[BUG] OpenSearch container does not allow for graceful termination #3229
Comments
shikharbhardwaj
added
bug
|
@dblock -- taking another look at the Dockerfile, I believe it is generated from this file in the opensearch-build project. Do you think that project would be the better place to move this issue? |
|
Hi @shikharbhardwaj we would love to work with you to improve our docker image. Thanks. |
|
Hi @shikharbhardwaj, if you dont mind, we would like to invite you to open a PR if you have any solutions. Thanks! |
|
@peterzhuamazon sounds good, I will raise a PR for this. |
|
Hello @peterzhuamazon, raised a PR for fixing this issue here: #3320 |
|
Added review, sorry for the delay on this @shikharbhardwaj . Thanks. |
|
@peterzhuamazon commenting so you can assign me |
|
I was able to gracefully terminate using Tini as described above only with the path being '/bin/tini". Using the relative path "./tini" gives the error:
|
|
Thanks @chawinphat and @peterzhuamazon ! |
|
Hi @shikharbhardwaj we have solved this by using the exec command in the docker entrypoint file. If the command in line 101 is started using the exec command the opensearch process will run with PID 1 and the TERM signal will be sent to this process. |
Hi @239487230597507 would you willing to share your changes? This issue has been opened for a while and we would like to resolve it soon. Thanks 😄 |
|
Any updates here? It happened already for the 2nd time that our opensearch got corrupted because the container got killed by Kubernetes (probably duing some write-operation) after the termination grace period was exceeded. Since the author of the PR hasn't commented in almost over a year, should we open a new PR based on his branch or do you want to go with the approach by @239487230597507 ? |
|
@cinimins @peterzhuamazon I will try to create a PR. Unfortunately I am a complete Github noob so it might take a couple of days. :D |
Let me know if you need any help with that! :) |
|
To anyone who is finding this thread like myself, for the current workaround, I am using the --init option on Docker 1.13+ which uses tini and is part of https://github.com/krallin/tini. Example from my compose file: opensearch:
image: opensearchproject/opensearch:latest
init: true |
This puts the process under the control of a process manager (`tini` specifically) so it can handle signals better. cf. opensearch-project/opensearch-build#3229 (comment)
Describe the bug
OpenSearch container does not do a graceful shutdown when a termination signal (SIGTERM/SIGINT) is sent.
This issue was discovered when running the official docker image within Kubernetes, where a rollout would cause the container to be terminated forcefully after
terminationGracePeriodSecondsinstead of catching theSIGTERMsignal sent and shutting down cleanly.This could be fixed by using a proper init process (like
tini) as PID 1 instead of a shell, which would register signal handlers for these termination signals and allow for graceful termination. An example for this change is in the gist below.Resources with more details on this issue:
To Reproduce
Steps to reproduce the behavior:
SIGTERMorSIGINTto the container and it will not terminate.Gist here with more detailed reproduction/remediation steps: OpenSearch container termination signal handling
Expected behavior
The container should listen for these termination signals and shutdown gracefully.
Plugins
N/A
Host/Environment (please complete the following information):
Additional context
Add any other context about the problem here.
The text was updated successfully, but these errors were encountered: