Skip to content

Fix: Container entrypoint and health check issues in Project 03 #4

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
w7-mgfcode wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Fix: Container entrypoint and health check issues in Project 03 #4

w7-mgfcode wants to merge 2 commits into from

Conversation

@w7-mgfcode
Copy link
Owner

@w7-mgfcode w7-mgfcode commented Nov 30, 2025
edited by coderabbitai bot
Loading

Summary

Fixed critical container restart loop issues in Project 03 Infrastructure Automation Toolkit. All containers now start successfully and pass health checks.

Changes Made

Container Fixes

  • Fixed entrypoint scripts to prevent restart loops across all 3 OS targets
  • Standardized PID file paths from /var/run/ssh/sshd.pid to /run/sshd.pid
  • Added rsyslog cleanup to prevent PID conflicts on restart
  • Changed container keep-alive from exec "$@" to exec tail -f /dev/null
  • Updated health checks in docker-compose.yml to match new PID file locations

Files Modified

  • containers/debian/entrypoint.sh - Fixed Debian 12 entrypoint
  • containers/alpine/entrypoint.sh - Fixed Alpine 3.19 entrypoint
  • containers/ubuntu/entrypoint.sh - Fixed Ubuntu 24.04 entrypoint with UFW and rsyslog handling
  • docker-compose.yml - Updated health check paths for all targets

Documentation Added

  • New file: docs/PROJECT-03-TESTING.md (831 lines)
    • Comprehensive bilingual testing guide (English/Hungarian)
    • Manual testing procedures for all 6 scripts
    • Cross-platform testing examples
    • Troubleshooting section with 4 common issues
    • CI/CD integration examples
    • Performance metrics and test results

Test Results

Container Health Status

✅ infra-debian-target     - healthy  (Debian 12 Bookworm)
✅ infra-alpine-target     - healthy  (Alpine 3.19)
✅ infra-ubuntu-target     - healthy  (Ubuntu 24.04 Noble)
✅ infra-test-webserver    - healthy  (Nginx Alpine)
⚠️  infra-test-dns         - unhealthy (CoreDNS - non-critical)

Script Validation

All 6 automation scripts tested and working:

  • system-inventory.sh - Collection and reporting functional
  • network-diagnostics.sh - Connectivity test passed (0% loss, 0.091ms RTT)
  • server-hardening.sh - Dry-run mode working
  • service-watchdog.sh - Status command OK
  • backup-manager.sh - Init/list operations working
  • log-rotation.sh - List command functional

Network Tests

Source: Alpine (infra-alpine-target)
Target: Nginx (172.30.0.10)

✅ Ping Status: Success
✅ Packet Loss: 0%
✅ Average RTT: 0.091ms
✅ Gateway: 172.30.0.1 (reachable)
✅ Traceroute: 1 hop
✅ MTU Test: Pass (1500 bytes)

Testing Performed

  1. Clean rebuild with docker compose build --no-cache
  2. Health check validation - All targets healthy within 30 seconds
  3. Script execution tests - Ran commands on all 3 OS platforms
  4. Network connectivity - Validated cross-container communication
  5. Cross-platform compatibility - Confirmed scripts work on Debian, Alpine, Ubuntu

Root Cause Analysis

The container restart loops were caused by:

  1. Missing /var/run/ssh directory - touch command failed causing script exit
  2. Inconsistent PID paths - Health checks looked in wrong locations
  3. rsyslog PID conflicts - Multiple instances trying to use same PID file
  4. Immediate script exit - exec "$@" with no command caused container to terminate

Before/After

Before

infra-debian-target    Restarting (1) 3 seconds ago
infra-alpine-target    Restarting (0) 1 second ago  
infra-ubuntu-target    Restarting (0) 2 seconds ago

After

infra-debian-target    Up 5m (healthy)
infra-alpine-target    Up 5m (healthy)
infra-ubuntu-target    Up 5m (healthy)

Compatibility

  • ✅ Debian 12 (Bookworm)
  • ✅ Alpine 3.19
  • ✅ Ubuntu 24.04 (Noble)
  • ✅ Docker Compose v2.20+
  • ✅ All automation scripts maintain cross-platform compatibility

Documentation

New comprehensive testing guide includes:

  • Quick test procedures (30 seconds)
  • Full rebuild instructions
  • Manual testing for each of the 6 scripts
  • Troubleshooting guide with solutions
  • CI/CD integration examples (GitHub Actions)
  • Performance metrics

Additional Notes

  • All changes are backwards compatible
  • No script functionality changes - only container infrastructure fixes
  • Docker volumes preserved (reports, backups, logs)
  • Network configuration unchanged (172.30.0.0/24)

Checklist

  • All containers start successfully
  • Health checks pass on all targets
  • Scripts executable and functional
  • Network connectivity validated
  • Cross-platform testing completed
  • Documentation created
  • Commit message follows standards

🤖 Generated with Claude Code

Co-Authored-By: Claude noreply@anthropic.com

Summary by Sourcery

Resolve container restart and health check issues in Project 03 by hardening container entrypoints, standardizing SSHD PID handling, and adding a comprehensive testing guide.

