/light-baseimage:1.1.2 MAINTAINER Your Name # Download nginx from apt-get and clean apt-get files diff --git a/image/service-available/:ssl-tools/assets/jsonssl-default-env b/image/service-available/:ssl-tools/assets/jsonssl-default-env index ef5865d7..0aa00df9 100644 --- a/image/service-available/:ssl-tools/assets/jsonssl-default-env +++ b/image/service-available/:ssl-tools/assets/jsonssl-default-env @@ -3,7 +3,7 @@ JSONSSL_FILE_DEFAULT="${CONTAINER_SERVICE_DIR}/ssl-tools/assets/certs/certs.json JSONSSL_FILE=${JSONSSL_FILE:-} # don't set default immediatly because we print a warning in jsonssl-helper JSONSSL_HOSTNAME=${JSONSSL_HOSTNAME:-${HOSTNAME}} -JSONSSL_PROFILE=${JSONSSL_PROFILE:-} # traefik +JSONSSL_PROFILE=${JSONSSL_PROFILE:-} # traefik / traefik_up_to_v1_6 JSONSSL_GET_CA_CERT_CMD=${JSONSSL_GET_CA_CERT_CMD:-} JSONSSL_GET_CERT_CMD=${JSONSSL_GET_CERT_CMD:-} diff --git a/image/service-available/:ssl-tools/assets/tool/jsonssl-helper b/image/service-available/:ssl-tools/assets/tool/jsonssl-helper index f48b7aaf..35beec40 100755 --- a/image/service-available/:ssl-tools/assets/tool/jsonssl-helper +++ b/image/service-available/:ssl-tools/assets/tool/jsonssl-helper @@ -63,6 +63,13 @@ if [ ! -e "$CERT_FILE" ] && [ ! -e "$KEY_FILE" ]; then # So we took what's after the first cert. JSONSSL_GET_CA_CERT_CMD="awk '{if(found) print} /END CERTIFICATE/{found=1}' $CERT_FILE" + JSONSSL_GET_CERT_CMD="cat $JSONSSL_FILE | jq -r '[.Certificates[]] | map(select(.Domain.Main == \"$JSONSSL_HOSTNAME\")) | .[0].Certificate' | base64 -d" + JSONSSL_GET_KEY_CMD="cat $JSONSSL_FILE | jq -r '[.Certificates[]] | map(select(.Domain.Main == \"$JSONSSL_HOSTNAME\")) | .[0].Key' | base64 -d" + elif [ "${JSONSSL_PROFILE,,}" = "traefik_up_to_v1_6" ]; then + # Let's Encrypt CA certificate is in cert file after the domain certificate. + # So we took what's after the first cert. + JSONSSL_GET_CA_CERT_CMD="awk '{if(found) print} /END CERTIFICATE/{found=1}' $CERT_FILE" + JSONSSL_GET_CERT_CMD="cat $JSONSSL_FILE | jq -r '[.[\"DomainsCertificate\"].Certs[].Certificate] | map(select(.Domain == \"$JSONSSL_HOSTNAME\")) | .[0].Certificate' | base64 -d" JSONSSL_GET_KEY_CMD="cat $JSONSSL_FILE | jq -r '[.[\"DomainsCertificate\"].Certs[].Certificate] | map(select(.Domain == \"$JSONSSL_HOSTNAME\")) | .[0].PrivateKey' | base64 -d" fi diff --git a/image/service-available/:ssl-tools/download.sh b/image/service-available/:ssl-tools/download.sh index 15e41c01..740f84ea 100755 --- a/image/service-available/:ssl-tools/download.sh +++ b/image/service-available/:ssl-tools/download.sh @@ -18,11 +18,11 @@ fi LC_ALL=C DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends openssl jq echo "Download cfssl ..." -curl -o /usr/sbin/cfssl -SL https://pkg.cfssl.org/R1.2/cfssl_linux-amd64 +curl -o /usr/sbin/cfssl -SL https://github.com/osixia/cfssl/releases/download/1.3.2/cfssl_linux-amd64 chmod 700 /usr/sbin/cfssl echo "Download cfssljson ..." -curl -o /usr/sbin/cfssljson -SL https://pkg.cfssl.org/R1.2/cfssljson_linux-amd64 +curl -o /usr/sbin/cfssljson -SL https://github.com/osixia/cfssl/releases/download/1.3.2/cfssljson_linux-amd64 chmod 700 /usr/sbin/cfssljson echo "Project sources: https://github.com/cloudflare/cfssl" From 6c18697b87a9486eddeeb3a8f6a08c2d80c209e1 Mon Sep 17 00:00:00 2001 From: Bertrand Gouny Date: Tue, 7 Aug 2018 12:19:41 +0200 Subject: [PATCH 03/11] better sanitize_shenvname + my_init exits with 0 on SIGINT after runit is started --- CHANGELOG.md | 4 ++++ image/tool/run | 4 +--- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 170ba1f3..9a0e6db0 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -9,6 +9,10 @@ - "traefik" JSONSSL_PROFILE is now for traefik >= v1.6 acme.json file - Upgrade CFSSL version to 1.3.2 +### Fixed + - my_init exits with 0 on SIGINT after runit is started + - better sanitize_shenvname + ## [1.1.1] - 2017-10-25 ### Changed - chmod 444 logrotate config files diff --git a/image/tool/run b/image/tool/run index d2ed18ea..509a97dc 100755 --- a/image/tool/run +++ b/image/tool/run @@ -13,7 +13,7 @@ LOG_LEVEL_INFO = 3 LOG_LEVEL_DEBUG = 4 LOG_LEVEL_TRACE = 5 -SHENV_NAME_WHITELIST_REGEX = re.compile('[^\w\-_\.]') +SHENV_NAME_WHITELIST_REGEX = re.compile('\W') log_level = None @@ -622,8 +622,6 @@ def wait_for_process_or_interrupt(pid): try: status = waitpid_reap_other_children(pid) return (True, status) - except KeyboardInterrupt: - return (False, None) def run_process(args, background_process_name, background_process_command): background_process_pid = run_background_process(background_process_name,background_process_command) From 710e99bac41f362fd26184621e871d1cb1225b2d Mon Sep 17 00:00:00 2001 From: Bertrand Gouny Date: Tue, 7 Aug 2018 12:19:45 +0200 Subject: [PATCH 04/11] better sanitize_shenvname + my_init exits with 0 on SIGINT after runit is started --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 9a0e6db0..aad3a11b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -11,7 +11,7 @@ ### Fixed - my_init exits with 0 on SIGINT after runit is started - - better sanitize_shenvname + - better sanitize_shenvname ## [1.1.1] - 2017-10-25 ### Changed From 707380c6ccad2ddbf7fb2b3ae30cedf413488c57 Mon Sep 17 00:00:00 2001 From: Bertrand Gouny Date: Tue, 7 Aug 2018 13:34:18 +0200 Subject: [PATCH 05/11] my_init exits with 0 on SIGINT after runit is started --- image/tool/run | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/image/tool/run b/image/tool/run index 509a97dc..eb0411d7 100755 --- a/image/tool/run +++ b/image/tool/run @@ -619,9 +619,8 @@ def run_startup_files(args): run_command_killable_and_import_run_envvars([RUN_STARTUP_FINAL_FILE]) def wait_for_process_or_interrupt(pid): - try: - status = waitpid_reap_other_children(pid) - return (True, status) + status = waitpid_reap_other_children(pid) + return (True, status) def run_process(args, background_process_name, background_process_command): background_process_pid = run_background_process(background_process_name,background_process_command) From 78e6f92cffb9a1c6212d9a43029daec3ea70b689 Mon Sep 17 00:00:00 2001 From: Bertrand Gouny Date: Tue, 7 Aug 2018 16:06:43 +0200 Subject: [PATCH 06/11] cfssl 1.3.2 --- .../:ssl-tools/assets/tool/cfssl-helper | 35 +++++++++++++++---- 1 file changed, 29 insertions(+), 6 deletions(-) diff --git a/image/service-available/:ssl-tools/assets/tool/cfssl-helper b/image/service-available/:ssl-tools/assets/tool/cfssl-helper index 51681cdc..c79ddbe5 100755 --- a/image/service-available/:ssl-tools/assets/tool/cfssl-helper +++ b/image/service-available/:ssl-tools/assets/tool/cfssl-helper @@ -134,8 +134,29 @@ if [ ! -e "$CERT_FILE" ] && [ ! -e "$KEY_FILE" ]; then fi else - [[ -n "$CFSSL_CA_CERT" ]] && CA_CERT_PARAM="-ca $CFSSL_CA_CERT" - [[ -n "$CFSSL_CA_KEY" ]] && CA_KEY_PARAM="-ca-key $CFSSL_CA_KEY" + + # files path with : may cause issue with cfssl tools due to : + # ReadBytes - https://github.com/cloudflare/cfssl/blob/master/helpers/helpers.go#L573 + # : is used to split env from file path + # so we copy ca cert and key to tmp + if [ -n "$CFSSL_CA_CERT" ]; then + + CFSSL_CA_CERT_FILE="/tmp/ca-cert-file" + cp -f $CFSSL_CA_CERT $CFSSL_CA_CERT_FILE + chmod 644 $CFSSL_CA_CERT_FILE + + CA_CERT_PARAM="-ca $CFSSL_CA_CERT_FILE" + fi + + if [ -n "$CFSSL_CA_KEY" ]; then + + CFSSL_CA_KEY_FILE="/tmp/ca-key-file" + cp -f $CFSSL_CA_KEY $CFSSL_CA_KEY_FILE + chmod 600 $CFSSL_CA_CERT_FILE + + CA_KEY_PARAM="-ca-key $CFSSL_CA_KEY_FILE" + fi + fi if [ -n "$CFSSL_CONFIG_JSON" ]; then @@ -155,8 +176,8 @@ if [ ! -e "$CERT_FILE" ] && [ ! -e "$KEY_FILE" ]; then retry=0 while [ $retry -lt $CFSSL_RETRY ]; do - log-helper debug "cfssl $LOG_LEVEL_PARAM gencert $REMOTE_PARAM $CA_CERT_PARAM $CA_KEY_PARAM $CONFIG_PARAM $HOSTNAME_PARAM $PROFILE_PARAM $LABEL_PARAM $CSR_FILE | cfssljson -bare /tmp/$CERT_NAME" - cfssl $LOG_LEVEL_PARAM gencert $REMOTE_PARAM $CA_CERT_PARAM $CA_KEY_PARAM $CONFIG_PARAM $HOSTNAME_PARAM $PROFILE_PARAM $LABEL_PARAM $CSR_FILE | cfssljson -bare /tmp/$CERT_NAME && break + log-helper debug "cfssl gencert $LOG_LEVEL_PARAM $REMOTE_PARAM $CA_CERT_PARAM $CA_KEY_PARAM $CONFIG_PARAM $HOSTNAME_PARAM $PROFILE_PARAM $LABEL_PARAM $CSR_FILE | cfssljson -bare /tmp/$CERT_NAME" + cfssl gencert $LOG_LEVEL_PARAM $REMOTE_PARAM $CA_CERT_PARAM $CA_KEY_PARAM $CONFIG_PARAM $HOSTNAME_PARAM $PROFILE_PARAM $LABEL_PARAM $CSR_FILE | cfssljson -bare /tmp/$CERT_NAME && break sleep $CFSSL_RETRY_DELAY ((retry++)) done @@ -174,11 +195,11 @@ if [ ! -e "$CERT_FILE" ] && [ ! -e "$KEY_FILE" ]; then if [ -n "$CFSSL_REMOTE" ]; then log-helper debug "Get CA certificate from $CFSSL_REMOTE" - log-helper debug "cfssl $LOG_LEVEL_PARAM info $REMOTE_PARAM $CONFIG_PARAM $PROFILE_PARAM $LABEL_PARAM" + log-helper debug "cfssl info $LOG_LEVEL_PARAM $REMOTE_PARAM $CONFIG_PARAM $PROFILE_PARAM $LABEL_PARAM" retry=0 while [ $retry -lt $CFSSL_RETRY ]; do - cfssl $LOG_LEVEL_PARAM info $REMOTE_PARAM $CONFIG_PARAM $PROFILE_PARAM $LABEL_PARAM | sed -e "s/.*certificate\":\"\(.*-----\)\".*/\1/g" | sed 's/\\n/\n/g' > $CA_FILE && break + cfssl info $LOG_LEVEL_PARAM $REMOTE_PARAM $CONFIG_PARAM $PROFILE_PARAM $LABEL_PARAM | sed -e "s/.*certificate\":\"\(.*-----\)\".*/\1/g" | sed 's/\\n/\n/g' > $CA_FILE && break sleep $CFSSL_RETRY_DELAY log-helper debug "CA certificate returned save as $CA_FILE" ((retry++)) @@ -195,6 +216,8 @@ if [ ! -e "$CERT_FILE" ] && [ ! -e "$KEY_FILE" ]; then # delete tmp files rm -f /tmp/$CERT_NAME.csr $CONFIG_FILE $CSR_FILE + [[ -e "$CFSSL_CA_CERT_FILE" ]] && rm $CFSSL_CA_CERT_FILE + [[ -e "$CFSSL_CA_KEY_FILE" ]] && rm $CFSSL_CA_KEY_FILE log-helper debug "done :)" From a4b36f7d6325df5224cf0e7771fd3f0a6e28f294 Mon Sep 17 00:00:00 2001 From: Bertrand Gouny Date: Tue, 7 Aug 2018 16:07:52 +0200 Subject: [PATCH 07/11] fixes exit status --- CHANGELOG.md | 1 + image/tool/run | 5 +++++ 2 files changed, 6 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index aad3a11b..1639cd06 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -12,6 +12,7 @@ ### Fixed - my_init exits with 0 on SIGINT after runit is started - better sanitize_shenvname + - exit status ## [1.1.1] - 2017-10-25 ### Changed diff --git a/image/tool/run b/image/tool/run index eb0411d7..a36511ab 100755 --- a/image/tool/run +++ b/image/tool/run @@ -883,10 +883,13 @@ signal.signal(signal.SIGTERM, lambda signum, frame: ignore_signals_and_raise_key signal.signal(signal.SIGINT, lambda signum, frame: ignore_signals_and_raise_keyboard_interrupt('SIGINT')) signal.signal(signal.SIGALRM, lambda signum, frame: raise_alarm_exception()) +exit_code = 0 + try: main(args) except SystemExit as err: + exit_code = err.code if args.keepalive and err.code == 0: try: info("All process have exited without error, keep container alive...") @@ -919,3 +922,5 @@ finally: if args.kill_all_on_exit: kill_all_processes(KILL_ALL_PROCESSES_TIMEOUT) + + exit(exit_code) From 5126e791bc0210cbf32ad76ba10ca0bcd67aa2a1 Mon Sep 17 00:00:00 2001 From: Bertrand Gouny Date: Mon, 21 Jan 2019 13:41:47 +0100 Subject: [PATCH 08/11] catch copy-service errors --- CHANGELOG.md | 3 +++ image/tool/run | 6 +++++- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 1639cd06..97d58725 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,9 @@ ### Added - jsonssl add support for traefik >= v1.6 acme.json file +### Changed + - run: catch copy-service errors + ### Changed - "traefik" JSONSSL_PROFILE be becomes "traefik_up_to_v1_6" - "traefik" JSONSSL_PROFILE is now for traefik >= v1.6 acme.json file diff --git a/image/tool/run b/image/tool/run index a36511ab..7c54d08a 100755 --- a/image/tool/run +++ b/image/tool/run @@ -439,7 +439,11 @@ def copy_service_to_run_dir(): info("Copy "+IMPORT_SERVICE_DIR+" to "+RUN_SERVICE_DIR) - shutil.copytree(IMPORT_SERVICE_DIR, RUN_SERVICE_DIR) + try: + shutil.copytree(IMPORT_SERVICE_DIR, RUN_SERVICE_DIR) + except shutil.Error as e: + warning(e) + state_set_service_copied_to_run_dir() def state_set_service_copied_to_run_dir(): From 50392d7b97800ae6cafe45c19d4f30c067938f01 Mon Sep 17 00:00:00 2001 From: Bertrand Gouny Date: Fri, 22 Mar 2019 00:03:57 +0100 Subject: [PATCH 09/11] v1.1.2 --- CHANGELOG.md | 7 ++--- image/Dockerfile | 1 - .../assets/config/logrotate_syslogng | 18 ++++++------- .../:ssl-tools/assets/tool/ssl-helper | 2 +- .../assets/config/syslog-ng.conf | 14 ++++++---- .../process-syslog-forwarder.sh | 4 --- .../:syslog-ng-core/process.sh | 27 ++----------------- .../:syslog-ng-core/startup.sh | 19 ++++++++++--- image/tool/run | 4 +-- 9 files changed, 43 insertions(+), 53 deletions(-) delete mode 100755 image/service-available/:syslog-ng-core/process-syslog-forwarder.sh diff --git a/CHANGELOG.md b/CHANGELOG.md index 97d58725..e1310f34 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,13 +4,14 @@ ### Added - jsonssl add support for traefik >= v1.6 acme.json file -### Changed - - run: catch copy-service errors - ### Changed - "traefik" JSONSSL_PROFILE be becomes "traefik_up_to_v1_6" - "traefik" JSONSSL_PROFILE is now for traefik >= v1.6 acme.json file - Upgrade CFSSL version to 1.3.2 + - run: catch copy-service errors + - KILL_PROCESS_TIMEOUT and KILL_ALL_PROCESSES_TIMEOUT to 30 seconds + - make ssl-helper cron log to /proc/self/fd/1 and /proc/self/fd/2 + - syslog-ng config ### Fixed - my_init exits with 0 on SIGINT after runit is started diff --git a/image/Dockerfile b/image/Dockerfile index b57b3eae..0762141c 100644 --- a/image/Dockerfile +++ b/image/Dockerfile @@ -1,5 +1,4 @@ FROM debian:stretch-slim -MAINTAINER Bertrand Gouny COPY . /container RUN /container/build.sh diff --git a/image/service-available/:logrotate/assets/config/logrotate_syslogng b/image/service-available/:logrotate/assets/config/logrotate_syslogng index 26c47b9f..93d6b027 100644 --- a/image/service-available/:logrotate/assets/config/logrotate_syslogng +++ b/image/service-available/:logrotate/assets/config/logrotate_syslogng @@ -1,5 +1,4 @@ -/var/log/syslog -{ +/var/log/syslog { rotate 7 daily missingok @@ -7,8 +6,9 @@ delaycompress compress postrotate - sv reload /container/run/process/:syslog-ng-core > /dev/null - sv restart /container/run/process/:syslog-forwarder > /dev/null + if [ -f /var/run/syslog-ng.pid ]; then + kill -HUP `cat /var/run/syslog-ng.pid` + fi endscript } @@ -23,8 +23,7 @@ /var/log/lpr.log /var/log/cron.log /var/log/debug -/var/log/messages -{ +/var/log/messages { rotate 4 weekly missingok @@ -33,7 +32,8 @@ delaycompress sharedscripts postrotate - sv reload /container/run/process/:syslog-ng-core > /dev/null - sv restart /container/run/process/:syslog-forwarder > /dev/null + if [ -f /var/run/syslog-ng.pid ]; then + kill -HUP `cat /var/run/syslog-ng.pid` + fi endscript -} +} \ No newline at end of file diff --git a/image/service-available/:ssl-tools/assets/tool/ssl-helper b/image/service-available/:ssl-tools/assets/tool/ssl-helper index 65b1a3a5..f1f19469 100755 --- a/image/service-available/:ssl-tools/assets/tool/ssl-helper +++ b/image/service-available/:ssl-tools/assets/tool/ssl-helper @@ -91,7 +91,7 @@ if [ "${SSL_HELPER_AUTO_RENEW,,}" = "true" ]; then fi # add