From a6bf447f9ebc188884021bf2c947d7d1a0efd342 Mon Sep 17 00:00:00 2001 From: Ryan Sundberg Date: Sat, 1 Jul 2017 15:08:08 -0700 Subject: [PATCH 01/23] Start syslog-ng before runit, and stop after runit. When syslog-ng is managed as an runit service, application logs may be lost during shutdown, when the syslog-ng service stops before the app exits. This change uses the my_init.d directory to manage syslog-ng at a lower runlevel than runit. --- image/services/syslog-ng/syslog-ng.init | 10 +++++++ image/services/syslog-ng/syslog-ng.runit | 32 --------------------- image/services/syslog-ng/syslog-ng.sh | 4 +-- image/services/syslog-ng/syslog-ng.shutdown | 3 ++ 4 files changed, 15 insertions(+), 34 deletions(-) create mode 100755 image/services/syslog-ng/syslog-ng.init delete mode 100755 image/services/syslog-ng/syslog-ng.runit create mode 100755 image/services/syslog-ng/syslog-ng.shutdown diff --git a/image/services/syslog-ng/syslog-ng.init b/image/services/syslog-ng/syslog-ng.init new file mode 100755 index 0000000..6c31aa0 --- /dev/null +++ b/image/services/syslog-ng/syslog-ng.init @@ -0,0 +1,10 @@ +#!/bin/sh +set -e + +# If /dev/log is either a named pipe or it was placed there accidentally, +# e.g. because of the issue documented at https://github.com/phusion/baseimage-docker/pull/25, +# then we remove it. +if [ ! -S /dev/log ]; then rm -f /dev/log; fi +if [ ! -S /var/lib/syslog-ng/syslog-ng.ctl ]; then rm -f /var/lib/syslog-ng/syslog-ng.ctl; fi + +/etc/init.d/syslog-ng start diff --git a/image/services/syslog-ng/syslog-ng.runit b/image/services/syslog-ng/syslog-ng.runit deleted file mode 100755 index 7045d26..0000000 --- a/image/services/syslog-ng/syslog-ng.runit +++ /dev/null @@ -1,32 +0,0 @@ -#!/bin/sh -set -e - -# If /dev/log is either a named pipe or it was placed there accidentally, -# e.g. because of the issue documented at https://github.com/phusion/baseimage-docker/pull/25, -# then we remove it. -if [ ! -S /dev/log ]; then rm -f /dev/log; fi -if [ ! -S /var/lib/syslog-ng/syslog-ng.ctl ]; then rm -f /var/lib/syslog-ng/syslog-ng.ctl; fi - -SYSLOGNG_OPTS="" - -[ -r /etc/default/syslog-ng ] && . /etc/default/syslog-ng - -case "x$CONSOLE_LOG_LEVEL" in - x[1-8]) - dmesg -n $CONSOLE_LOG_LEVEL - ;; - x) - ;; - *) - echo "CONSOLE_LOG_LEVEL is of unaccepted value." - ;; -esac - -if [ ! -e /dev/xconsole ] -then - mknod -m 640 /dev/xconsole p - chown root:adm /dev/xconsole - [ -x /sbin/restorecon ] && /sbin/restorecon $XCONSOLE -fi - -exec syslog-ng -F -p /var/run/syslog-ng.pid $SYSLOGNG_OPTS diff --git a/image/services/syslog-ng/syslog-ng.sh b/image/services/syslog-ng/syslog-ng.sh index 2b0be4a..db48fde 100755 --- a/image/services/syslog-ng/syslog-ng.sh +++ b/image/services/syslog-ng/syslog-ng.sh @@ -7,8 +7,8 @@ SYSLOG_NG_BUILD_PATH=/bd_build/services/syslog-ng ## Install a syslog daemon. $minimal_apt_get_install syslog-ng-core -mkdir /etc/service/syslog-ng -cp $SYSLOG_NG_BUILD_PATH/syslog-ng.runit /etc/service/syslog-ng/run +cp $SYSLOG_NG_BUILD_PATH/syslog-ng.init /etc/my_init.d/syslog-ng.init +cp $SYSLOG_NG_BUILD_PATH/syslog-ng.shutdown /etc/my_init.post_shutdown.d/syslog-ng.shutdown mkdir -p /var/lib/syslog-ng cp $SYSLOG_NG_BUILD_PATH/syslog_ng_default /etc/default/syslog-ng touch /var/log/syslog diff --git a/image/services/syslog-ng/syslog-ng.shutdown b/image/services/syslog-ng/syslog-ng.shutdown new file mode 100755 index 0000000..7f0324e --- /dev/null +++ b/image/services/syslog-ng/syslog-ng.shutdown @@ -0,0 +1,3 @@ +#!/bin/sh + +/etc/init.d/syslog-ng stop From 8d7f3abd2d6384f18ba4da569cdd70463ad1439f Mon Sep 17 00:00:00 2001 From: "Dotan J. Nahum" Date: Thu, 5 Oct 2017 20:51:41 +0300 Subject: [PATCH 02/23] Reflect 'latest' in imagelayers.io image. (#435) --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 200b715..753f2bf 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # A minimal Ubuntu base image modified for Docker-friendliness -[![](https://badge.imagelayers.io/phusion/baseimage:0.9.17.svg)](https://imagelayers.io/?images=phusion/baseimage:latest 'Get your own badge on imagelayers.io') +[![](https://badge.imagelayers.io/phusion/baseimage:latest.svg)](https://imagelayers.io/?images=phusion/baseimage:latest 