Bug Fixes:

  • Prevent Debian, Ubuntu, and Alpine target containers from exiting or restart-looping by ensuring entrypoints keep containers alive consistently.
  • Fix health checks by standardizing SSHD PID file location to /run/sshd.pid and updating docker-compose healthcheck paths accordingly.
  • Eliminate rsyslog PID conflicts in Debian and Ubuntu containers by enforcing a clean rsyslog startup sequence.

Enhancements:

  • Tighten safety of Debian and Ubuntu entrypoint scripts using stricter shell options.
  • Improve container observability and robustness by cleaning up logging and PID handling in entrypoints.

Documentation:

  • Add a detailed bilingual (EN/HU) testing guide covering environment setup, manual and cross-platform testing procedures, troubleshooting, and CI/CD examples for Project 03.

Summary by CodeRabbit

  • Documentation

    • Added a bilingual (English/Hungarian) comprehensive testing guide covering multi-OS test environments, setup, quick/full workflows, manual and CI testing, troubleshooting, and test result templates.

  • Chores

    • Improved container startup and health-check behavior for more robust runtime and keep-alive handling across images; updated runtime paths and service management.
    • Expanded allowed CLI commands in local tool settings to support additional test and maintenance workflows.

✏️ Tip: You can customize this high-level summary in your review settings.

@w7-learn @claude
Fix: Container entrypoint and health check issues in Project 03
d14ac11 
## Changes

### Container Fixes
- Fix entrypoint scripts to prevent restart loops
- Change PID file paths from /var/run/ssh/sshd.pid to /run/sshd.pid
- Add rsyslog cleanup to prevent PID conflicts
- Replace `exec "$@"` with `exec tail -f /dev/null` to keep containers running
- Update health check paths in docker-compose.yml to match new PID locations

### Files Modified
- containers/debian/entrypoint.sh
- containers/alpine/entrypoint.sh
- containers/ubuntu/entrypoint.sh
- docker-compose.yml

### Testing
- All 3 target containers (Debian, Alpine, Ubuntu) now healthy
- All 6 automation scripts tested and working
- Network connectivity validated (0% packet loss)
- Cross-platform compatibility confirmed

### Documentation
- Add comprehensive testing guide: docs/PROJECT-03-TESTING.md
- Bilingual documentation (English/Hungarian)
- Troubleshooting section with common issues
- CI/CD integration examples

## Test Results
✅ infra-debian-target - healthy
✅ infra-alpine-target - healthy
✅ infra-ubuntu-target - healthy
✅ All scripts functional across all platforms

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
@coderabbitai
Copy link

coderabbitai bot commented Nov 30, 2025
edited
Loading

Note

Other AI code review bot(s) detected

CodeRabbit has detected other AI code review bot(s) in this pull request and will avoid duplicating their findings in the review comments. This may lead to a less comprehensive review.

Walkthrough

Added a bilingual testing guide, expanded allowed command list in .claude/settings.local.json, standardized container entrypoints with stricter shell options and optional docker-run command support, and aligned docker-compose healthcheck paths to use /run/sshd.pid.

Changes

Cohort / File(s) Summary
Settings & Allowlist
\.claude/settings.local.json		 Extended allow-list with additional Bash(...) entries: docker run (postfix check image), scripts/validate-environment.sh, tests/health-checks.sh, gh pr view, shellcheck, and docker ps alongside existing git push:*) entry.
Testing Documentation
docs/PROJECT-03-TESTING.md		 New bilingual (English / Magyar) testing guide for Project-03: Docker multi-OS test environment, service descriptions, quick/full workflows, manual script usage, cross-platform commands, CI examples, troubleshooting, and metadata.
Container Entrypoints
project-03-infra-automation/containers/alpine/entrypoint.sh, project-03-infra-automation/containers/debian/entrypoint.sh, project-03-infra-automation/containers/ubuntu/entrypoint.sh		 Entrypoints hardened with stricter shell options (alpine: set -eu; debian/ubuntu: set -euo pipefail), adjusted SSH runtime paths (/var/run/sshd/run/sshd), improved rsyslog startup/cleanup in debian & ubuntu, and changed keep-alive behavior to run provided CMD if present or tail -f /dev/null.
Health Checks
project-03-infra-automation/docker-compose.yml		 Updated healthcheck pid paths for debian-target and ubuntu-target to /run/sshd.pid to match entrypoint changes.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