cron job - echo "$SSL_HELPER_AUTO_RENEW_CRON_EXP root /usr/sbin/ssl-auto-renew ${SSL_HELPER_TOOL,,} $PREFIX $CERT_FILE $KEY_FILE $CA_FILE \"$SSL_HELPER_AUTO_RENEW_SERVICES_IMPACTED\" \"$JSONSSL_FILE\" \"$SSL_HELPER_AUTO_RENEW_FROM_FILES\" \"$SSL_HELPER_AUTO_RENEW_CERT_FROM_FILE\" \"$SSL_HELPER_AUTO_RENEW_KEY_FROM_FILE\" \"$SSL_HELPER_AUTO_RENEW_CA_CERT_FROM_FILE\" > /proc/1/fd/1 2>/proc/1/fd/2" > /etc/cron.d/$PREFIX + echo "$SSL_HELPER_AUTO_RENEW_CRON_EXP root /usr/sbin/ssl-auto-renew ${SSL_HELPER_TOOL,,} $PREFIX $CERT_FILE $KEY_FILE $CA_FILE \"$SSL_HELPER_AUTO_RENEW_SERVICES_IMPACTED\" \"$JSONSSL_FILE\" \"$SSL_HELPER_AUTO_RENEW_FROM_FILES\" \"$SSL_HELPER_AUTO_RENEW_CERT_FROM_FILE\" \"$SSL_HELPER_AUTO_RENEW_KEY_FROM_FILE\" \"$SSL_HELPER_AUTO_RENEW_CA_CERT_FROM_FILE\" > /proc/self/fd/1 2>/proc/self/fd/2" > /etc/cron.d/$PREFIX chmod 600 /etc/cron.d/$PREFIX # disable auto-renew if it was added diff --git a/image/service-available/:syslog-ng-core/assets/config/syslog-ng.conf b/image/service-available/:syslog-ng-core/assets/config/syslog-ng.conf index 683a788e..d9b964c0 100644 --- a/image/service-available/:syslog-ng-core/assets/config/syslog-ng.conf +++ b/image/service-available/:syslog-ng-core/assets/config/syslog-ng.conf @@ -1,14 +1,13 @@ @version: 3.8 @include "scl.conf" -@include "`scl-root`/system/tty10.conf" # Syslog-ng configuration file, compatible with default Debian syslogd # installation. # First, set some global options. options { chain_hostnames(off); flush_lines(0); use_dns(no); use_fqdn(no); - owner("root"); group("adm"); perm(0640); stats_freq(0); - bad_hostname("^gconfd$"); + owner("root"); group("adm"); perm(0640); stats_freq(0); + bad_hostname("^gconfd$"); }; ######################## @@ -54,7 +53,7 @@ destination d_newscrit { file("/var/log/news/news.crit"); }; destination d_newserr { file("/var/log/news/news.err"); }; destination d_newsnotice { file("/var/log/news/news.notice"); }; -# Some catch-all logfiles. +# Some 'catch-all' logfiles. # destination d_debug { file("/var/log/debug"); }; destination d_error { file("/var/log/error"); }; @@ -74,6 +73,9 @@ destination d_xconsole { pipe("/dev/xconsole"); }; # Debian only destination d_ppp { file("/var/log/ppp.log"); }; +# stdout for docker +destination d_stdout { ##SYSLOG_OUTPUT_MODE_DEV_STDOUT##("/dev/stdout"); }; + ######################## # Filters ######################## @@ -119,7 +121,7 @@ log { source(s_src); filter(f_cron); destination(d_cron); }; log { source(s_src); filter(f_daemon); destination(d_daemon); }; log { source(s_src); filter(f_kern); destination(d_kern); }; log { source(s_src); filter(f_lpr); destination(d_lpr); }; -log { source(s_src); filter(f_syslog3); destination(d_syslog); }; +log { source(s_src); filter(f_syslog3); destination(d_syslog); destination(d_stdout); }; log { source(s_src); filter(f_user); destination(d_user); }; log { source(s_src); filter(f_uucp); destination(d_uucp); }; @@ -131,6 +133,8 @@ log { source(s_src); filter(f_mail); destination(d_mail); }; log { source(s_src); filter(f_news); filter(f_crit); destination(d_newscrit); }; log { source(s_src); filter(f_news); filter(f_err); destination(d_newserr); }; log { source(s_src); filter(f_news); filter(f_notice); destination(d_newsnotice); }; +#log { source(s_src); filter(f_cnews); destination(d_console_all); }; +#log { source(s_src); filter(f_cother); destination(d_console_all); }; #log { source(s_src); filter(f_ppp); destination(d_ppp); }; diff --git a/image/service-available/:syslog-ng-core/process-syslog-forwarder.sh b/image/service-available/:syslog-ng-core/process-syslog-forwarder.sh deleted file mode 100755 index 8ecbd5d6..00000000 --- a/image/service-available/:syslog-ng-core/process-syslog-forwarder.sh +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/sh -e -log-helper level eq trace && set -x - -exec tail -F -n 0 /var/log/syslog > /proc/1/fd/1 diff --git a/image/service-available/:syslog-ng-core/process.sh b/image/service-available/:syslog-ng-core/process.sh index 01e2f94e..c842af4a 100755 --- a/image/service-available/:syslog-ng-core/process.sh +++ b/image/service-available/:syslog-ng-core/process.sh @@ -1,32 +1,9 @@ #!