-
Notifications
You must be signed in to change notification settings - Fork 2.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update aerospike 5.7.0.8 #11449
Update aerospike 5.7.0.8 #11449
Conversation
https://download.aerospike.com/download/server/notes.html 1. Based on your excellent feedback from the previous, now Closed, Pull Request (docker-library#11342) we built a release of tini (tini-static), signed it (SHA256) and verified we are downloading what we built in the container. 2. We implemented a feature that allows tini to restart the child process without restarting the container. This allows our database to warm restart / config reload without losing the shared memory index. Implementing this in the database server would be messy at best and not something we want to implement. Although, I could be wrong. 3) We don't deal with all the edge cases of SIGTERMs in our app. This is some of the idiosyncrasies of the container environment. We expect tini to already do this. This is a reason why tini and dumb-init exist. We used dumb-init before this and there were no concerns previously.
Diff for 929b752:diff --git a/_bashbrew-cat b/_bashbrew-cat
index 5287b13..7f39e05 100644
--- a/_bashbrew-cat
+++ b/_bashbrew-cat
@@ -6,4 +6,4 @@ GitCommit: 9316b9e2dca468e2bbed08e12550f5d208447a14
Tags: ee-5.7.0.8
GitRepo: https://github.com/aerospike/aerospike-server-enterprise.docker.git
-GitCommit: 2d11fe93cec1c1adc86968a26b1b8827f61dc81f
+GitCommit: 9c3d341e34497e1e1127c67c5c487eff4b76ed99
diff --git a/aerospike_ee-5.7.0.8/Dockerfile b/aerospike_ee-5.7.0.8/Dockerfile
index 21a7214..fcd635e 100644
--- a/aerospike_ee-5.7.0.8/Dockerfile
+++ b/aerospike_ee-5.7.0.8/Dockerfile
@@ -13,7 +13,12 @@ ENV AEROSPIKE_SHA256 cb3e0c376ae4be9253fa4e44a005599684bf2aec66211fae87edab20b56
RUN \
apt-get update -y \
- && apt-get install -y iproute2 procps dumb-init wget python python3 python3-distutils lua5.2 gettext-base libldap-dev libcurl4-openssl-dev \
+ && apt-get install -y iproute2 procps wget python python3 python3-distutils lua5.2 gettext-base libldap-dev libcurl4-openssl-dev \
+ && wget https://github.com/aerospike/tini/releases/download/1.0.0/tini-static -O /usr/bin/tini-static \
+ && wget https://github.com/aerospike/tini/releases/download/1.0.0/tini-static.sha256sum -O /usr/bin/tini-static.sha256sum \
+ && cd /usr/bin && sha256sum -c /usr/bin/tini-static.sha256sum && cd -\
+ && rm /usr/bin/tini-static.sha256sum \
+ && chmod +x /usr/bin/tini-static \
&& wget "https://www.aerospike.com/enterprise/download/server/${AEROSPIKE_VERSION}/artifact/debian10" -O aerospike-server.tgz \
&& echo "$AEROSPIKE_SHA256 *aerospike-server.tgz" | sha256sum -c - \
&& mkdir aerospike \
@@ -55,9 +59,8 @@ COPY entrypoint.sh /entrypoint.sh
#
EXPOSE 3000 3001 3002
-# Runs as PID 1 /usr/bin/dumb-init -- /my/script --with --args"
-# https://github.com/Yelp/dumb-init
+# Tini init set to restart ASD on SIGUSR1 and terminate ASD on SIGTERM
+ENTRYPOINT ["/usr/bin/tini-static", "-r", "SIGUSR1", "-t", "SIGTERM", "--", "/entrypoint.sh"]
-ENTRYPOINT ["/usr/bin/dumb-init", "--", "/entrypoint.sh"]
# Execute the run script in foreground mode
CMD ["asd"] Relevant Maintainers:
|
From what I can see, signal handling is already in Aerospike's C code, so I am a bit confused what other edge cases or idiosyncrasies of containers you see for PID 1? As far as I understand it, any catchable, blockable, or ignorable signal that would normally kill the process (like "Term" and "Core" dispositions) are instead ignored by default for PID 1, but Aerospike already appears to handle them? Perhaps the Aerospike We are mildly concerned about using a custom fork of
Downloading the sha256sum from the same source as the artifact, doesn't provide the same level of content verification that embedding the checksum in the Dockerfile does. |
Closing... |
https://download.aerospike.com/download/server/notes.html
Based on your excellent feedback from the previous, now Closed, Pull Request (Update aerospike 5.7.0.8 #11342) we built a release of tini (tini-static), signed it (SHA256) and verified we are downloading what we built in the container.
We implemented a feature that allows tini to restart the child process without restarting the container. This allows our database to warm restart / config reload without losing the shared memory index. Implementing this in the database server would be messy at best and not something we want to implement. Although, I could be wrong.