  • Review cross-image differences (alpine uses set -eu; debian/ubuntu use set -euo pipefail) to confirm intent.
  • Validate rsyslog cleanup logic in debian/ubuntu for race conditions and PID handling.
  • Confirm healthcheck timing/paths and that optional exec vs tail behavior matches CI/test expectations.
  • Verify formatting and correctness of new allow-list Bash(...) entries.

Possibly related PRs

Poem

🐇 I hopped into containers, snug and neat,
I tightened shells and made their heartbeat meet,
SSHs whisper in /run by night,
Docs in two tongues guide the testing flight,
A tiny rabbit cheers automation bright.

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title 'Fix: Container entrypoint and health check issues in Project 03' directly and accurately summarizes the main changes: fixing container entrypoint scripts and health check configuration issues across multiple OS variants in Project 03.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
✨ Finishing touches
  • 📝 Generate docstrings
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch test/project-03-S1

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@sourcery-ai
Copy link

sourcery-ai bot commented Nov 30, 2025
edited
Loading

Reviewer's Guide

Fixes container restart loops and SSH health check failures across Debian, Alpine, and Ubuntu targets by hardening entrypoint scripts, standardizing PID file handling, and aligning docker-compose health checks, plus adds a comprehensive bilingual testing guide for Project 03.

Sequence diagram for updated container startup and health checks

sequenceDiagram
    participant Docker_Engine
    participant Docker_Compose
    participant Target_Container as Target_container
    participant Entrypoint_Script
    participant SSHD as sshd_daemon
    participant Rsyslog as rsyslog_daemon
    participant Healthcheck as healthcheck_cmd

    Docker_Compose->>Docker_Engine: create_and_start_container(target)
    Docker_Engine->>Target_Container: start

    activate Target_Container
    Target_Container->>Entrypoint_Script: run_entrypoint_sh

    activate Entrypoint_Script
    Entrypoint_Script->>Entrypoint_Script: set_eu_or_euo_pipefail
    Entrypoint_Script->>Entrypoint_Script: mkdir_p_run_sshd_and_data_dirs
    Entrypoint_Script->>SSHD: start_sshd
    Entrypoint_Script->>Rsyslog: remove_rsyslog_pid_file
    Entrypoint_Script->>Rsyslog: pkill_rsyslogd
    Entrypoint_Script->>Rsyslog: sleep_for_clean_start
    Entrypoint_Script->>Rsyslog: start_rsyslogd_with_error_toleration
    Entrypoint_Script->>Entrypoint_Script: touch_run_sshd_pid
    Entrypoint_Script->>Entrypoint_Script: print_ready_and_runtime_info
    Entrypoint_Script->>Target_Container: exec_tail_f_dev_null
    deactivate Entrypoint_Script

    loop periodic_health_checks
        Docker_Engine->>Healthcheck: run_test_command
        Healthcheck->>Target_Container: test_f_run_sshd_pid
        Target_Container-->>Healthcheck: exit_code_0_if_pid_file_exists
        Healthcheck-->>Docker_Engine: report_healthy_or_unhealthy
    end