/bin/sh -e log-helper level eq trace && set -x -# If /dev/log is either a named pipe or it was placed there accidentally, -# e.g. because of the issue documented at https://github.com/phusion/baseimage-docker/pull/25, -# then we remove it. -if [ ! -S /dev/log ]; then rm -f /dev/log; fi -if [ ! -S /var/lib/syslog-ng/syslog-ng.ctl ]; then rm -f /var/lib/syslog-ng/syslog-ng.ctl; fi - +PIDFILE="/var/run/syslog-ng.pid" SYSLOGNG_OPTS="" [ -r /etc/default/syslog-ng ] && . /etc/default/syslog-ng -case "x$CONSOLE_LOG_LEVEL" in - x[1-8]) - dmesg -n $CONSOLE_LOG_LEVEL - ;; - x) - ;; - *) - echo "CONSOLE_LOG_LEVEL is of unaccepted value." - ;; -esac - -if [ ! -e /dev/xconsole ] -then - mknod -m 640 /dev/xconsole p - chown root:adm /dev/xconsole - [ -x /sbin/restorecon ] && /sbin/restorecon $XCONSOLE -fi - -exec syslog-ng -F -p /var/run/syslog-ng.pid $SYSLOGNG_OPTS +exec /usr/sbin/syslog-ng --pidfile "$PIDFILE" -F $SYSLOGNG_OPTS diff --git a/image/service-available/:syslog-ng-core/startup.sh b/image/service-available/:syslog-ng-core/startup.sh index 56279ae2..76d66ac3 100755 --- a/image/service-available/:syslog-ng-core/startup.sh +++ b/image/service-available/:syslog-ng-core/startup.sh @@ -4,8 +4,21 @@ log-helper level eq trace && set -x ln -sf ${CONTAINER_SERVICE_DIR}/:syslog-ng-core/assets/config/syslog_ng_default /etc/default/syslog-ng ln -sf ${CONTAINER_SERVICE_DIR}/:syslog-ng-core/assets/config/syslog-ng.conf /etc/syslog-ng/syslog-ng.conf -## Install syslog to "docker logs" forwarder. -[ -d /container/run/process/:syslog-forwarder ] || mkdir -p /container/run/process/:syslog-forwarder -ln -sf ${CONTAINER_SERVICE_DIR}/:syslog-ng-core/process-syslog-forwarder.sh /container/run/process/:syslog-forwarder/run +# If /dev/log is either a named pipe or it was placed there accidentally, +# e.g. because of the issue documented at https://github.com/phusion/baseimage-docker/pull/25, +# then we remove it. +if [ ! -S /dev/log ]; then rm -f /dev/log; fi +if [ ! -S /var/lib/syslog-ng/syslog-ng.ctl ]; then rm -f /var/lib/syslog-ng/syslog-ng.ctl; fi + +# determine output mode on /dev/stdout because of the issue documented at https://github.com/phusion/baseimage-docker/issues/468 +if [ -p /dev/stdout ]; then + sed -i 's/##SYSLOG_OUTPUT_MODE_DEV_STDOUT##/pipe/' /etc/syslog-ng/syslog-ng.conf +else + sed -i 's/##SYSLOG_OUTPUT_MODE_DEV_STDOUT##/file/' /etc/syslog-ng/syslog-ng.conf +fi + +# If /var/log is writable by another user logrotate will fail +/bin/chown root:root /var/log +/bin/chmod 0755 /var/log exit 0 diff --git a/image/tool/run b/image/tool/run index 7c54d08a..556c65ff 100755 --- a/image/tool/run +++ b/image/tool/run @@ -3,8 +3,8 @@ import os, os.path, sys, stat, signal, errno, argparse, time, json, re, yaml, ast, socket, shutil, pwd, grp -KILL_PROCESS_TIMEOUT = int(os.environ.get('KILL_PROCESS_TIMEOUT', 5)) -KILL_ALL_PROCESSES_TIMEOUT = int(os.environ.get('KILL_ALL_PROCESSES_TIMEOUT', 5)) +KILL_PROCESS_TIMEOUT = int(os.environ.get('KILL_PROCESS_TIMEOUT', 30)) +KILL_ALL_PROCESSES_TIMEOUT = int(os.environ.get('KILL_ALL_PROCESSES_TIMEOUT', 30)) LOG_LEVEL_NONE = 0 LOG_LEVEL_ERROR = 1 From 4cff11bf9e3cfb2f9fb5e0981746e86bf982eb77 Mon Sep 17 00:00:00 2001 From: Bertrand Gouny Date: Fri, 22 Mar 2019 10:18:55 +0100 Subject: [PATCH 10/11] make ssl-auto-renew cron log with /usr/bin/logger -t cron_ssl_auto_renew --- CHANGELOG.md | 2 +- image/service-available/:ssl-tools/assets/tool/ssl-helper | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index e1310f34..f8f279f3 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -10,7 +10,7 @@ - Upgrade CFSSL version to 1.3.2 - run: catch copy-service errors - KILL_PROCESS_TIMEOUT and KILL_ALL_PROCESSES_TIMEOUT to 30 seconds - - make ssl-helper cron log to /proc/self/fd/1 and /proc/self/fd/2 + - make ssl-auto-renew cron log with /usr/bin/logger -t cron_ssl_auto_renew - syslog-ng config ### Fixed diff --git a/image/service-available/:ssl-tools/assets/tool/ssl-helper b/image/service-available/:ssl-tools/assets/tool/ssl-helper index f1f19469..311390a5 100755 --- a/image/service-available/:ssl-tools/assets/tool/ssl-helper +++ b/image/service-available/:ssl-tools/assets/tool/ssl-helper @@ -91,7 +91,7 @@ if [ "${SSL_HELPER_AUTO_RENEW,,}" = "true" ]; then fi # add cron job - echo "$SSL_HELPER_AUTO_RENEW_CRON_EXP root /usr/sbin/ssl-auto-renew ${SSL_HELPER_TOOL,,} $PREFIX $CERT_FILE $KEY_FILE $CA_FILE \"$SSL_HELPER_AUTO_RENEW_SERVICES_IMPACTED\" \"$JSONSSL_FILE\" \"$SSL_HELPER_AUTO_RENEW_FROM_FILES\" \"$SSL_HELPER_AUTO_RENEW_CERT_FROM_FILE\" \"$SSL_HELPER_AUTO_RENEW_KEY_FROM_FILE\" \"$SSL_HELPER_AUTO_RENEW_CA_CERT_FROM_FILE\" > /proc/self/fd/1 2>/proc/self/fd/2" > /etc/cron.d/$PREFIX + echo "$SSL_HELPER_AUTO_RENEW_CRON_EXP root /usr/sbin/ssl-auto-renew ${SSL_HELPER_TOOL,,} $PREFIX $CERT_FILE $KEY_FILE $CA_FILE \"$SSL_HELPER_AUTO_RENEW_SERVICES_IMPACTED\" \"$JSONSSL_FILE\" \"$SSL_HELPER_AUTO_RENEW_FROM_FILES\" \"$SSL_HELPER_AUTO_RENEW_CERT_FROM_FILE\" \"$SSL_HELPER_AUTO_RENEW_KEY_FROM_FILE\" \"$SSL_HELPER_AUTO_RENEW_CA_CERT_FROM_FILE\" 2>&1 | /usr/bin/logger -t cron_ssl_auto_renew" > /etc/cron.d/$PREFIX chmod 600 /etc/cron.d/$PREFIX # disable auto-renew if it was added From 97f08780e46fca9496a75db42e7c6863d725ac6d Mon Sep 17 00:00:00 2001 From: Bertrand Gouny Date: Fri, 5 Apr 2019 11:09:10 +0200 Subject: [PATCH 11/11] readme --- CHANGELOG.md | 2 +- README.md | 89 ++++++++++++++++++++++++++++------------------------ 2 files changed, 49 insertions(+), 42 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index f8f279f3..a4bf770c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,6 @@ # Changelog -## [1.1.2] - Unreleased +## [1.1.2] - 2019-04-05 ### Added - jsonssl add support for traefik >= v1.6 acme.json file diff --git a/README.md b/README.md index acff746d..09c139eb 100644 --- a/README.md +++ b/README.md @@ -6,7 +6,7 @@ [hub]: https://hub.docker.com/r/osixia/light-baseimage/ -Latest release: 1.1.2 (debian stretch) - 1.0.1 (debian jessie) [Changelog](CHANGELOG.md) +Latest release: 1.1.2 (debian stretch) - 1.0.2 (debian jessie) [Changelog](CHANGELOG.md) | [Docker Hub](https://hub.docker.com/r/osixia/light-baseimage/)  A Debian 9 (Stretch) based docker image to build reliable image quickly. This image provide a simple opinionated solution to build multiple or single process image with minimum of layers and an optimized build. @@ -18,46 +18,53 @@ Other base distribution are available: - [Ubuntu 16:04](https://github.com/osixia/docker-light-baseimage/tree/ubuntu) | [Docker Hub](https://hub.docker.com/r/osixia/ubuntu-light-baseimage/) | [![](https://images.microbadger.com/badges/image/osixia/ubuntu-light-baseimage.svg)](http://microbadger.com/images/osixia/ubuntu-light-baseimage "Get your own image badge on microbadger.com") Table of Contents -- [Contributing](#contributing) -- [Overview](#overview) -- [Quick Start](#quick-start) - - [Image directories structure](#image-directories-structure) - - [Service directory structure](#service-directory-structure) - - [Create a single process