Mercurial > p > roundup > code
changeset 7308:24cbf3a41e8a
Use dumb-init in Dockerfile; chown tracker directory to proper uid
Use dumb-init so proceses started from Roundup get properly reaped if
they exit after the Roundup server instance.
Also chown the tracker mount directory to the specified uid/gid.
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Wed, 10 May 2023 17:53:47 -0400 |
| parents | aa024cdf9ffb |
| children | 577ffdb76754 |
| files | CHANGES.txt scripts/Docker/Dockerfile |
| diffstat | 2 files changed, 13 insertions(+), 5 deletions(-) [+] |
line wrap: on
line diff
--- a/CHANGES.txt Wed May 10 16:49:34 2023 -0400 +++ b/CHANGES.txt Wed May 10 17:53:47 2023 -0400 @@ -84,6 +84,10 @@ - fix crash due to invalid initialization/reset of configuration.py option_validators. Crashed roundup-admin on second command if an option_validator was added by a detector or extension. (John Rouillard) +- Dockerfile uses dumb-init to properly wait for child/zombie + processes. Defense against child process starting from detector + and becoming a zombie when its roundup-server instance exits. + (John Rouillard) Features:
--- a/scripts/Docker/Dockerfile Wed May 10 16:49:34 2023 -0400 +++ b/scripts/Docker/Dockerfile Wed May 10 17:53:47 2023 -0400 @@ -153,6 +153,7 @@ RUN apk --no-cache upgrade; \ apk --no-cache add \ brotli-libs \ + dumb-init \ gpgme \ mariadb-connector-c \ libpq \ @@ -183,8 +184,13 @@ COPY scripts/Docker/roundup_start . COPY scripts/Docker/roundup_healthcheck . +# Do not run roundup as root. This creates roundup user and group. +ARG roundup_uid +RUN adduser -D -h ${appdir} -u ${roundup_uid:-1000} roundup + # make roundup scripts execuable and mount a trackerdir on tracker location -RUN chmod +x roundup_start roundup_healthcheck; mkdir tracker +RUN chmod +x roundup_start roundup_healthcheck; \ + mkdir tracker; chown ${roundup_uid:-1000}:${roundup_uid:-1000} tracker VOLUME $appdir/tracker # map port 8080 to your local port @@ -193,15 +199,13 @@ HEALTHCHECK --start-period=1m \ CMD ./roundup_healthcheck -# do not run roundup as root. This creates roundup user and group. -ARG roundup_uid -RUN adduser -D -h ${appdir} -u ${roundup_uid:-1000} roundup +# switch to using roundup user USER roundup # run the server, disable output buffering so we can see logs. ENV PYTHONUNBUFFERED=1 #ENTRYPOINT [ "roundup-server", "-n", "0.0.0.0" ] -ENTRYPOINT [ "./roundup_start" ] +ENTRYPOINT [ "/usr/bin/dumb-init", "./roundup_start" ] # allow the invoker to override cmd with multiple trackers # in each subdirectory under $appdir/tracker. E.G.