    Docker_Engine-->>Docker_Compose: container_status_healthy
Loading

File-Level Changes

Change Details Files
Hardened Debian and Ubuntu entrypoint scripts to avoid premature exits, cleanly restart rsyslog, and standardize SSHD PID file handling for health checks.
  • Tightened shell options from set -e to set -euo pipefail to fail fast on unset variables and pipeline errors.
  • Switched SSH runtime directory creation to /run/sshd and ensured required infra directories are present.
  • Implemented a clean rsyslog startup sequence that removes stale PID files, force-kills existing rsyslogd processes, waits briefly, then starts rsyslog with errors suppressed to avoid container failure.
  • Standardized SSHD health PID file creation at /run/sshd.pid instead of /var/run/sshd.pid.
  • Replaced exec "$@" with exec tail -f /dev/null so containers stay up even without a command override.
 project-03-infra-automation/containers/debian/entrypoint.sh
project-03-infra-automation/containers/ubuntu/entrypoint.sh
Aligned Alpine entrypoint behavior with other targets for more robust error handling and long-running containers.
  • Tightened shell options from set -e to set -eu to treat unset variables as errors while remaining compatible with Alpine BusyBox shell.
  • Kept creation of both /var/run/sshd and /run/sshd to satisfy OpenSSH expectations and health checks.
  • Replaced exec "$@" with exec tail -f /dev/null to prevent containers from exiting when no command is passed.
 project-03-infra-automation/containers/alpine/entrypoint.sh
Updated docker-compose health checks to match the new standardized SSHD PID file path.
  • Changed SSHD health check tests from /var/run/ssh/sshd.pid to /run/sshd.pid for affected services.
  • Kept existing health check timing and retry behavior while only adjusting the file path predicate.
 project-03-infra-automation/docker-compose.yml
Added a detailed, bilingual testing guide documenting environment setup, manual/automated tests, troubleshooting, and CI integration for Project 03.
  • Documented the docker-compose based multi-OS test environment, network layout, and mounted volumes.
  • Provided quick-start, full rebuild, and comprehensive cross-platform testing workflows for all six automation scripts.
  • Included concrete command examples for script usage on Debian, Alpine, and Ubuntu, along with expected results and performance metrics.
  • Added troubleshooting playbooks for common container, health check, and permissions issues, plus example GitHub Actions workflow for CI/CD integration.
 docs/PROJECT-03-TESTING.md
Tips and commands

Interacting with Sourcery

  • Trigger a new review: Comment @sourcery-ai review on the pull request.
  • Continue discussions: Reply directly to Sourcery's review comments.
  • Generate a GitHub issue from a review comment: Ask Sourcery to create an
    issue from a review comment by replying to it. You can also reply to a
    review comment with @sourcery-ai issue to create an issue from it.
  • Generate a pull request title: Write @sourcery-ai anywhere in the pull
    request title to generate a title at any time. You can also comment
    @sourcery-ai title on the pull request to (re-)generate the title at any time.
  • Generate a pull request summary: Write @sourcery-ai summary anywhere in
    the pull request body to generate a PR summary at any time exactly where you
    want it. You can also comment @sourcery-ai summary on the pull request to
    (re-)generate the summary at any time.
  • Generate reviewer's guide: Comment @sourcery-ai guide on the pull
    request to (re-)generate the reviewer's guide at any time.
  • Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
    pull request to resolve all Sourcery comments. Useful if you've already
    addressed all the comments and don't want to see them anymore.
  • Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
    request to dismiss all existing Sourcery reviews. Especially useful if you
    want to start fresh with a new review - don't forget to comment
    @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

  • Enable or disable review features such as the Sourcery-generated pull request
    summary, the reviewer's guide, and others.
  • Change the review language.
  • Add, remove or edit custom review instructions.
  • Adjust other review settings.

Getting Help

sourcery-ai[bot]
sourcery-ai bot reviewed Nov 30, 2025
View reviewed changes
Copy link

@sourcery-ai sourcery-ai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey there - I've reviewed your changes - here's some feedback:

  • Hard-coding exec tail -f /dev/null in the entrypoint removes the ability to pass a custom long-running command via the container CMD; consider keeping exec "$@" and instead setting a sane default command in the Dockerfile/compose so the container can still be overridden when needed.
  • The rsyslog cleanup in the Debian/Ubuntu entrypoints (pkill -9 rsyslogd and unconditional PID file removal) is quite aggressive; you may want to gate this on the PID file or process actually existing (e.g., check /run/rsyslogd.pid and pgrep rsyslogd) to avoid unnecessary SIGKILLs and make the intent clearer.
  • The new testing guide hardcodes specific dates and concrete test outputs (RTT values, health statuses, etc.); consider explicitly labeling those sections as example outputs so they don’t get misconstrued as up-to-date expected results as the system evolves.
Prompt for AI Agents 
Please address the comments from this code review:

## Overall Comments
- Hard-coding `exec tail -f /dev/null` in the entrypoint removes the ability to pass a custom long-running command via the container `CMD`; consider keeping `exec "$@"` and instead setting a sane default command in the Dockerfile/compose so the container can still be overridden when needed.
- The rsyslog cleanup in the Debian/Ubuntu entrypoints (`pkill -9 rsyslogd` and unconditional PID file removal) is quite aggressive; you may want to gate this on the PID file or process actually existing (e.g., check `/run/rsyslogd.pid` and `pgrep rsyslogd`) to avoid unnecessary SIGKILLs and make the intent clearer.
- The new testing guide hardcodes specific dates and concrete test outputs (RTT values, health statuses, etc.); consider explicitly labeling those sections as example outputs so they don’t get misconstrued as up-to-date expected results as the system evolves.