'Get your own badge on imagelayers.io') [![Travis](https://img.shields.io/travis/phusion/baseimage-docker.svg)](https://travis-ci.org/phusion/baseimage-docker) _Baseimage-docker only consumes 6 MB RAM and is much powerful than Busybox or Alpine. See why below._ From 2bb9d89325edd91b08397e3643cd589143fa1cde Mon Sep 17 00:00:00 2001 From: David Hiendl Date: Thu, 5 Oct 2017 21:13:01 +0200 Subject: [PATCH 03/23] configured syslog-ng to log to stdout directly instead of using tail (#438) --- image/services/syslog-ng/logrotate_syslogng | 2 -- image/services/syslog-ng/syslog-forwarder.runit | 2 -- image/services/syslog-ng/syslog-ng.conf | 5 ++++- image/services/syslog-ng/syslog-ng.sh | 4 ---- 4 files changed, 4 insertions(+), 9 deletions(-) delete mode 100755 image/services/syslog-ng/syslog-forwarder.runit diff --git a/image/services/syslog-ng/logrotate_syslogng b/image/services/syslog-ng/logrotate_syslogng index 114cb09..38ad512 100644 --- a/image/services/syslog-ng/logrotate_syslogng +++ b/image/services/syslog-ng/logrotate_syslogng @@ -8,7 +8,6 @@ compress postrotate sv reload syslog-ng > /dev/null - sv restart syslog-forwarder > /dev/null endscript } @@ -34,6 +33,5 @@ sharedscripts postrotate sv reload syslog-ng > /dev/null - sv restart syslog-forwarder > /dev/null endscript } diff --git a/image/services/syslog-ng/syslog-forwarder.runit b/image/services/syslog-ng/syslog-forwarder.runit deleted file mode 100755 index 5bd832f..0000000 --- a/image/services/syslog-ng/syslog-forwarder.runit +++ /dev/null @@ -1,2 +0,0 @@ -#!/bin/sh -exec tail -F -n 0 /var/log/syslog diff --git a/image/services/syslog-ng/syslog-ng.conf b/image/services/syslog-ng/syslog-ng.conf index 9dc76a3..11f6b41 100644 --- a/image/services/syslog-ng/syslog-ng.conf +++ b/image/services/syslog-ng/syslog-ng.conf @@ -74,6 +74,9 @@ destination d_xconsole { pipe("/dev/xconsole"); }; # Debian only destination d_ppp { file("/var/log/ppp.log"); }; +# stdout for docker +destination d_stdout { pipe("/dev/stdout"); }; + ######################## # Filters ######################## @@ -119,7 +122,7 @@ log { source(s_src); filter(f_cron); destination(d_cron); }; log { source(s_src); filter(f_daemon); destination(d_daemon); }; log { source(s_src); filter(f_kern); destination(d_kern); }; log { source(s_src); filter(f_lpr); destination(d_lpr); }; -log { source(s_src); filter(f_syslog3); destination(d_syslog); }; +log { source(s_src); filter(f_syslog3); destination(d_syslog); destination(d_stdout); }; log { source(s_src); filter(f_user); destination(d_user); }; log { source(s_src); filter(f_uucp); destination(d_uucp); }; diff --git a/image/services/syslog-ng/syslog-ng.sh b/image/services/syslog-ng/syslog-ng.sh index 2b0be4a..5c25e9d 100755 --- a/image/services/syslog-ng/syslog-ng.sh +++ b/image/services/syslog-ng/syslog-ng.sh @@ -15,10 +15,6 @@ touch /var/log/syslog chmod u=rw,g=r,o= /var/log/syslog cp $SYSLOG_NG_BUILD_PATH/syslog-ng.conf /etc/syslog-ng/syslog-ng.conf -## Install syslog to "docker logs" forwarder. -mkdir /etc/service/syslog-forwarder -cp $SYSLOG_NG_BUILD_PATH/syslog-forwarder.runit /etc/service/syslog-forwarder/run - ## Install logrotate. $minimal_apt_get_install logrotate cp $SYSLOG_NG_BUILD_PATH/logrotate.conf /etc/logrotate.conf From 2be1e6f407b63b811b4186d2eb739ca3e9619c4b Mon Sep 17 00:00:00 2001 From: Morten Abildgaard Date: Sun, 8 Oct 2017 11:42:53 +0200 Subject: [PATCH 04/23] Adding "more" to the first sentence. I think this is what it's supposed to say. --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 753f2bf..7c946a5 100644 --- a/README.md +++ b/README.md @@ -3,7 +3,7 @@ [![](https://badge.imagelayers.io/phusion/baseimage:latest.svg)](https://imagelayers.io/?images=phusion/baseimage:latest 'Get your own badge on imagelayers.io') [![Travis](https://img.shields.io/travis/phusion/baseimage-docker.svg)](https://travis-ci.org/phusion/baseimage-docker) -_Baseimage-docker only consumes 6 MB RAM and is much powerful than Busybox or Alpine. See why below._ +_Baseimage-docker only consumes 6 MB RAM and is much more powerful than Busybox or Alpine. See why below._ Baseimage-docker is a special [Docker](https://www.docker.com) image