Merge pull request #1940 from martin-mat/zombie_sigterm_doc

Adding sig_term_handled and zombie_handled to the docs
cnti-testcatalog · Apr 1, 2024 · 6b412c1 · 6b412c1
2 parents 31d8cd4 + 74b487f
commit 6b412c1
Show file tree

Hide file tree

Showing 3 changed files with 49 additions and 0 deletions.
diff --git a/RATIONALE.md b/RATIONALE.md
@@ -82,6 +82,14 @@ it forces the two services to upgrade in lock step
 
 > There are proper init systems and sophisticated supervisors that can be run inside of a container. Both of these systems properly reap and pass signals. Sophisticated supervisors are considered overkill because they take up too many resources and are sometimes too complicated. Some examples of sophisticated supervisors are: supervisord, monit, and runit. Proper init systems are smaller than sophisticated supervisors and therefore suitable for containers. Some of the proper container init systems are tini, dumb-init, and s6-overlay.
 
+#### *To check if the CNF PID 1 processes handle SIGTERM*: [sigterm_handled](docs/LIST_OF_TESTS.md#sig-term-handled)
+
+> The Linux kernel handles signals differently for the process that has PID 1 than it does for other processes. Signal handlers aren't automatically registered for this process, meaning that signals such as SIGTERM or SIGINT will have no effect by default. By default, one must kill processes by using SIGKILL, preventing any graceful shutdown. Depending on the application, using SIGKILL can result in user-facing errors, interrupted writes (for data stores), or unwanted alerts in a monitoring system.
+
+#### *To check if the CNF PID 1 processes handle zombie processes correctly*: [zombie_handled](docs/LIST_OF_TESTS.md#zombie-handled)
+
+> Classic init systems such as systemd are also used to remove (reap) orphaned, zombie processes. Orphaned processes — processes whose parents have died - are reattached to the process that has PID 1, which should reap them when they die. A normal init system does that. But in a container, this responsibility falls on whatever process has PID 1. If that process doesn't properly handle the reaping, you risk running out of memory or some other resources.
+
 ## State Tests
 
 #### If infrastructure is immutable, it is easily reproduced, consistent, disposable, will have a repeatable deployment process, and will not have configuration or artifacts that are modifiable in place.  This ensures that all *configuration* is stateless.  Any [*data* that is persistent](https://vmblog.com/archive/2022/05/16/stateful-cnfs.aspx) should be managed by K8s statefulsets.

diff --git a/USAGE.md b/USAGE.md
@@ -491,6 +491,33 @@ Make sure that your CNFs containers are not sharing the same [database](https://
 
 Use init systems that are purpose-built for containers like tini, dumb-init, s6-overlay.
 
+## [Sigterm Handled](docs/LIST_OF_TESTS.md#sig-term-handled)
+
+##### To run the Sigterm Handled test, you can use the following command:
+
+```
+./cnf-testsuite sig_term_handled
+```
+
+<b>Remediation for failing this test:</b>
+
+Make the PID 1 container process to handle SIGTERM; enable process namespace sharing in Kubernetes or use specialized Init system.
+</b>
+
+## [Zombie Handled](docs/LIST_OF_TESTS.md#zombie-handled)
+
+##### To run the Zombie Handled test, you can use the following command:
+
+```
+./cnf-testsuite zombie_handled
+```
+
+<b>Remediation for failing this test:</b>
+
+Make the PID 1 container process to handle/reap zombie processes; enable process namespace sharing in Kubernetes or use specialized Init system.
+</b>
+
+
 # State Tests
 
 ##### To run all of the state tests:

diff --git a/docs/LIST_OF_TESTS.md b/docs/LIST_OF_TESTS.md
@@ -209,6 +209,20 @@ You can read more about horizonal pod autoscaling to create replicas [here](http
 
 [**Rationale & Reasoning**](../RATIONALE.md#to-check-if-the-cnf-uses-a-shared-database-shared_database)
 
+## [Sigterm Handled](https://github.com/cnti-testcatalog/testsuite/blob/v0.46.0/src/tasks/workload/microservice.cr#L500)
+- Expectation: Sigterm is handled by PID 1 process of containers.
+
+**What's tested:** This tests if the PID 1 process of containers handles SIGTERM.
+
+[**Rationale & Reasoning**](../RATIONALE.md#to_check_if_the_cnf_pid_1_processes_handle_sigterm)
+
+## [Zombie Handled](https://github.com/cnti-testcatalog/testsuite/blob/v0.46.0/src/tasks/workload/microservice.cr#L436)
+- Expectation: Zombie processes are handled/reaped by PID 1 process of containers.
+
+**What's tested:** This tests if the PID 1 process of containers handles/reaps zombie processes.
+
+[**Rationale & Reasoning**](../RATIONALE.md#to_check_if_zombie_processes_are_handled_correctly)
+
 # State Category
 
 ## [Node drain](https://github.com/cnti-testcatalog/testsuite/blob/v0.27.0/src/tasks/workload/state.cr#L209)