CLOSES #695: Adds feature to self-destruct a container.

.env.example

@@ -1,3 +1,5 @@
+ENABLE_REAPER=false
+REAPER_TIMEOUT=0
 SSH_AUTHORIZED_KEYS=
 SSH_CHROOT_DIRECTORY=%h
 SSH_INHERIT_ENVIRONMENT=false

CHANGELOG.md

@@ -31,6 +31,9 @@ Summary of release changes.
 - Adds exec proxy function to `sshd-wrapper` used to pass through nice.
 - Adds double quotes around value containing spaces.
 - Adds `/docs` directory for supplementary documentation and simplify README.
+- Adds feature to optionally exit the container after a specified timout period.
+- Adds `ENABLE_REAPER` with a default value of `false` to enable the `reaper` service.
+- Adds `REAPER_TIMEOUT` with a default value of `0` seconds (i.e no timeout delay).
 - Fixes validation failure of 0 second --timeout value in `test/health_status`.
 - Removes `ENABLE_SSHD_BOOTSTRAP` from docker-compose example configuration.
 - Removes `ENABLE_SSHD_WRAPPER` from docker-compose example configuration.

Dockerfile

@@ -32,6 +32,7 @@ RUN rpm --rebuilddb \
 		openssl-1.0.2k-19.el7 \
 		python-setuptools-0.9.8-7.el7 \
 		sudo-1.8.23-4.el7 \
+		sysvinit-tools-2.88-14.dsf.el7 \
 		yum-plugin-versionlock-1.1.31-52.el7 \
 	&& yum versionlock add \
 		inotify-tools \
@@ -40,6 +41,7 @@ RUN rpm --rebuilddb \
 		openssh-clients \
 		python-setuptools \
 		sudo \
+		sysvinit-tools \
 		yum-plugin-versionlock \
 	&& yum clean all \
 	&& easy_install \
@@ -88,17 +90,19 @@ RUN ln -sf \
 	&& chmod 644 \
 		/etc/{supervisord.conf,supervisord.d/{20-sshd-bootstrap,50-sshd-wrapper}.conf} \
 	&& chmod 700 \
-		/usr/{bin/healthcheck,sbin/{scmi,sshd-{bootstrap,wrapper},system-{timezone,timezone-wrapper}}}
+		/usr/{bin/healthcheck,sbin/{reaper,scmi,sshd-{bootstrap,wrapper},system-{timezone,timezone-wrapper}}}
 
 EXPOSE 22
 
 # ------------------------------------------------------------------------------
 # Set default environment variables
 # ------------------------------------------------------------------------------
 ENV \
+	ENABLE_REAPER="false" \
 	ENABLE_SSHD_BOOTSTRAP="true" \
 	ENABLE_SSHD_WRAPPER="true" \
 	ENABLE_SUPERVISOR_STDOUT="false" \
+	REAPER_TIMEOUT="0" \
 	SSH_AUTHORIZED_KEYS="" \
 	SSH_CHROOT_DIRECTORY="%h" \
 	SSH_INHERIT_ENVIRONMENT="false" \

default.mk

@@ -41,9 +41,11 @@ DOCKER_PUBLISH := $(shell \
 define DOCKER_CONTAINER_PARAMETERS
 --name $(DOCKER_NAME) \
 --restart $(DOCKER_RESTART_POLICY) \
+--env "ENABLE_REAPER=$(ENABLE_REAPER)" \
 --env "ENABLE_SSHD_BOOTSTRAP=$(ENABLE_SSHD_BOOTSTRAP)" \
 --env "ENABLE_SSHD_WRAPPER=$(ENABLE_SSHD_WRAPPER)" \
 --env "ENABLE_SUPERVISOR_STDOUT=$(ENABLE_SUPERVISOR_STDOUT)" \
+--env "REAPER_TIMEOUT=$(REAPER_TIMEOUT)" \
 --env "SSH_AUTHORIZED_KEYS=$(SSH_AUTHORIZED_KEYS)" \
 --env "SSH_CHROOT_DIRECTORY=$(SSH_CHROOT_DIRECTORY)" \
 --env "SSH_INHERIT_ENVIRONMENT=$(SSH_INHERIT_ENVIRONMENT)" \

docker-compose.yml

@@ -28,6 +28,8 @@ services:
       context: "."
       dockerfile: "Dockerfile"
     environment:
+      ENABLE_REAPER: "${ENABLE_REAPER}"
+      REAPER_TIMEOUT: "${REAPER_TIMEOUT}"
       SSH_AUTHORIZED_KEYS: "${SSH_AUTHORIZED_KEYS}"
       SSH_CHROOT_DIRECTORY: "${SSH_CHROOT_DIRECTORY}"
       SSH_INHERIT_ENVIRONMENT: "${SSH_INHERIT_ENVIRONMENT}"

environment.mk

@@ -23,9 +23,11 @@ STARTUP_TIME ?= 2
 # ------------------------------------------------------------------------------
 # Application container configuration
 # ------------------------------------------------------------------------------
+ENABLE_REAPER ?= false
 ENABLE_SSHD_BOOTSTRAP ?= true
 ENABLE_SSHD_WRAPPER ?= true
 ENABLE_SUPERVISOR_STDOUT ?= false
+REAPER_TIMEOUT ?= 0
 SSH_AUTHORIZED_KEYS ?=
 SSH_CHROOT_DIRECTORY ?= %h
 SSH_INHERIT_ENVIRONMENT ?= false