that is configured for correct use within Docker containers. It is Ubuntu, plus: From 6a774f2f48c4b19372051a15bd41ae77f9e4e026 Mon Sep 17 00:00:00 2001 From: Steven Conaway Date: Mon, 23 Oct 2017 18:53:46 -0700 Subject: [PATCH 05/23] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 7c946a5..6864072 100644 --- a/README.md +++ b/README.md @@ -485,7 +485,7 @@ Edit your Dockerfile to install the insecure key permanently: RUN /usr/sbin/enable_insecure_key -Instructions for logging in the container is the same as in section [Using the insecure key for one container only](#using_the_insecure_key_for_one_container_only). +Instructions for logging into the container is the same as in section [Using the insecure key for one container only](#using_the_insecure_key_for_one_container_only). #### Using your own key From fcc1283c855f67d5e2cc56a719a2b0b5ce63c9ee Mon Sep 17 00:00:00 2001 From: Steve Kamerman Date: Mon, 16 Oct 2017 23:31:26 -0400 Subject: [PATCH 06/23] Added install_clean.sh utility --- README.md | 1 + image/bin/install_clean.sh | 10 ++++++++++ image/utilities.sh | 3 +++ 3 files changed, 14 insertions(+) create mode 100755 image/bin/install_clean.sh diff --git a/README.md b/README.md index 6864072..b123b60 100644 --- a/README.md +++ b/README.md @@ -95,6 +95,7 @@ You can configure the stock `ubuntu` image yourself from your Dockerfile, so why | cron | The cron daemon must be running for cron jobs to work. | | [runit](http://smarden.org/runit/) | Replaces Ubuntu's Upstart. Used for service supervision and management. Much easier to use than SysV init and supports restarting daemons when they crash. Much easier to use and more lightweight than Upstart. | | `setuser` | A tool for running a command as another user. Easier to use than `su`, has a smaller attack vector than `sudo`, and unlike `chpst` this tool sets `$HOME` correctly. Available as `/sbin/setuser`. | +| `install_clean.sh` | A tool for installing `apt` packages that automatically cleans up after itself. All arguments are passed to `apt-get -y install` and after installation the apt caches are cleared. | Baseimage-docker is very lightweight: it only consumes 6 MB of memory. diff --git a/image/bin/install_clean.sh b/image/bin/install_clean.sh new file mode 100755 index 0000000..2a5310b --- /dev/null +++ b/image/bin/install_clean.sh @@ -0,0 +1,10 @@ +#!/bin/sh +# Apt installer helper for Docker images + +set -e + +echo "Installing $*" +apt-get -q update && apt-get -qy install $* \ + && apt-get -qy autoremove \ + && apt-get clean \ + && rm -r /var/lib/apt/lists/* diff --git a/image/utilities.sh b/image/utilities.sh index 9f0c1a9..8b452db 100755 --- a/image/utilities.sh +++ b/image/utilities.sh @@ -9,3 +9,6 @@ ln -s /usr/bin/vim.tiny /usr/bin/vim ## This tool runs a command as another user and sets $HOME. cp /bd_build/bin/setuser /sbin/setuser + +## This tool allows installation of apt packages with automatic cache cleanup. +cp /bd_build/bin/install_clean.sh /sbin/install_clean.sh From c41f837f82b4d8780f78fed1770c4b9bfd5af181 Mon Sep 17 00:00:00 2001 From: Steve Kamerman Date: Tue, 17 Oct 2017 16:39:19 -0400 Subject: [PATCH 07/23] Added `--no-install-recommends` by default --- README.md | 2 +- image/bin/install_clean.sh | 15 +++++++++++---- 2 files changed, 12 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index b123b60..691439c 100644 --- a/README.md +++ b/README.md @@ -95,7 +95,7 @@ You can configure the stock `ubuntu` image yourself from your Dockerfile, so why | cron | The cron daemon must be running for cron jobs to work. | | [runit](http://smarden.org/runit/) | Replaces Ubuntu's Upstart. Used for service supervision and management. Much easier to use than SysV init and supports restarting daemons when they crash. Much easier to use and more lightweight than Upstart. | | `setuser` | A tool for running a command as another user. Easier to use than `su`, has a smaller attack vector than `sudo`, and unlike `chpst` this tool sets `$HOME` correctly. Available as `/sbin/setuser`. | -| `install_clean.sh` | A tool for installing `apt` packages that automatically cleans up after itself. All arguments are passed to `apt-get -y install` and after installation the apt caches are cleared. | +| `install_clean.sh` | A tool for installing `apt` packages that automatically cleans up after itself. All arguments are passed to `apt-get -y install --no-install-recommends` and after installation the apt caches are cleared. To include recommended packages, add `--install-recommends`. | Baseimage-docker is very lightweight: it only consumes 6 MB of memory. diff --git a/image/bin/install_clean.sh b/image/bin/install_clean.sh index 2a5310b..3f829bc 100755 --- a/image/bin/install_clean.sh +++ b/image/bin/install_clean.sh @@ -1,10 +1,17 @@ -#!