Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add tini to allow termination signal handling #3320

Draft
wants to merge 5 commits into
base: main
Choose a base branch
from
Draft

Add tini to allow termination signal handling #3320

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
86ae4f1
Add tini to allow termination signal handling
Mar 16, 2023
6d36279
Download arch-specific tini binary, update perms
shikharbhardwaj Apr 29, 2023
0e28a5b
Update entrypoint script to remove shell from the process tree
shikharbhardwaj Apr 29, 2023
e31832a
Merge branch 'main' into add-tini-pid1
shikharbhardwaj Apr 29, 2023
5c6669c
Merge branch 'main' into add-tini-pid1
shikharbhardwaj May 18, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 6 additions & 1 deletion docker/release/dockerfiles/opensearch-dashboards.al2.dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -52,12 +52,17 @@ FROM amazonlinux:2
ARG UID=1000
ARG GID=1000
ARG OPENSEARCH_DASHBOARDS_HOME=/usr/share/opensearch-dashboards
ENV TINI_VERSION=v0.19.0

# Update packages
# Install the tools we need: tar and gzip to unpack the OpenSearch tarball, and shadow-utils to give us `groupadd` and `useradd`.
# Install which to allow running of securityadmin.sh
RUN yum update -y && yum install -y tar gzip shadow-utils which && yum clean all

# Add tini to use as init (PID1) process.
ADD https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini /bin/tini
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This wont work as this download is only the x64 version, will crash on the arm64 here.

tini: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 2.6.32, BuildID[sha1]=a3f773dca5734fef07e2ea80c0450b3c60bbaf74, stripped

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Need code to handle download for x64 vs arm64.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Updated the download source according to the TARGETARCH supplied by docker

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

TARGETARCH seems only support multi-arch building?
Tried on the single arch build script and it could not figure out arch.
https://docs.docker.com/desktop/extensions-sdk/extensions/multi-arch/#adding-multi-arch-binaries


Step 20/39 : ADD https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini-${TARGETARCH} /bin/tini
ADD failed: failed to GET https://github.com/krallin/tini/releases/download/v0.19.0/tini- with status 404 Not Found: <!DOCTYPE html>
<html lang="en" data-color-mode="auto" data-light-theme="light" data-dark-theme="dark" data-a11y-animated-images="system">

Although we release for multi-arch we also want to support single-arch if people want to build in their local.
Probably add this in the build-image-single-arch.sh?

--build-arg TARGETARCH=${arch_uname}

RUN chmod +x /bin/tini
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I kinda prefer to not make it globally available, and add full path in the entrypoint.
Tho I am not strongly against it.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

probably use 755 specifically instead of +x so it is precise?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sounds good, updated the chmod to 755. Open to path suggestions where we can keep this binary

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As of path, just use WORKDIR? It is the home dir of os or osd on docker.
So instead of using /bin/tini just use ./tini?


# Install Reporting dependencies
RUN yum install -y libnss3.so xorg-x11-fonts-100dpi xorg-x11-fonts-75dpi xorg-x11-utils xorg-x11-fonts-cyrillic xorg-x11-fonts-Type1 xorg-x11-fonts-misc fontconfig freetype && yum clean all

Expand Down Expand Up @@ -93,5 +98,5 @@ LABEL org.label-schema.schema-version="1.0" \
org.label-schema.build-date="$BUILD_DATE"

# CMD to run
ENTRYPOINT ["./opensearch-dashboards-docker-entrypoint.sh"]
ENTRYPOINT ["tini", "--", "./opensearch-dashboards-docker-entrypoint.sh"]
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is it possible to use ENTRYPOINT + CMD together?


ENTRYPOINT ["/tini", "--"]

# Run your program under Tini
CMD ["/your/program", "-and", "-its", "arguments"]

Copy link
Author

@shikharbhardwaj shikharbhardwaj Apr 29, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not sure about this since this may change behavior for existing invocations, but AFAICS non-opensearch command invocations will just exec the supplied command with a couple of env var exports

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Seems like you add this now?

CMD ["opensearch-dashboards"]
7 changes: 6 additions & 1 deletion docker/release/dockerfiles/opensearch.al2.dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -54,12 +54,17 @@ FROM amazonlinux:2
ARG UID=1000
ARG GID=1000
ARG OPENSEARCH_HOME=/usr/share/opensearch
ENV TINI_VERSION=v0.19.0

# Update packages
# Install the tools we need: tar and gzip to unpack the OpenSearch tarball, and shadow-utils to give us `groupadd` and `useradd`.
# Install which to allow running of securityadmin.sh
RUN yum update -y && yum install -y tar gzip shadow-utils which && yum clean all

# Add tini to use as init (PID1) process.
ADD https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini /bin/tini
RUN chmod +x /bin/tini

# Create an opensearch user, group
RUN groupadd -g $GID opensearch && \
adduser -u $UID -g $GID -d $OPENSEARCH_HOME opensearch
Expand Down Expand Up @@ -107,5 +112,5 @@ LABEL org.label-schema.schema-version="1.0" \
org.label-schema.build-date="$BUILD_DATE"

# CMD to run
ENTRYPOINT ["./opensearch-docker-entrypoint.sh"]
ENTRYPOINT ["tini", "--", "./opensearch-docker-entrypoint.sh"]
CMD ["opensearch"]