I have just been bitten by a PID file problem in a (Debian) Docker container that is configured as --restart always
Trying to summarize the problem:
- I start the
apache2service in my container. The init service creates a PID file in/var/run/apache2/apache2.pid - I
docker killmy container to simulate an improper shutdown of the host (electrical failure), the service gets ungracefully terminated, hence the PID file is still around. - I start the container again (simulate host reboot), and try to start the
apache2service again. If the PID is reused (another program uses the PID httpd was runing with), then starting the service fails.
To properly start the service, I have to either:
- get lucky and the recycled PID is freed
- manually delete the PID file
Solution 1. is not a solution, obviously.
Solution 2. gets mentioned a lot, but is not a solution IMO because it involves doing that in either my entrypoint, or cmd, for EVERY service that I start in my container. And also have the knowledge that a specific image uses PID files, assumption that might not be true.
I can see a couple enhancements:
/var/runis meant to be either volatile (tmpfs) or cleaned up at OS boot, so I could rm the whole content at container start (already better than removing specific PID files)- Mount
/var/runas tmpfs at container creation so that it gets cleaned up for me at container start
The tmpfs solution seems flawless to me (is it, really?), so I'm wondering if there is a systematic solution to apply it to all my container deployments (docker, docker compose, …), or if there is any drawback in applying it everytime? Because it seems to me as something I'll need to apply to ALL my container deployments, forever, and I don't want to have to do it explicitely, if possible.
tmpfsmount is a fine solution, but I agree with @bxm: you should treat the entire container as ephemeral, and simply start a new container rather than restarting an old one.