/bin/sh +#!/bin/bash -e # Apt installer helper for Docker images -set -e +ARGS="$*" +NO_RECOMMENDS="--no-install-recommends" +RECOMMENDS="--install-recommends" +if [[ $ARGS =~ "$RECOMMENDS" ]]; then + NO_RECOMMENDS="" + ARGS=$(sed "s/$RECOMMENDS//g" <<<"$ARGS") +fi -echo "Installing $*" -apt-get -q update && apt-get -qy install $* \ +echo "Installing $ARGS" + +apt-get -q update && apt-get -qy install $NO_RECOMMENDS $ARGS \ && apt-get -qy autoremove \ && apt-get clean \ && rm -r /var/lib/apt/lists/* From 421ca4ea059800b35ef7fbf78cdfdd41f3c3a9b2 Mon Sep 17 00:00:00 2001 From: Steve Kamerman Date: Wed, 18 Oct 2017 02:02:27 -0400 Subject: [PATCH 08/23] Renamed install_clean --- README.md | 2 +- image/bin/{install_clean.sh => install_clean} | 0 image/utilities.sh | 2 +- 3 files changed, 2 insertions(+), 2 deletions(-) rename image/bin/{install_clean.sh => install_clean} (100%) diff --git a/README.md b/README.md index 691439c..7993e3c 100644 --- a/README.md +++ b/README.md @@ -95,7 +95,7 @@ You can configure the stock `ubuntu` image yourself from your Dockerfile, so why | cron | The cron daemon must be running for cron jobs to work. | | [runit](http://smarden.org/runit/) | Replaces Ubuntu's Upstart. Used for service supervision and management. Much easier to use than SysV init and supports restarting daemons when they crash. Much easier to use and more lightweight than Upstart. | | `setuser` | A tool for running a command as another user. Easier to use than `su`, has a smaller attack vector than `sudo`, and unlike `chpst` this tool sets `$HOME` correctly. Available as `/sbin/setuser`. | -| `install_clean.sh` | A tool for installing `apt` packages that automatically cleans up after itself. All arguments are passed to `apt-get -y install --no-install-recommends` and after installation the apt caches are cleared. To include recommended packages, add `--install-recommends`. | +| `install_clean` | A tool for installing `apt` packages that automatically cleans up after itself. All arguments are passed to `apt-get -y install --no-install-recommends` and after installation the apt caches are cleared. To include recommended packages, add `--install-recommends`. | Baseimage-docker is very lightweight: it only consumes 6 MB of memory. diff --git a/image/bin/install_clean.sh b/image/bin/install_clean similarity index 100% rename from image/bin/install_clean.sh rename to image/bin/install_clean diff --git a/image/utilities.sh b/image/utilities.sh index 8b452db..d1aa273 100755 --- a/image/utilities.sh +++ b/image/utilities.sh @@ -11,4 +11,4 @@ ln -s /usr/bin/vim.tiny /usr/bin/vim cp /bd_build/bin/setuser /sbin/setuser ## This tool allows installation of apt packages with automatic cache cleanup. -cp /bd_build/bin/install_clean.sh /sbin/install_clean.sh +cp /bd_build/bin/install_clean /sbin/install_clean From 70b5c73902cee4b1875f3fa21d8743644fa5d0c9 Mon Sep 17 00:00:00 2001 From: Ryan Sundberg Date: Tue, 31 Oct 2017 14:16:27 -0700 Subject: [PATCH 09/23] System logging notes in README.md --- README.md | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/README.md b/README.md index 200b715..71b1f30 100644 --- a/README.md +++ b/README.md @@ -57,6 +57,7 @@ You can configure the stock `ubuntu` image yourself from your Dockerfile, so why * [Environment variable dumps](#envvar_dumps) * [Modifying environment variables](#modifying_envvars) * [Security](#envvar_security) + * [System Logging](#logging) * [Upgrading the operating system inside the container](#upgrading_os) * [Container administration](#container_administration) * [Running a one-shot