Although cc88073a79 ("Fix signal handling") fixed the signal handling
and signals don't end up in `entrypoint.sh` anymore, there's still no
clean graceful shutdown. The reason is runuser. It runs as PID 1 and
prosody only runs as child process. A SIGTERM sent to runuser lets
runuser forward SIGTERM to the child process. However it does not wait,
but send SIGKILL right after it. (Confirmed by looking at runuser source
code in util-linux.)
The output on `docker stop [prosodycontainer]` is therefore:
Session terminated, killing shell...mod_posix warn Received SIGTERM
portmanager info Deactivated service 'c2s'
...killed.
The additional messages in between prosody log output come from runuser.
This is obviously no graceful shutdown.
Because prosody fordibs running as uid 0 (root) we have to run it as
unpriviledged user. The docker best practices recommend to use *gosu*
and gosu lists some alternatives. Instead of installing gosu to the
image, we use *setpriv* from the already installed util-linux now. The
version in Debian buster, on which the prosody image is based currently,
is recent enough to already contain setpriv.
After that, prosody itself runs with PID 1, but as unpriviledged user
now, and the output of `docker stop` looks like this:
mod_posix warn Received SIGTERM
portmanager info Deactivated service 'c2s'
general info Shutting down...
general info Shutdown status: Cleaning up
general info Shutdown complete
Link: https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#entrypoint
Signed-off-by: Alexander Dahl <post@lespocky.de>
This reverts commit 31d6d84433.
While tini successfully forwards signals, this leads to `runuser`
killing prosody now. The container does terminate in 10 seconds, so
Docker is happy and you could argue that actually fixes#68, but it's no
graceful shutdown. The revert is done because it's easier to apply a
real fix without tini.
tini [1] is a minimalistic PID 1 process. It correctly handles
the special jobs which PID 1 (or a reaper process in general)
needs to take care of in addition to correctly processing the
relevant signals.
Fixes#68.
[1]: https://github.com/krallin/tini
This patch add `exec` to replace the shell running the `entrypoint.sh`
script by Prosody executable.
This allows Prosody to catch and handle correctly signals, notably
SIGTERM and SIGINT. Without it, Docker can't stop correctly the
container, resulting in a 10 s delay before it kills it.
- Reduce the build steps to reduce the number and size of intermediate images
- Set the logging to stdout by default
- Remove default user create, but still allow optional user creation
- Fix entrypoint command setup
