Docker

Docker and nftables

You either run Debian and everything's fine, or you can follow the Archlinux wiki: wiki.archlinux.org/index.php/nftables Or maybe you care for an adventure? stephank.nl

Starting multiple processes

When starting multiple processes inside your docker-container you might be tempted to do something like this:

#!/usr/bin/env sh
./service1 &
./service2 &
./service3

Note the &, this ensures that services 1 and 2 start in the background and only service 3 in the foreground, effectively running multiple processes in parallel.

The only downside is, that shutdown behaviour is now pretty goofy, because signlas are not correctly sent to the services. Ever pressed ctrl-c on multiple containers started with docker-compose? Containers started like this will hang a few seconds until docker tries to kill them (or you press ctrl-c a second time).

With the following script the relevant signal (SIGTERM) is sent to every process.

#!/usr/bin/env sh

pids=""

run_prog() {
    "$@" &
    pids="$! $pids"
}

trap_sig() {
    printf '%s' "$pids" | while IFS= read -r pid; do
        echo "pid=$pid"
        kill -s $1 $pid
    done
}

trap 'trap_sig TERM' SIGTERM

run_prog ./service1
run_prog ./service2
run_prog ./service3
wait $pids

This way all processes get the SIGTERM signal sent to them.