command in a new container](#oneshot) @@ -302,6 +303,14 @@ If you are sure that your environment variables don't contain sensitive data, th RUN chmod 755 /etc/container_environment RUN chmod 644 /etc/container_environment.sh /etc/container_environment.json + +### System Logging + +Baseimage-docker uses syslog-ng to provide a syslog facility to the container. Syslog-ng is not managed as an runit service (see below). Syslog messages are forwarded to the console via the service at /etc/service/syslog-forwarder. + +#### Log startup/shutdown sequence +In order to ensure that all application log messages are captured by syslog-ng, syslog-ng is started separately before the runit supervisor process, and shutdown after runit exits. This uses the [startup script facility](#running_startup_scripts) provided by this image. This avoids a race condition which would exist if syslog-ng were managed as an runit service, where runit kills syslog-ng in parallel with the container's other services, causing log messages to be dropped during a graceful shutdown if syslog-ng exits while logs are still being produced by other services. + ### Upgrading the operating system inside the container From 69d1b96431a880de9c24ef0c565b111d48f46dcb Mon Sep 17 00:00:00 2001 From: Ryan Sundberg Date: Tue, 31 Oct 2017 14:21:23 -0700 Subject: [PATCH 10/23] Capitalization --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 1a1ac73..e450887 100644 --- a/README.md +++ b/README.md @@ -57,7 +57,7 @@ You can configure the stock `ubuntu` image yourself from your Dockerfile, so why * [Environment variable dumps](#envvar_dumps) * [Modifying environment variables](#modifying_envvars) * [Security](#envvar_security) - * [System Logging](#logging) + * [System logging](#logging) * [Upgrading the operating system inside the container](#upgrading_os) * [Container administration](#container_administration) * [Running a one-shot command in a new container](#oneshot) @@ -305,7 +305,7 @@ If you are sure that your environment variables don't contain sensitive data, th RUN chmod 644 /etc/container_environment.sh /etc/container_environment.json -### System Logging +### System logging Baseimage-docker uses syslog-ng to provide a syslog facility to the container. Syslog-ng is not managed as an runit service (see below). Syslog messages are forwarded to the console via the service at /etc/service/syslog-forwarder. From d7656266880953782e558912166c48431a3f2214 Mon Sep 17 00:00:00 2001 From: Ryan Sundberg Date: Tue, 31 Oct 2017 14:24:18 -0700 Subject: [PATCH 11/23] Prefix syslog-ng shutdown scripts with boot order --- image/services/syslog-ng/syslog-ng.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/image/services/syslog-ng/syslog-ng.sh b/image/services/syslog-ng/syslog-ng.sh index a62c064..610d80c 100755 --- a/image/services/syslog-ng/syslog-ng.sh +++ b/image/services/syslog-ng/syslog-ng.sh @@ -7,8 +7,8 @@ SYSLOG_NG_BUILD_PATH=/bd_build/services/syslog-ng ## Install a syslog daemon. $minimal_apt_get_install syslog-ng-core -cp $SYSLOG_NG_BUILD_PATH/syslog-ng.init /etc/my_init.d/syslog-ng.init -cp $SYSLOG_NG_BUILD_PATH/syslog-ng.shutdown /etc/my_init.post_shutdown.d/syslog-ng.shutdown +cp $SYSLOG_NG_BUILD_PATH/syslog-ng.init /etc/my_init.d/10_syslog-ng.init +cp $SYSLOG_NG_BUILD_PATH/syslog-ng.shutdown /etc/my_init.post_shutdown.d/10_syslog-ng.shutdown mkdir -p /var/lib/syslog-ng cp $SYSLOG_NG_BUILD_PATH/syslog_ng_default /etc/default/syslog-ng touch /var/log/syslog From 18a10580e110eead8a9cceb24963d8fc74c7ebc5 Mon Sep 17 00:00:00 2001 From: Ryan Sundberg Date: Tue, 31 Oct 2017 15:41:59 -0700 Subject: [PATCH 12/23] Syslog-ng start and stop, preserving stdout file descriptor --- image/services/syslog-ng/syslog-ng.init | 28 +++++++++++++++++++-- image/services/syslog-ng/syslog-ng.shutdown | 25 ++++++++++++++++-- 2 files changed, 49 insertions(+), 4 deletions(-) diff --git a/image/services/syslog-ng/syslog-ng.init b/image/services/syslog-ng/syslog-ng.init index 6c31aa0..04f526b 100755 --- a/image/services/syslog-ng/syslog-ng.init +++ b/image/services/syslog-ng/syslog-ng.init @@ -1,4 +1,4 @@ -#!/bin/sh +#!