Reuse inherited image's CMD or ENTRYPOINT

How can I include my own shell script CMD on container start/restart/attach, without removing the CMD used by an inherited image?

I am using this, which does execute my script fine, but appears to overwrite the PHP CMD:

FROM php

COPY start.sh /usr/local/bin

CMD ["/usr/local/bin/start.sh"]

What should I do differently? I am avoiding the prospect of copy/pasting the ENTRYPOINT or CMD of the parent image, and maybe that's not a good approach.


Solution 1:

As mentioned in the comments, there's no built-in solution to this. From the Dockerfile, you can't see the value of the current CMD or ENTRYPOINT. Having a run-parts solution is nice if you control the upstream base image and include this code there, allowing downstream components to make their changes. But docker there's one inherent issue that will cause problems with this, containers should only run a single command that needs to run in the foreground. So if the upstream image kicks off, it would stay running without giving your later steps a chance to run, so you're left with complexities to determine the order to run commands to ensure that a single command does eventually run without exiting.

My personal preference is a much simpler and hardcoded option, to add my own command or entrypoint, and make the last step of my command to exec the upstream command. You will still need to manually identify the script name to call from the upstream Dockerfile. But now in your start.sh, you would have:

#!/bin/sh

# run various pieces of initialization code here
# ...

# kick off the upstream command:
exec /upstream-entrypoint.sh "$@"

By using an exec call, you transfer pid 1 to the upstream entrypoint so that signals get handled correctly. And the trailing "$@" passes through any command line arguments. You can use set to adjust the value of $@ if there are some args you want to process and extract in your own start.sh script.

Solution 2:

If the base image is not yours, you unfortunately have to call the parent command manually.

If you own the parent image, you can try what the people at camptocamp suggest here.

They basically use a generic script as an entry point that calls run-parts on a directory. What that does is run all scripts in that directory in lexicographic order. So when you extend an image, you just have to put your new scripts in that same folder.

However, that means you'll have to maintain order by prefixing your scripts which could potentially get out of hand. (Imagine the parent image decides to add a new script later...).

Anyway, that could work.

Update #1

There is a long discussion on this docker compose issue about provisioning after container run. One suggestion is to wrap you docker run or compose command in a shell script and then run docker exec on your other commands.

If you'd like to use that approach, you basically keep the parent CMD as the run command and you place yours as a docker exec after your docker run.

Solution 3:

Using mysql image as an example

Do docker inspect mysql/mysql-server:5.7 and see that:

  • Config.Cmd="mysqld"
  • Config.Entrypoint="/entrypoint.sh"

which we put in bootstrap.sh (remeber to chmod a+x):

#!/bin/bash

echo $HOSTNAME
echo "Start my initialization script..."

# docker inspect results used here
/entrypoint.sh mysqld

Dockerfile is now:

FROM mysql/mysql-server:5.7
# put our script inside the image
ADD bootstrap.sh /etc/bootstrap.sh
# set to run our script
ENTRYPOINT ["/bin/sh","-c"]
CMD ["/etc/bootstrap.sh"]

Build and run our new image:

  • docker build --rm -t sidazhou/tmp-mysql:5.7 .
  • docker run -it --rm sidazhou/tmp-mysql:5.7

Outputs:

6f5be7c6d587
Start my initialization script...
[Entrypoint] MySQL Docker Image 5.7.28-1.1.13
[Entrypoint] No password option specified for new database.
...
...

You'll see this has the same output as the original image:

docker run -it --rm mysql/mysql-server:5.7

[Entrypoint] MySQL Docker Image 5.7.28-1.1.13
[Entrypoint] No password option specified for new database.
...
...