src/etc/supervisord.d/00-reaper.conf

@@ -0,0 +1,10 @@
+[program:reaper]
+autorestart = false
+autostart = %(ENV_ENABLE_REAPER)s
+command = /usr/sbin/reaper --monochrome --verbose --timeout %(ENV_REAPER_TIMEOUT)s --wall-timeout 30 --wall="Session expiring in 30 seconds."
+priority = 1
+startsecs = 0
+stderr_logfile = /dev/stderr
+stderr_logfile_maxbytes = 0
+stdout_logfile = /dev/stdout
+stdout_logfile_maxbytes = 0

src/etc/systemd/system/centos-ssh@.service

@@ -56,9 +56,11 @@ Environment="DOCKER_IMAGE_PACKAGE_PATH=/var/opt/scmi/packages"
 Environment="DOCKER_IMAGE_TAG={{RELEASE_VERSION}}"
 Environment="DOCKER_PORT_MAP_TCP_22=2020"
 Environment="DOCKER_USER=jdeathe"
+Environment="ENABLE_REAPER=false"
 Environment="ENABLE_SSHD_BOOTSTRAP=true"
 Environment="ENABLE_SSHD_WRAPPER=true"
 Environment="ENABLE_SUPERVISOR_STDOUT=false"
+Environment="REAPER_TIMEOUT=0"
 Environment="SSH_AUTHORIZED_KEYS="
 Environment="SSH_CHROOT_DIRECTORY=%%h"
 Environment="SSH_INHERIT_ENVIRONMENT=false"
@@ -129,9 +131,11 @@ ExecStartPre=-/bin/bash -c \
 ExecStart=/bin/bash -c \
   "exec /usr/bin/docker run \
     --name %p.%i \
+    --env \"ENABLE_REAPER=${ENABLE_REAPER}\" \
     --env \"ENABLE_SSHD_BOOTSTRAP=${ENABLE_SSHD_BOOTSTRAP}\" \
     --env \"ENABLE_SSHD_WRAPPER=${ENABLE_SSHD_WRAPPER}\" \
     --env \"ENABLE_SUPERVISOR_STDOUT=${ENABLE_SUPERVISOR_STDOUT}\" \
+    --env \"REAPER_TIMEOUT=${REAPER_TIMEOUT}\" \
     --env \"SSH_AUTHORIZED_KEYS=${SSH_AUTHORIZED_KEYS}\" \
     --env \"SSH_CHROOT_DIRECTORY=${SSH_CHROOT_DIRECTORY}\" \
     --env \"SSH_INHERIT_ENVIRONMENT=${SSH_INHERIT_ENVIRONMENT}\" \

src/opt/scmi/default.sh

@@ -46,9 +46,11 @@ fi
 # Common parameters of create and run targets
 DOCKER_CONTAINER_PARAMETERS="--name ${DOCKER_NAME} \
 --restart ${DOCKER_RESTART_POLICY} \
+--env \"ENABLE_REAPER=${ENABLE_REAPER}\" \
 --env \"ENABLE_SSHD_BOOTSTRAP=${ENABLE_SSHD_BOOTSTRAP}\" \
 --env \"ENABLE_SSHD_WRAPPER=${ENABLE_SSHD_WRAPPER}\" \
 --env \"ENABLE_SUPERVISOR_STDOUT=${ENABLE_SUPERVISOR_STDOUT}\" \
+--env \"REAPER_TIMEOUT=${REAPER_TIMEOUT}\" \
 --env \"SSH_AUTHORIZED_KEYS=${SSH_AUTHORIZED_KEYS}\" \
 --env \"SSH_CHROOT_DIRECTORY=${SSH_CHROOT_DIRECTORY}\" \
 --env \"SSH_INHERIT_ENVIRONMENT=${SSH_INHERIT_ENVIRONMENT}\" \

src/opt/scmi/environment.sh

@@ -24,9 +24,11 @@ STARTUP_TIME="${STARTUP_TIME:-2}"
 # ------------------------------------------------------------------------------
 # Application container configuration
 # ------------------------------------------------------------------------------
+ENABLE_REAPER="${ENABLE_REAPER:-false}"
 ENABLE_SSHD_BOOTSTRAP="${ENABLE_SSHD_BOOTSTRAP:-true}"
 ENABLE_SSHD_WRAPPER="${ENABLE_SSHD_WRAPPER:-true}"
 ENABLE_SUPERVISOR_STDOUT="${ENABLE_SUPERVISOR_STDOUT:-false}"
+REAPER_TIMEOUT="${REAPER_TIMEOUT:-0}"
 SSH_AUTHORIZED_KEYS="${SSH_AUTHORIZED_KEYS:-}"
 SSH_CHROOT_DIRECTORY="${SSH_CHROOT_DIRECTORY:-%h}"
 SSH_INHERIT_ENVIRONMENT="${SSH_INHERIT_ENVIRONMENT:-false}"

src/opt/scmi/service-unit.sh

@@ -6,9 +6,11 @@ readonly SERVICE_UNIT_ENVIRONMENT_KEYS="
  DOCKER_IMAGE_PACKAGE_PATH
  DOCKER_IMAGE_TAG
  DOCKER_PORT_MAP_TCP_22
+ ENABLE_REAPER
  ENABLE_SSHD_BOOTSTRAP
  ENABLE_SSHD_WRAPPER
  ENABLE_SUPERVISOR_STDOUT
+ REAPER_TIMEOUT
  SSH_AUTHORIZED_KEYS
  SSH_CHROOT_DIRECTORY
  SSH_INHERIT_ENVIRONMENT