/bin/bash set -e # If /dev/log is either a named pipe or it was placed there accidentally, @@ -7,4 +7,28 @@ set -e if [ ! -S /dev/log ]; then rm -f /dev/log; fi if [ ! -S /var/lib/syslog-ng/syslog-ng.ctl ]; then rm -f /var/lib/syslog-ng/syslog-ng.ctl; fi -/etc/init.d/syslog-ng start +PIDFILE="/var/run/syslog-ng.pid" +SYSLOGNG_OPTS="" + +[ -r /etc/default/syslog-ng ] && . /etc/default/syslog-ng + +syslogng_wait() { + if [ "$2" -ne 0 ]; then + return 1 + fi + + RET=1 + for i in $(seq 1 30); do + status=0 + syslog-ng-ctl stats >/dev/null 2>&1 || status=$? + if [ "$status" != "$1" ]; then + RET=0 + break + fi + sleep 1s + done + return $RET +} + +/usr/sbin/syslog-ng --pidfile "$PIDFILE" -F $SYSLOGNG_OPTS & +syslogng_wait 1 $? diff --git a/image/services/syslog-ng/syslog-ng.shutdown b/image/services/syslog-ng/syslog-ng.shutdown index 7f0324e..0288004 100755 --- a/image/services/syslog-ng/syslog-ng.shutdown +++ b/image/services/syslog-ng/syslog-ng.shutdown @@ -1,3 +1,24 @@ -#!/bin/sh +#!/bin/bash -/etc/init.d/syslog-ng stop +PIDFILE="/var/run/syslog-ng.pid" + +syslogng_wait() { + if [ "$2" -ne 0 ]; then + return 1 + fi + + RET=1 + for i in $(seq 1 30); do + status=0 + syslog-ng-ctl stats >/dev/null 2>&1 || status=$? + if [ "$status" != "$1" ]; then + RET=0 + break + fi + sleep 1s + done + return $RET +} + +kill $(cat "$PIDFILE") +syslogng_wait 0 $? From 4cb596bfc94414e23be140b3924cdaecc561529f Mon Sep 17 00:00:00 2001 From: Travis Rowland Date: Wed, 1 Nov 2017 12:16:33 -0700 Subject: [PATCH 13/23] Create CODE_OF_CONDUCT.md --- CODE_OF_CONDUCT.md | 46 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 46 insertions(+) create mode 100644 CODE_OF_CONDUCT.md diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md new file mode 100644 index 0000000..f4d10c8 --- /dev/null +++ b/CODE_OF_CONDUCT.md @@ -0,0 +1,46 @@ +# Contributor Covenant Code of Conduct + +## Our Pledge + +In the interest of fostering an open and welcoming environment, we as contributors and maintainers pledge to making participation in our project and our community a harassment-free experience for everyone, regardless of age, body size, disability, ethnicity, gender identity and expression, level of experience, nationality, personal appearance, race, religion, or sexual identity and orientation. + +## Our Standards + +Examples of behavior that contributes to creating a positive environment include: + +* Using welcoming and inclusive language +* Being respectful of differing viewpoints and experiences +* Gracefully accepting constructive criticism +* Focusing on what is best for the community +* Showing empathy towards other community members + +Examples of unacceptable behavior by participants include: + +* The use of sexualized language or imagery and unwelcome sexual attention or advances +* Trolling, insulting/derogatory comments, and personal or political attacks +* Public or private harassment +* Publishing others' private information, such as a physical or electronic address, without explicit permission +* Other conduct which could reasonably be considered inappropriate in a professional setting + +## Our Responsibilities + +Project maintainers are responsible for clarifying the standards of acceptable behavior and are expected to take appropriate and fair corrective action in response to any instances of unacceptable behavior. + +Project maintainers have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct, or to ban temporarily or permanently any contributor for other behaviors that they deem inappropriate, threatening, offensive, or harmful. + +## Scope + +This Code of Conduct applies both within project spaces and in public spaces when an individual is representing the project or its community. Examples of representing a project or community include using an official project e-mail address, posting via an official social media account, or acting as an appointed representative at an online or offline event. Representation of a project may be further defined and clarified by project maintainers. + +## Enforcement + +Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by contacting the project team at info@phusion.nl. The project team will review and investigate all complaints, and will respond in