From 7b9ae7a92af14330b9c90129118a5c20f06604d4 Mon Sep 17 00:00:00 2001 From: Javier Munoz Date: Fri, 12 Jun 2026 15:15:04 -0400 Subject: [PATCH] Fix container signal handling so the JVM receives SIGTERM for clean shutdown The Docker entrypoint used the shell form, so PID 1 was /bin/sh and SIGTERM from 'docker stop' (or a Kubernetes pod termination) never reached the Java process. The JVM's registered shutdown hook never ran, modules were not stopped cleanly, and every stop ended with SIGKILL after the full grace period (10s default). Changes: - Dockerfile: use exec-form ENTRYPOINT (also fixes the JSONArgsRecommended build check warning) - start-container.sh: exec the startup script instead of forking it - start-openas2.sh: exec java in foreground (non-daemon) mode so the JVM is the final process in the chain; daemon mode is unchanged Verified on the 4.8.2 image: before, 'docker stop' took 10.2s and ended in SIGKILL with no shutdown logs; after, java runs as PID 1, stop completes in ~0.2s and logs show all modules stopped and 'OpenAS2 has shut down'. --- Dockerfile | 2 +- Server/src/bin/start-openas2.sh | 5 +++-- start-container.sh | 4 ++-- 3 files changed, 6 insertions(+), 5 deletions(-) diff --git a/Dockerfile b/Dockerfile index 56088dee..97d71f1f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -28,4 +28,4 @@ COPY --from=builder /usr/src/openas2/Runtime/resources ${OPENAS2_BASE}/resources COPY --from=builder /usr/src/openas2/Runtime/config_template ${OPENAS2_HOME}/config_template RUN mkdir ${OPENAS2_BASE}/config WORKDIR $OPENAS2_HOME -ENTRYPOINT ${OPENAS2_BASE}/bin/start-container.sh \ No newline at end of file +ENTRYPOINT ["/opt/openas2/bin/start-container.sh"] \ No newline at end of file diff --git a/Server/src/bin/start-openas2.sh b/Server/src/bin/start-openas2.sh index c24230e8..c8c4ba14 100755 --- a/Server/src/bin/start-openas2.sh +++ b/Server/src/bin/start-openas2.sh @@ -94,7 +94,8 @@ if [ "true" = "$OPENAS2_AS_DAEMON" ]; then echo $PID > $OPENAS2_PID fi else - ${CMD} - RETVAL="$?" + # Replace the shell with the java process so it receives signals directly + # (required for clean shutdown when running as PID 1 in a container) + exec ${CMD} fi exit $RETVAL diff --git a/start-container.sh b/start-container.sh index aa5981ac..c43f4b2a 100644 --- a/start-container.sh +++ b/start-container.sh @@ -49,5 +49,5 @@ if [ ! -e $OPENAS2_PROPERTIES_FILE ] done fi -# Start OpenAS2 in foreground -$(dirname $0)/start-openas2.sh +# Start OpenAS2 in foreground, replacing this shell so signals reach the JVM +exec $(dirname $0)/start-openas2.sh