## Individual Comments

### Comment 1
<location> `project-03-infra-automation/containers/ubuntu/entrypoint.sh:34` </location>
<code_context>

 # Keep container running
-exec "$@"
+exec tail -f /dev/null
</code_context>

<issue_to_address>
**suggestion (bug_risk):** Using `exec tail -f /dev/null` discards any CMD/args passed to the container and makes the entrypoint less flexible.

The previous `exec "$@"` let callers or Compose overrides supply a custom command while still using this setup logic. Hard-coding `exec tail -f /dev/null` removes that flexibility and forces consumers to replace the entrypoint to change behavior. To keep configurability while supporting the "keep running" use case, you could do:

```sh
if [ "$#" -gt 0 ]; then
  exec "$@"
else
  exec tail -f /dev/null
fi
```
</issue_to_address>

### Comment 2
<location> `project-03-infra-automation/containers/debian/entrypoint.sh:31` </location>
<code_context>

 # Keep container running
-exec "$@"
+exec tail -f /dev/null
</code_context>

<issue_to_address>
**suggestion:** Same `tail -f /dev/null` behavior here also prevents consumers from overriding the final command.

This change prevents compose users or `docker run` from passing a different CMD while still using the initialization logic. To keep that flexibility, you could use the same pattern as the Ubuntu entrypoint: `if [ "$#" -gt 0 ]; then exec "$@"; else exec tail -f /dev/null; fi`.
</issue_to_address>

### Comment 3
<location> `project-03-infra-automation/containers/alpine/entrypoint.sh:30` </location>
<code_context>

 # Keep container running
-exec "$@"
+exec tail -f /dev/null
</code_context>

<issue_to_address>
**suggestion:** Alpine entrypoint also loses the ability to run a custom command after initialization.

Consider using the same conditional-exec pattern as the Debian/Ubuntu variants so this still tails by default, but executes a provided command when arguments are passed. That keeps the container overrideable and consistent across images.
</issue_to_address>

### Comment 4
<location> `docs/PROJECT-03-TESTING.md:31` </location>
<code_context>
+| Service | Base Image | Purpose (EN) | Cél (HU) |
+|---------|------------|--------------|----------|
+| **debian-target** | debian:bookworm-slim | Primary test target | Elsődleges teszt célpont |
+| **alpine-target** | alpine:3.19 | Minimal environment testing | Minimális környezet tesztelés |
+| **ubuntu-target** | ubuntu:24.04 | Enterprise environment testing | Vállalati környezet tesztelés |
+| **test-webserver** | nginx:alpine | Network diagnostics target | Hálózati diagnosztikai célpont |
</code_context>

<issue_to_address>
**suggestion (typo):** Consider using the grammatically correct form "Minimális környezet tesztelése" in Hungarian.

The form with the *-ése* ending is the standard, natural Hungarian noun phrase here and aligns better with the English “environment testing.”

```suggestion
| **alpine-target** | alpine:3.19 | Minimal environment testing | Minimális környezet tesztelése |
```
</issue_to_address>

### Comment 5
<location> `docs/PROJECT-03-TESTING.md:32` </location>
<code_context>
+|---------|------------|--------------|----------|
+| **debian-target** | debian:bookworm-slim | Primary test target | Elsődleges teszt célpont |
+| **alpine-target** | alpine:3.19 | Minimal environment testing | Minimális környezet tesztelés |
+| **ubuntu-target** | ubuntu:24.04 | Enterprise environment testing | Vállalati környezet tesztelés |
+| **test-webserver** | nginx:alpine | Network diagnostics target | Hálózati diagnosztikai célpont |
+| **test-dns** | coredns/coredns | DNS resolution testing | DNS feloldás tesztelés |
</code_context>

<issue_to_address>
**suggestion (typo):** Adjust Hungarian phrasing to "Vállalati környezet tesztelése" for correct grammar.

"Vállalati környezet tesztelése" is the grammatically correct and more natural phrasing here.

```suggestion
| **ubuntu-target** | ubuntu:24.04 | Enterprise environment testing | Vállalati környezet tesztelése |
```
</issue_to_address>

### Comment 6
<location> `docs/PROJECT-03-TESTING.md:34` </location>
<code_context>
+| **alpine-target** | alpine:3.19 | Minimal environment testing | Minimális környezet tesztelés |
+| **ubuntu-target** | ubuntu:24.04 | Enterprise environment testing | Vállalati környezet tesztelés |
+| **test-webserver** | nginx:alpine | Network diagnostics target | Hálózati diagnosztikai célpont |
+| **test-dns** | coredns/coredns | DNS resolution testing | DNS feloldás tesztelés |
+
+### Network Configuration | Hálózati Konfiguráció
</code_context>

<issue_to_address>
**suggestion (typo):** Use "DNS feloldás tesztelése" to match correct Hungarian noun form.