a way that it deems appropriate to the circumstances. The project team is obligated to maintain confidentiality with regard to the reporter of an incident. Further details of specific enforcement policies may be posted separately. + +Project maintainers who do not follow or enforce the Code of Conduct in good faith may face temporary or permanent repercussions as determined by other members of the project's leadership. + +## Attribution + +This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4, available at [http://contributor-covenant.org/version/1/4][version] + +[homepage]: http://contributor-covenant.org +[version]: http://contributor-covenant.org/version/1/4/ From 25d13ef2b8c4bb2849ec9e3ac2cc12a6b4fd72c1 Mon Sep 17 00:00:00 2001 From: Steve Kamerman Date: Wed, 1 Nov 2017 17:26:31 -0400 Subject: [PATCH 14/23] Gracefully handle syslog-ng shutdown --- image/services/syslog-ng/syslog-ng.shutdown | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/image/services/syslog-ng/syslog-ng.shutdown b/image/services/syslog-ng/syslog-ng.shutdown index 0288004..7046d02 100755 --- a/image/services/syslog-ng/syslog-ng.shutdown +++ b/image/services/syslog-ng/syslog-ng.shutdown @@ -20,5 +20,8 @@ syslogng_wait() { return $RET } -kill $(cat "$PIDFILE") +if [ -f "$PIDFILE" ]; then + kill $(cat "$PIDFILE") +fi + syslogng_wait 0 $? From 4468bb296e225b019e6b4a4c67d64ab89325efd2 Mon Sep 17 00:00:00 2001 From: Travis Rowland Date: Thu, 2 Nov 2017 09:34:12 -0700 Subject: [PATCH 15/23] Incrementing version AFFECTS #448 --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index ce7031e..1ff9dcb 100644 --- a/Makefile +++ b/Makefile @@ -1,5 +1,5 @@ NAME = phusion/baseimage -VERSION = 0.9.22 +VERSION = 0.10.0 .PHONY: all build test tag_latest release ssh From b77633463fc6ece4c7b81858ce0ab1bd1b63272a Mon Sep 17 00:00:00 2001 From: Ryan Sundberg Date: Wed, 22 Nov 2017 23:18:19 -0800 Subject: [PATCH 16/23] Fork syslog-ng into a new process group via bash monitor mode This prevents SIGINT from a user interrupt from prematurely quitting syslog-ng. See https://github.com/phusion/baseimage-docker/issues/450 --- image/services/syslog-ng/syslog-ng.init | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/image/services/syslog-ng/syslog-ng.init b/image/services/syslog-ng/syslog-ng.init index 04f526b..8a33b78 100755 --- a/image/services/syslog-ng/syslog-ng.init +++ b/image/services/syslog-ng/syslog-ng.init @@ -1,5 +1,5 @@ #!/bin/bash -set -e +set -em # If /dev/log is either a named pipe or it was placed there accidentally, # e.g. because of the issue documented at https://github.com/phusion/baseimage-docker/pull/25, From 7a639692abeca1a806e4824713fe4a53403a6aa3 Mon Sep 17 00:00:00 2001 From: Travis Rowland Date: Fri, 26 Jan 2018 01:54:38 -0800 Subject: [PATCH 17/23] Automated Docker builds --- .travis.yml | 32 +++++++++++++++++++------------- 1 file changed, 19 insertions(+), 13 deletions(-) diff --git a/.travis.yml b/.travis.yml index 448718f..bd7de29 100644 --- a/.travis.yml +++ b/.travis.yml @@ -3,17 +3,23 @@ sudo: required services: - docker -script: - - make build +env: + global: + - NAME=phusion/baseimage + # - VERSION=$(TRAVIS_TAG) + - VERSION=$(TRAVIS_BRANCH) -deploy: - - provider: script - script: make test_release - on: - branch: master - tags: true - condition: '$TRAVIS_TAG =~ ^[0-9]+(\.[0-9]+)*$' - - provider: script - script: make test_master - on: - branch: master +before_install: + - docker build -t $(NAME):$(VERSION) --rm image + - env NAME=$(NAME) VERSION=$(VERSION) ./test/runner.sh + +after_success: + - docker login -u "$(DOCKER_USERNAME)" -p "$(DOCKER_PASSWORD)"; + docker push $(NAME):$(VERSION); + +# after_success: +# - if [ "$(TRAVIS_BRANCH)" == "master" ]; then +# docker login -u "$(DOCKER_USERNAME)" -p "$(DOCKER_PASSWORD)"; +# docker tag $(NAME):$(VERSION) $(NAME):latest +# docker push $(NAME):$(VERSION); +# fi From 1bffe76e6a4871a8608d8b85a57c9ccd9e7c1690 Mon Sep 17 00:00:00 2001 From: Travis Rowland Date: Fri, 26 Jan 2018 01:58:22 -0800 Subject: [PATCH 18/23] don't remove image --- .