DockerInit » History » Version 10
cryptogopher, 2022-04-28 22:59
| 1 | 1 | cryptogopher | h1. Container @init@ process |
|---|---|---|---|
| 2 | |||
| 3 | 6 | cryptogopher | h2. Problem |
| 4 | |||
| 5 | 5 | cryptogopher | To enable running multiple processes, containers require process/service management. This is normally provided by some kind of @init@ task (e.g. from @sysvinit@). |
| 6 | 2 | cryptogopher | |
| 7 | 8 | cryptogopher | There are Docker-compatible replacements for full-fledged @init@'s. Unfortunately they require either custom init scripts or service configurations (https://wiki.gentoo.org/wiki/Comparison_of_init_systems). The process of migration from OS-provided OpenRC init scripts is time consuming and error prone. |
| 8 | 2 | cryptogopher | |
| 9 | Usage of system's default @sysvinit@ is hampered by following shortcomings: |
||
| 10 | * it mostly does not respond to Unix signals, which are used by Docker to manage containers (most importantly: signal termination), |
||
| 11 | 10 | cryptogopher | * it does not stop properly on when Docker requests container to stop |
| 12 | ** attempt to stop container with @init@ as PID 1 ends with error code 137: |
||
| 13 | 2 | cryptogopher | <pre> |
| 14 | 3 | cryptogopher | CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES |
| 15 | 1 | cryptogopher | b755c0f1b1d8 gentoo-base "/sbin/init" About a minute ago Exited (137) 9 seconds ago gentoo-base |
| 16 | 2 | cryptogopher | </pre> |
| 17 | 10 | cryptogopher | ** when invoking @shutdown@ from within container, @init@ process remains running afterwards, keeping container in running state: |
| 18 | 2 | cryptogopher | <pre> |
| 19 | # docker-compose top |
||
| 20 | gentoo-base |
||
| 21 | UID PID PPID C STIME TTY TIME CMD |
||
| 22 | ---------------------------------------------------------- |
||
| 23 | root 3510 3489 0 17:40 ? 00:00:00 init [0] |
||
| 24 | </pre> |
||
| 25 | |||
| 26 | 6 | cryptogopher | h2. Solution |
| 27 | 1 | cryptogopher | |
| 28 | 4 | cryptogopher | Nevertheless it is possible to use @sysvinit@ inside Docker container as an @init@ process. Required steps are following: |
| 29 | 1 | cryptogopher | |
| 30 | 7 | cryptogopher | h3. 1. Change @sysvinit@ to exit @init@ process on hard shutdown (runlevel 0) with following patch |
| 31 | |||
| 32 | 3 | cryptogopher | <pre><code class="diff"> |
| 33 | --- sysvinit-3.01/src/init.c 2021-12-13 20:21:26.000000000 +0100 |
||
| 34 | +++ sysvinit-3.01/src/init.c 2022-04-18 01:21:47.966751774 +0200 |
||
| 35 | @@ -2367,6 +2367,11 @@ |
||
| 36 | read_inittab(); |
||
| 37 | fail_cancel(); |
||
| 38 | setproctitle("init [%c]", (int)runlevel); |
||
| 39 | + |
||
| 40 | + /* |
||
| 41 | + * Exit on halt - causes Docker container to stop. |
||
| 42 | 9 | cryptogopher | + */ |
| 43 | 3 | cryptogopher | + if (runlevel == '0') exit(0); |
| 44 | } |
||
| 45 | } |
||
| 46 | Write_Runlevel_Log(runlevel); |
||
| 47 | 1 | cryptogopher | </code></pre> |
| 48 | |||
| 49 | 4 | cryptogopher | On Gentoo it's enough to put this patch inside _/etc/portage/patches/sys-apps/sysvinit/exit-on-halt.patch_ and reemerge @sysvinit@. |
| 50 | |||
| 51 | 7 | cryptogopher | h3. 2. Change Docker signal for container termination to SIGINT and set appropriate action in @inittab@ |
| 52 | 4 | cryptogopher | |
| 53 | Container's _docker-compose.yml_: |
||
| 54 | <pre> |
||
| 55 | services: |
||
| 56 | gentoo-base: |
||
| 57 | ... |
||
| 58 | stop_signal: SIGINT |
||
| 59 | </pre> |
||
| 60 | |||
| 61 | _/etc/inittab_ inside container - replace reboot action with shutdown: |
||
| 62 | <pre> |
||
| 63 | # What to do at the "Three Finger Salute". |
||
| 64 | ca:12345:ctrlaltdel:/sbin/shutdown -h now |
||
| 65 | </pre> |