Here too, please use the grammatically correct, idiomatic form "DNS feloldás tesztelése".

```suggestion
| **test-dns** | coredns/coredns | DNS resolution testing | DNS feloldás tesztelése |
```
</issue_to_address>

### Comment 7
<location> `docs/PROJECT-03-TESTING.md:102` </location>
<code_context>
+# Várj amíg az állapot ellenőrzések átmennek
+sleep 30
+
+# Ellenőrizd a konténer státuszt
+docker compose ps
+
</code_context>

<issue_to_address>
**suggestion (typo):** Use "státuszát" instead of "státuszt" for correct Hungarian grammar.

In this context, Hungarian prefers the possessive + accusative form: "Ellenőrizd a konténer státuszát."

Suggested implementation:

```
Ellenőrizd a konténer státuszát

```

Apply the same replacement anywhere else in the file where "konténer státuszt" appears, including inside code blocks or comments, so the Hungarian phrasing is consistently correct.
</issue_to_address>
Sourcery is free for open source - if you like our reviews please consider sharing them ✨
Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.

coderabbitai[bot]
coderabbitai bot reviewed Nov 30, 2025
View reviewed changes
Copy link

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🧹 Nitpick comments (3)
project-03-infra-automation/containers/alpine/entrypoint.sh (1)

1-30: Add structured logging and signal handling.

Per coding guidelines, Bash daemon scripts must implement structured logging with a log() function (with [YYYY-MM-DD HH:MM:SS] [LEVEL] timestamps) and signal handling via trap for SIGTERM/SIGINT. While this is a sh script for Alpine, consider adding basic logging for observability and trap handlers to gracefully handle container shutdown signals.

Example enhancement:

#!/bin/sh
set -eu

# Simple logging function for Alpine sh
log() {
  local level="$1"
  shift
  local message="$*"
  local timestamp
  timestamp=$(date '+%Y-%m-%d %H:%M:%S')
  echo "[$timestamp] [$level] $message"
}

# Signal handlers
cleanup() {
  log "INFO" "Shutting down..."
  exit 0
}
trap cleanup SIGTERM SIGINT

# Create required directories
mkdir -p /var/run/sshd /run/sshd /var/reports /var/backups /var/log/infra
log "INFO" "Created required directories"

# ... rest of script using log() for output
project-03-infra-automation/containers/debian/entrypoint.sh (1)

16-21: Consider gentler rsyslog signal handling and add structured logging.

The aggressive pkill -9 rsyslogd approach (SIGKILL) may leave resources uncleaned. Consider using pkill -TERM (SIGTERM) first with a retry fallback. Additionally, per coding guidelines, implement structured logging with a log() function for all output to enable observability and debugging.

#!/bin/bash
set -euo pipefail

# Structured logging function
log() {
  local level="$1"
  shift
  local message="$*"
  local timestamp
  timestamp=$(date '+%Y-%m-%d %H:%M:%S')
  echo "[$timestamp] [$level] $message"
}

# Signal handlers for graceful shutdown
cleanup() {
  log "INFO" "Received shutdown signal, cleaning up..."
  pkill -TERM rsyslogd 2>/dev/null || true
  sleep 2
  exit 0
}
trap cleanup SIGTERM SIGINT

# Create required directories
mkdir -p /run/sshd /var/reports /var/backups /var/log/infra
log "INFO" "Created required directories"

# Start SSH daemon
log "INFO" "Starting SSH daemon..."
/usr/sbin/sshd

# Start rsyslog (clean start)
log "INFO" "Starting rsyslog..."
rm -f /run/rsyslogd.pid 2>/dev/null || true
pkill -TERM rsyslogd 2>/dev/null || true
sleep 1
rsyslogd 2>/dev/null || log "WARN" "rsyslog start skipped (may already be running)"

# Create PID file for health check
touch /run/sshd.pid

log "INFO" "Debian target container ready"
log "INFO" "Hostname: $(hostname)"
log "INFO" "IP Address: $(hostname -I)"

# Keep container running
exec tail -f /dev/null
project-03-infra-automation/containers/ubuntu/entrypoint.sh (1)

16-21: Consider gentler signal handling and add structured logging.