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index bd7de29..5685cff 100644 --- a/.travis.yml +++ b/.travis.yml @@ -10,7 +10,7 @@ env: - VERSION=$(TRAVIS_BRANCH) before_install: - - docker build -t $(NAME):$(VERSION) --rm image + - docker build -t $(NAME):$(VERSION) - env NAME=$(NAME) VERSION=$(VERSION) ./test/runner.sh after_success: From 300b96fb93a0d2bc9ed58b9b170c3f46089a3171 Mon Sep 17 00:00:00 2001 From: Travis Rowland Date: Fri, 26 Jan 2018 02:01:09 -0800 Subject: [PATCH 19/23] build local Dockerfile --- .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 5685cff..2a7ed8b 100644 --- a/.travis.yml +++ b/.travis.yml @@ -10,7 +10,7 @@ env: - VERSION=$(TRAVIS_BRANCH) before_install: - - docker build -t $(NAME):$(VERSION) + - docker build -t $(NAME):$(VERSION) . - env NAME=$(NAME) VERSION=$(VERSION) ./test/runner.sh after_success: From efc5865789691a6ddb08ec2721d6a64e17b3600b Mon Sep 17 00:00:00 2001 From: Travis Rowland Date: Fri, 26 Jan 2018 02:17:56 -0800 Subject: [PATCH 20/23] Was using incorrect variable replacements --- .travis.yml | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/.travis.yml b/.travis.yml index 2a7ed8b..4e0c531 100644 --- a/.travis.yml +++ b/.travis.yml @@ -6,20 +6,20 @@ services: env: global: - NAME=phusion/baseimage - # - VERSION=$(TRAVIS_TAG) - - VERSION=$(TRAVIS_BRANCH) + # - VERSION=${TRAVIS_TAG} + - VERSION=${TRAVIS_BRANCH} before_install: - - docker build -t $(NAME):$(VERSION) . - - env NAME=$(NAME) VERSION=$(VERSION) ./test/runner.sh + - docker build -t ${NAME}:${VERSION} --rm image + - env NAME=${NAME} VERSION=${VERSION} ./test/runner.sh after_success: - - docker login -u "$(DOCKER_USERNAME)" -p "$(DOCKER_PASSWORD)"; - docker push $(NAME):$(VERSION); + - docker login -u "${DOCKER_USERNAME}" -p "${DOCKER_PASSWORD}"; + docker push ${NAME}:${VERSION}; # after_success: -# - if [ "$(TRAVIS_BRANCH)" == "master" ]; then -# docker login -u "$(DOCKER_USERNAME)" -p "$(DOCKER_PASSWORD)"; -# docker tag $(NAME):$(VERSION) $(NAME):latest -# docker push $(NAME):$(VERSION); +# - if [ "${TRAVIS_BRANCH}" == "master" ]; then +# docker login -u "${DOCKER_USERNAME}" -p "${DOCKER_PASSWORD}"; +# docker tag ${NAME}:${VERSION} ${NAME}:latest +# docker push ${NAME}:${VERSION}; # fi From 6b8be06bba19a826fe2aa30f758827ef12fef10e Mon Sep 17 00:00:00 2001 From: Travis Rowland Date: Fri, 26 Jan 2018 02:26:03 -0800 Subject: [PATCH 21/23] GitLab CI is better --- .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 4e0c531..fd1f5a9 100644 --- a/.travis.yml +++ b/.travis.yml @@ -9,7 +9,7 @@ env: # - VERSION=${TRAVIS_TAG} - VERSION=${TRAVIS_BRANCH} -before_install: +script: - docker build -t ${NAME}:${VERSION} --rm image - env NAME=${NAME} VERSION=${VERSION} ./test/runner.sh From e81e664a726c464331893a2c70d47342cb0e0f7c Mon Sep 17 00:00:00 2001 From: Travis Rowland Date: Fri, 26 Jan 2018 02:36:46 -0800 Subject: [PATCH 22/23] Push master as latest --- .travis.yml | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/.travis.yml b/.travis.yml index fd1f5a9..a930eda 100644 --- a/.travis.yml +++ b/.travis.yml @@ -16,10 +16,7 @@ script: after_success: - docker login -u "${DOCKER_USERNAME}" -p "${DOCKER_PASSWORD}"; docker push ${NAME}:${VERSION}; - -# after_success: -# - if [ "${TRAVIS_BRANCH}" == "master" ]; then -# docker login -u "${DOCKER_USERNAME}" -p "${DOCKER_PASSWORD}"; -# docker tag ${NAME}:${VERSION} ${NAME}:latest -# docker push ${NAME}:${VERSION}; -# fi + - if [ "${TRAVIS_BRANCH}" == "master" ]; then + docker tag ${NAME}:${VERSION} ${NAME}:latest + docker push ${NAME}:latest; + fi From adf8fd780558705450ba08f555043a0f721671c1 Mon Sep 17 00:00:00 2001 From: Travis Rowland Date: Fri, 26 Jan 2018 02:51:52 -0800 Subject: [PATCH 23/23] Latest tag not yet necessary --- .travis.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.travis.yml b/.travis.yml index a930eda..09101ce 100644 --- a/.travis.yml +++ b/.travis.yml @@ -16,7 +16,7 @@ script: after_success: - docker login -u "${DOCKER_USERNAME}" -p "${DOCKER_PASSWORD}"; docker push ${NAME}:${VERSION}; - - if [ "${TRAVIS_BRANCH}" == "master" ]; then - docker tag ${NAME}:${VERSION} ${NAME}:latest - docker push ${NAME}:latest; - fi + # - if [ "${TRAVIS_BRANCH}" == "master" ]; then + # docker tag ${NAME}:${VERSION} ${NAME}:latest + # docker push ${NAME}:latest; + # fi