Commit graph

10 commits

Author SHA1 Message Date
Alexander Dahl
a5e773d9b6 Fix signal handling and allow graceful shutdown
Although cc88073a79 ("Fix signal handling") fixed the signal handling
and signals don't end up in `entrypoint.sh` anymore, there's still no
clean graceful shutdown. The reason is runuser. It runs as PID 1 and
prosody only runs as child process. A SIGTERM sent to runuser lets
runuser forward SIGTERM to the child process. However it does not wait,
but send SIGKILL right after it. (Confirmed by looking at runuser source
code in util-linux.)

The output on `docker stop [prosodycontainer]` is therefore:

    Session terminated, killing shell...mod_posix                                warn       Received SIGTERM
    portmanager                              info   Deactivated service 'c2s'
     ...killed.

The additional messages in between prosody log output come from runuser.
This is obviously no graceful shutdown.

Because prosody fordibs running as uid 0 (root) we have to run it as
unpriviledged user. The docker best practices recommend to use *gosu*
and gosu lists some alternatives.  Instead of installing gosu to the
image, we use *setpriv* from the already installed util-linux now. The
version in Debian buster, on which the prosody image is based currently,
is recent enough to already contain setpriv.

After that, prosody itself runs with PID 1, but as unpriviledged user
now, and the output of `docker stop` looks like this:

    mod_posix                                warn   Received SIGTERM
    portmanager                              info   Deactivated service 'c2s'
    general                                  info   Shutting down...
    general                                  info   Shutdown status: Cleaning up
    general                                  info   Shutdown complete

Link: https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#entrypoint
Signed-off-by: Alexander Dahl <post@lespocky.de>
2021-03-27 16:58:09 +01:00
Alexander Dahl
83556a4c5a Revert "Use tini as PID 1 inside the container"
This reverts commit 31d6d84433.

While tini successfully forwards signals, this leads to `runuser`
killing prosody now. The container does terminate in 10 seconds, so
Docker is happy and you could argue that actually fixes #68, but it's no
graceful shutdown. The revert is done because it's easier to apply a
real fix without tini.
2021-03-27 16:58:09 +01:00
Jonas Schäfer
31d6d84433 Use tini as PID 1 inside the container
tini [1] is a minimalistic PID 1 process. It correctly handles
the special jobs which PID 1 (or a reaper process in general)
needs to take care of in addition to correctly processing the
relevant signals.

Fixes #68.

   [1]: https://github.com/krallin/tini
2021-03-20 12:30:27 +01:00
selurvedu
d627c29eab Fix minor shellcheck warnings 2021-01-29 17:20:34 +01:00
selurvedu
0555dc16c9 Fix mod_posix error if prosody user ID was altered
This fixes the following mod_posix error:

Couldn't write pidfile at /var/run/prosody/prosody.pid;
/var/run/prosody/prosody.pid: Permission denied
2021-01-29 17:20:34 +01:00
Jérôme Poisson
cc88073a79 Fix signal handling
This patch add `exec` to replace the shell running the `entrypoint.sh`
script by Prosody executable.

This allows Prosody to catch and handle correctly signals, notably
SIGTERM and SIGINT. Without it, Docker can't stop correctly the
container, resulting in a 10 s delay before it kills it.
2020-10-10 21:20:17 +02:00
Kim Alvefur
95a9d24b76 Run with same UID as datadir owner
This should fix problems with owner/uid mismatch when an existing
prosody data directory is mounted into the container

Closes #39
2020-02-13 01:10:36 +01:00
Kim Alvefur
8c4170e7d9 entrypoint.sh: Quote variables [shellcheck] 2019-03-16 19:19:37 +01:00
Matthew Wild
8bbb02e228 entrypoint.sh: If a command is passed to the image, run prosodyctl instead 2016-02-04 19:19:17 +00:00
Kevin Carter
1b1f0ed951 Cleanup the Dockerfile
- Reduce the build steps to reduce the number and size of intermediate images
- Set the logging to stdout by default
- Remove default user create, but still allow optional user creation
- Fix entrypoint command setup
2014-12-07 20:02:23 -07:00