Docker Community Forums

Share and learn in the Docker community.

Starting two application after container is started

General Discussions
#1

Hello guys,
would you be able to tell me what I’m doing wrong in this approach?
I’m trying to use script that should take care of starting two daemons (OpenVPN and statping).

Dockerfile:

FROM statping/statping:latest
 RUN apk add --no-cache openvpn openrc \
 RUN mkdir -p /dev/net \
 && mknod /dev/net/tun c 10 200 \
 && chmod 666 /dev/net/tun \
 && rm -rf /var/cache/apk/*

 COPY monitoring.ovpn /etc/openvpn/
 COPY exec.sh /root/
 RUN chmod 755 /root/exec.sh

 ENTRYPOINT ["/root/exec.sh"]

Content of exec.sh file (it should start OpenVPN and Statping daemons):

#!/bin/sh -x
set -m
/usr/sbin/openvpn /etc/openvpn/monitoring.ovpn &
/usr/local/bin/statping

Then building the new image:

# docker build --no-cache --tag statping_vpn .
Sending build context to Docker daemon   7.41MB
Step 1/7 : FROM statping/statping:latest
 ---> fe159e7795ae
Step 2/7 : RUN apk add --no-cache openvpn openrc
 ---> Running in 28ae31766c51
fetch http://dl-cdn.alpinelinux.org/alpine/v3.12/main/x86_64/APKINDEX.tar.gz
fetch http://dl-cdn.alpinelinux.org/alpine/v3.12/community/x86_64/APKINDEX.tar.gz
(1/13) Installing openrc (0.42.1-r12)
Executing openrc-0.42.1-r12.post-install
(2/13) Installing libbz2 (1.0.8-r1)
(3/13) Installing fts (1.2.7-r1)
(4/13) Installing xz-libs (5.2.5-r0)
(5/13) Installing libelf (0.179-r0)
(6/13) Installing libmnl (1.0.4-r0)
(7/13) Installing libnftnl-libs (1.1.6-r0)
(8/13) Installing iptables (1.8.4-r2)
(9/13) Installing iptables-openrc (1.8.4-r2)
(10/13) Installing iproute2 (5.6.0-r0)
Executing iproute2-5.6.0-r0.post-install
(11/13) Installing lzo (2.10-r2)
(12/13) Installing openvpn (2.4.11-r0)
Executing openvpn-2.4.11-r0.pre-install
(13/13) Installing openvpn-openrc (2.4.11-r0)
Executing busybox-1.31.1-r19.trigger
OK: 18 MiB in 35 packages
Removing intermediate container 28ae31766c51
 ---> 8554d92a7580
Step 3/7 : RUN mkdir -p /dev/net  && mknod /dev/net/tun c 10 200  && chmod 666 /dev/net/tun  && rm -rf /var/cache/apk/*
 ---> Running in 6a1f54ccdec4
Removing intermediate container 6a1f54ccdec4
 ---> 9b60601cd117
Step 4/7 : COPY monitoring.ovpn /etc/openvpn/
 ---> fc4c026a0951
Step 5/7 : COPY exec.sh /root/
 ---> 6d2210624a82
Step 6/7 : RUN chmod 755 /root/exec.sh
 ---> Running in ce2a455524f5
Removing intermediate container ce2a455524f5
 ---> 0f0bad1d8f90
Step 7/7 : ENTRYPOINT ["/root/exec.sh"]
 ---> Running in 9eca26d51084
Removing intermediate container 9eca26d51084
 ---> f14ac0995f73
Successfully built f14ac0995f73
Successfully tagged statping_vpn:latest

When I try to run image:

# docker run -d --cap-add=NET_ADMIN --device=/dev/net/tun statping_vpn
67f84b2fcde05475b4dcfd14349b839e2ea775aa6044187a665d844f1e871f30

# docker ps -a | grep statping_vpn
67f84b2fcde0        statping_vpn                "/root/exec.sh"          2 minutes ago       Exited (0) 2 minutes ago                                gifted_panini

Is there something wrong with this approach how to start multiple applications?

Many thanks,
Stan

#2

Good morning Stan,

it is possible to run two commands within a container - and it should work the way you have tried.
But there is a caveat. A container ends/terminates as soon as the command itself ends (or the /root/exec.sh is not executable at all). So if your /usr/local/bin/statping ends the whole container ends/terminates even if there is a process running in the background.
The other way round it might also be a problem: if the background-process (/usr/sbin/openvpn in this case) ends the container is still running and Docker doesn’t get any clue that there might be a problem (and that the container needs to be restarted). To avoid this second problem you could either add some healthcheck (see Compose file version 3 reference | Docker Documentation) or put the two commands into separate containers.

Maybe docker logs <containername|containerid> prints some helpful information why the container has ended?

#3

Hello Matthias and many thanks for your valuable advises.
It indeed looks like some problem with starting the OpenVPN service.

When I removed command for starting the OpenVPN daemon and kept just statping, container started without any problem.

Unfortunately docker logs doesn’t give any clue, so I logged into running container and started OpenVPN manually and what is coming to my mind if errors visible in OpenVPN log (Which can be normally harmless) can stop the container starting process

app # /usr/sbin/openvpn /etc/openvpn/monitoring.ovpn
Sat Aug  7 18:28:26 2021 OpenVPN 2.4.11 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on May  4 2021
Sat Aug  7 18:28:26 2021 library versions: OpenSSL 1.1.1i  8 Dec 2020, LZO 2.10
Sat Aug  7 18:28:26 2021 TCP/UDP: Preserving recently used remote address: [AF_INET]XX.XX.XX.XX:1194
Sat Aug  7 18:28:26 2021 UDP link local: (not bound)
Sat Aug  7 18:28:26 2021 UDP link remote: [AF_INET]XX.XX.XX.XX:1194
**Sat Aug  7 18:28:26 2021 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1541', remote='link-mtu 1542'**
**Sat Aug  7 18:28:26 2021 WARNING: 'comp-lzo' is present in remote config but missing in local config, remote='comp-lzo'**
Sat Aug  7 18:28:26 2021 [pikachu.vokac.biz] Peer Connection Initiated with [AF_INET]XX.XX.XX.XX:1194
**Sat Aug  7 18:28:27 2021 Options error: Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:1: block-outside-dns (2.4.11)**
**Sat Aug  7 18:28:27 2021 WARNING: Since you are using --dev tun with a point-to-point topology, the second argument to --ifconfig must be an IP address.  You are using something (XX.XX.XX.XX) that looks more like a netmask. (silence this warning with --ifconfig-nowarn)**
Sat Aug  7 18:28:27 2021 TUN/TAP device tun0 opened
Sat Aug  7 18:28:27 2021 /sbin/ip link set dev tun0 up mtu 1500
Sat Aug  7 18:28:27 2021 /sbin/ip addr add dev tun0 local XX.XX.XX.XX peer XX.XX.XX.XX
Sat Aug  7 18:28:27 2021 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Sat Aug  7 18:28:27 2021 Initialization Sequence Completed

I did a lot of modifications in startup scripts (swapping the order of commands, tried all possible redirections, nohup, but so far no progress.

Do you have any advice, how to make start of container more verbose, so I can see what openvpn daemon (if startup process is reaching it) is doing?

Many thanks,
Stan