image](#create-a-single-process-image) - - [Overview](#create-a-single-process-image) - - [Dockerfile](#dockerfile) - - [Service files](#service-files) - - [Environment files](#environment-files) - - [Build and test](#build-and-test) - - [Create a multiple process image](#create-a-multiple-process-image) - - [Overview](#create-a-multiple-process-image) - - [Dockerfile](#dockerfile-1) - - [Service files](#service-files-1) - - [Build and test](#build-and-test-1) -- [Images Based On Light-Baseimage](#images-based-on-light-baseimage) -- [Image Assets](#image-assets) - - [Tools](#image-assets) - - [Services available](#services-available) -- [Advanced User Guide](#advanced-user-guide) - - [Service available](#service-available) - - [Fix docker mounted file problems](#fix-docker-mounted-file-problems) - - [Distribution packages documentation and locales](#distribution-packages-documentation-and-locales) - - [Mastering image tools](#mastering-image-tools) - - [run](#run) - - [Run command line options](#run-command-line-options) - - [Run directory setup](#run-directory-setup) - - [Startup files environment setup](#startup-files-environment-setup) - - [Startup files execution](#startup-files-execution) - - [ Process environment setup](#process-environment-setup) - - [Process execution](#process-execution) - - [Single process image](#single-process-image) - - [Multiple process image](#multiple-process-image) - - [No process image](#no-process-image) - - [Extra environment variables](#extra-environment-variables) - - [log-helper](#log-helper) - - [complex-bash-env](#complex-bash-env) - - [Tests](#tests) -- [Changelog](#changelog) +- [osixia/light-baseimage](#osixialight-baseimage) + - [Contributing](#contributing) + - [Overview](#overview) + - [Quick Start](#quick-start) + - [Image directories structure](#image-directories-structure) + - [Service directory structure](#service-directory-structure) + - [Create a single process image](#create-a-single-process-image) + - [Overview](#overview-1) + - [Dockerfile](#dockerfile) + - [Service files](#service-files) + - [startup.sh](#startupsh) + - [process.sh](#processsh) + - [Environment files](#environment-files) + - [default.yaml](#defaultyaml) + - [default.startup.yaml](#defaultstartupyaml) + - [Build and test](#build-and-test) + - [Overriding default environment files at run time:](#overriding-default-environment-files-at-run-time) + - [Create a multiple process image](#create-a-multiple-process-image) + - [Overview](#overview-2) + - [Dockerfile](#dockerfile-1) + - [Service files](#service-files-1) + - [install.sh](#installsh) + - [process.sh](#processsh-1) + - [Build and test](#build-and-test-1) + - [Images Based On Light-Baseimage](#images-based-on-light-baseimage) + - [Image Assets](#image-assets) + - [Tools](#tools) + - [Services available](#services-available) + - [Advanced User Guide](#advanced-user-guide) + - [Service available](#service-available) + - [Fix docker mounted file problems](#fix-docker-mounted-file-problems) + - [Distribution packages documentation and locales](#distribution-packages-documentation-and-locales) + - [Mastering image tools](#mastering-image-tools) + - [run](#run) + - [Run command line options](#run-command-line-options) + - [Run directory setup](#run-directory-setup) + - [Startup files environment setup](#startup-files-environment-setup) + - [Startup files execution](#startup-files-execution) + - [Process execution](#process-execution) + - [Single process image](#single-process-image) + - [Multiple process image](#multiple-process-image) + - [No process image](#no-process-image) + - [Extra environment variables](#extra-environment-variables) + - [log-helper](#log-helper) + - [complex-bash-env](#complex-bash-env) + - [Tests](#tests) + - [Changelog](#changelog) ## Contributing