Skip to content

Issue 521 restart policy #522

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Jul 7, 2023
Merged

Issue 521 restart policy #522

merged 4 commits into from
Jul 7, 2023

Conversation

@andreagalle
Copy link
Contributor

This fix double check for both the:

  • container MaximumRetryCount
  • service MaxAttempts

properties to be equal to 5.

Thus, fixing the #521 issue. The fix has been succesfully tested.

@andreagalle andreagalle mentioned this pull request Apr 12, 2023
Closed
@konstruktoid konstruktoid self-assigned this Apr 14, 2023
@konstruktoid
Copy link
Collaborator

Thanks!
I'll have a look as soon as possible

konstruktoid
konstruktoid requested changes Apr 25, 2023
View reviewed changes
andreagalle
andreagalle commented Apr 26, 2023
View reviewed changes
Copy link
Contributor Author

@andreagalle andreagalle left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Now it should work as expected. I tried it out with: ./docker-bench-security.sh -c check_5_14

@konstruktoid
Copy link
Collaborator

I believe you just removed the original basic functionality :)
Test without a swarm node as well.

@andreagalle
Copy link
Contributor Author

andreagalle commented Apr 27, 2023
edited
Loading

I believe you just removed the original basic functionality :) Test without a swarm node as well.

You mean the plain check on Docker containers or rather the one on Docker services, without a swarm node?
Could you better detail which test do you expect to be failing? (to replicate it)

@konstruktoid
Copy link
Collaborator

The plain check on Docker containers, and the test should fail when the 'on-failure' container restart policy is not set to '5'.

@andreagalle
Copy link
Contributor Author

Indeed it works.

I mean, starting from the following Dockerfile

FROM alpine:latest
CMD sh -c "ping localhost"

I built a Docker image on it

docker build . -t work-image:latest

and ran a couples tests with --restart=on-failure:4 set to 4:

docker run -d --name=my-work-test --restart=on-failure:4 work-image:latest
./docker-bench-security.sh -c check_5_14

resulting in the warning below, as expected

[WARN] 5.14 - Ensure that the 'on-failure' container restart policy is set to '5' (Automated)
[WARN]       * MaximumRetryCount is not set to 5: my-work-test

and with --restart=on-failure:5 set to 5, with no [WARN] here.

@andreagalle
Copy link
Contributor Author

The only issue is that in both cases (MaximumRetryCount and MaxAttempts) the container/service parameter is not 5 the warning message is alway the same as above. Although this is a minor issue, would you like to diversify them?

@konstruktoid
Copy link
Collaborator

So sorry, I've must have misread the code.
Works great with and without swarm mode.

@konstruktoid
Copy link
Collaborator

The only issue is that in both cases (MaximumRetryCount and MaxAttempts) the container/service parameter is not 5 the warning message is alway the same as above. Although this is a minor issue, would you like to diversify them?

No need to diversify unless you want to, I believe the message is understandable

@konstruktoid konstruktoid merged commit d9f1d02 into docker:master Jul 7, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@konstruktoid konstruktoid konstruktoid approved these changes

Assignees

@konstruktoid konstruktoid

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@andreagalle @konstruktoid