[ 
https://issues.apache.org/jira/browse/NIFI-5247?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16498283#comment-16498283
 ] 

ASF subversion and git services commented on NIFI-5247:
-------------------------------------------------------

Commit caa71fce9260ed717d501bd962a6a26ae61c25ea in nifi's branch 
refs/heads/master from [~pepov]
[ https://git-wip-us.apache.org/repos/asf?p=nifi.git;h=caa71fc ]

NIFI-5247 nifi-toolkit bash entry points should leverage exec to replace bash 
with the current java process in order to handle signals properly in docker.
 - Also add bash, openssl, jq to make certificate request operations easier
 - Move project.version to the build config from the Dockerfile, use target/ 
folder for the build dependency
 - Docker integration tests for checking exit codes and tls-toolkit basic 
server-client interaction

This closes #2746.


> NiFi toolkit signal handling changes, Dockerfile enhancements
> -------------------------------------------------------------
>
>                 Key: NIFI-5247
>                 URL: https://issues.apache.org/jira/browse/NIFI-5247
>             Project: Apache NiFi
>          Issue Type: Improvement
>          Components: Docker, Tools and Build
>    Affects Versions: 1.6.0, 1.7.0
>            Reporter: Peter Wilcsinszky
>            Priority: Minor
>
> 1. Signal handling issues
> In order for processes to handle signals properly in Docker we have to 
> implement explicit signal handling for the first process in the container. In 
> the case of the NiFi toolkit the easiest solution is to replace the bash 
> shell with the Java process and let it handle the signal using the exec 
> system call. More detailed explanation of the issue: 
> [http://veithen.github.io/2014/11/16/sigterm-propagation.html]
> Relevant issues: NIFI-3505 and NIFI-2689 that already added exec to the run 
> invocation of the nifi.sh start script.
> This changes makes stopping containers fast and graceful.
> 2. TLS toolkit commands and basic tooling in the container
> In order to be able to request certificates from a running CA server instance 
> some tooling is needed inside the container. These tools are openssl for 
> checking ssl certificates and endpoints, and jq for config.json processing. A 
> complete use case is available in the following NiFi helm chart: 
> [https://github.com/pepov/apache-nifi-helm/blob/master/templates/statefulset.yaml#L75]
>  
>  
>  



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to