Similar to the Debian entrypoint, the aggressive pkill -9 rsyslogd approach should be replaced with SIGTERM for graceful termination. Additionally, per coding guidelines, implement structured logging with a log() function for all output. The UFW error suppression is reasonable here since UFW may not be installed during build.

#!/bin/bash
set -euo pipefail

# Structured logging function
log() {
  local level="$1"
  shift
  local message="$*"
  local timestamp
  timestamp=$(date '+%Y-%m-%d %H:%M:%S')
  echo "[$timestamp] [$level] $message"
}

# Signal handlers for graceful shutdown
cleanup() {
  log "INFO" "Received shutdown signal, cleaning up..."
  pkill -TERM rsyslogd 2>/dev/null || true
  pkill -TERM sshd 2>/dev/null || true
  sleep 2
  exit 0
}
trap cleanup SIGTERM SIGINT

# Create required directories
mkdir -p /run/sshd /var/reports /var/backups /var/log/infra
log "INFO" "Created required directories"

# Start SSH daemon
log "INFO" "Starting SSH daemon..."
/usr/sbin/sshd

# Start rsyslog (clean start)
log "INFO" "Starting rsyslog..."
rm -f /run/rsyslogd.pid 2>/dev/null || true
pkill -TERM rsyslogd 2>/dev/null || true
sleep 1
rsyslogd 2>/dev/null || log "WARN" "rsyslog start skipped (may already be running)"

# Disable UFW by default
log "INFO" "Disabling UFW..."
ufw --force disable 2>/dev/null || true

# Create PID file for health check
touch /run/sshd.pid

log "INFO" "Ubuntu target container ready"
log "INFO" "Hostname: $(hostname)"
log "INFO" "IP Address: $(hostname -I)"

# Keep container running
exec tail -f /dev/null

Also applies to: 24-24

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 057f65f and d14ac11.

📒 Files selected for processing (6)
  • .claude/settings.local.json (1 hunks)
  • docs/PROJECT-03-TESTING.md (1 hunks)
  • project-03-infra-automation/containers/alpine/entrypoint.sh (2 hunks)
  • project-03-infra-automation/containers/debian/entrypoint.sh (1 hunks)
  • project-03-infra-automation/containers/ubuntu/entrypoint.sh (1 hunks)
  • project-03-infra-automation/docker-compose.yml (2 hunks)
🧰 Additional context used
📓 Path-based instructions (2)
**/docker-compose.yml

📄 CodeRabbit inference engine (CLAUDE.md)

Docker Compose files must use version 3.8+ syntax, define health checks for all services, use named volumes for persistent data, and configure proper restart policies

Files:

  • project-03-infra-automation/docker-compose.yml
**/*.sh

📄 CodeRabbit inference engine (CLAUDE.md)

**/*.sh: All Bash scripts must begin with set -euo pipefail for error handling
All Bash scripts must pass shellcheck without errors; use # shellcheck disable=SC#### only when absolutely necessary with explanation
Bash scripts must implement structured logging using a log() function with timestamp in format: [YYYY-MM-DD HH:MM:SS] [LEVEL] message
Bash scripts must use readonly environment variables with fallback defaults using pattern: readonly VAR_NAME="${VAR_NAME:-default_value}"
Bash scripts that produce JSON output must use heredocs for JSON generation and include ISO 8601 formatted timestamps
Bash daemon scripts must implement signal handling with trap for SIGTERM and SIGINT that calls cleanup before exit

Files:

  • project-03-infra-automation/containers/ubuntu/entrypoint.sh
  • project-03-infra-automation/containers/debian/entrypoint.sh
  • project-03-infra-automation/containers/alpine/entrypoint.sh
🧠 Learnings (5)
📓 Common learnings 
Learnt from: CR
Repo: w7-mgfcode/linux-sysadmin-portfolio PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-11-30T08:16:01.079Z
Learning: Applies to **/docker-compose.yml : Docker Compose files must use version 3.8+ syntax, define health checks for all services, use named volumes for persistent data, and configure proper restart policies

Learnt from: CR
Repo: w7-mgfcode/linux-sysadmin-portfolio PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-11-30T08:16:01.079Z
Learning: Projects must include comprehensive test suites with clear documentation covering test setup, execution, and CI/CD integration

Learnt from: CR
Repo: w7-mgfcode/linux-sysadmin-portfolio PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-11-30T08:16:01.079Z
Learning: Infrastructure automation scripts should implement multi-OS compatibility (Debian, Alpine, Ubuntu) with OS detection logic
📚 Learning: 2025-11-30T08:16:01.079Z 
Learnt from: CR
Repo: w7-mgfcode/linux-sysadmin-portfolio PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-11-30T08:16:01.079Z
Learning: Projects must include comprehensive test suites with clear documentation covering test setup, execution, and CI/CD integration

Applied to files:

  • docs/PROJECT-03-TESTING.md
📚 Learning: 2025-11-30T08:16:01.079Z 
Learnt from: CR
Repo: w7-mgfcode/linux-sysadmin-portfolio PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-11-30T08:16:01.079Z
Learning: Applies to **/README.md : Documentation files must follow bilingual structure: Overview, Quick Start, Features sections with English/Hungarian parallel descriptions (code examples don't need translation)

Applied to files:

  • docs/PROJECT-03-TESTING.md
📚 Learning: 2025-11-30T08:16:01.079Z 
Learnt from: CR
Repo: w7-mgfcode/linux-sysadmin-portfolio PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-11-30T08:16:01.079Z
Learning: Applies to **/docker-compose.yml : Docker Compose files must use version 3.8+ syntax, define health checks for all services, use named volumes for persistent data, and configure proper restart policies

Applied to files:

  • project-03-infra-automation/docker-compose.yml
📚 Learning: 2025-11-30T08:16:01.079Z 
Learnt from: CR
Repo: w7-mgfcode/linux-sysadmin-portfolio PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-11-30T08:16:01.079Z
Learning: Applies to **/Dockerfile* : Docker containers must never hardcode secrets in Dockerfiles; use .env files (not committed) for sensitive values and run containers as non-root where possible

Applied to files:

  • project-03-infra-automation/containers/debian/entrypoint.sh
🪛 markdownlint-cli2 (0.18.1)
docs/PROJECT-03-TESTING.md

38-38: Fenced code blocks should have a language specified

(MD040, fenced-code-language)

415-415: Fenced code blocks should have a language specified

(MD040, fenced-code-language)

437-437: Fenced code blocks should have a language specified

(MD040, fenced-code-language)

450-450: Fenced code blocks should have a language specified

(MD040, fenced-code-language)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)
  • GitHub Check: Sourcery review
🔇 Additional comments (6)
.claude/settings.local.json (1)

20-26: LGTM!

The new allowed commands are appropriately scoped and support the testing workflows, CI/CD integration, and health-check validation mentioned in the PR objectives.

project-03-infra-automation/docker-compose.yml (1)

32-32: Correct PID path updates.

The healthcheck test updates align properly with the entrypoint script changes that standardize SSH daemon PID files to /run/sshd.pid. The docker-compose.yml file meets all guidelines: version 3.8+, health checks for all services, named volumes, and proper restart policies.

Also applies to: 92-92

project-03-infra-automation/containers/alpine/entrypoint.sh (1)

7-7: Shell options are correct for Alpine.

The set -eu directive is appropriate for Alpine Linux, which uses ash (POSIX-compliant shell) rather than bash. The pipefail option is bash-specific and not available in POSIX sh.

project-03-infra-automation/containers/debian/entrypoint.sh (1)

7-7: Shell options follow guidelines.

The set -euo pipefail directive meets all coding guidelines for strict error handling, undefined variable detection, and pipe failure propagation.

project-03-infra-automation/containers/ubuntu/entrypoint.sh (1)

7-7: Shell options follow guidelines.

The set -euo pipefail directive meets all coding guidelines for strict error handling and pipeline failure detection.

docs/PROJECT-03-TESTING.md (1)

1-831: Comprehensive and well-structured testing documentation.

The testing guide is thorough, properly bilingual (English/Magyar), and well-organized with clear sections for setup, execution, troubleshooting, and CI/CD integration. The documentation correctly aligns with the entrypoint and health-check changes described in the PR objectives. All examples are practical and the troubleshooting section provides good debugging guidance. After addressing the markdown linting issues above, this will be production-ready.

docs/PROJECT-03-TESTING.md

### Network Configuration | Hálózati Konfiguráció

```
Copy link

@coderabbitai coderabbitai bot Nov 30, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor

Fix markdown linting violations (MD040).

Four fenced code blocks are missing language specifiers. Add appropriate language identifiers or convert plain-text output blocks to non-fenced blocks.

Apply these fixes:

-\`\`\`
+\`\`\`
 Network: infra-test-net (172.30.0.0/24)
 ├── Gateway: 172.30.0.1

Line 415 and similar plain status output blocks: Either add a language specifier (e.g., ```text) or use a plain code block with indentation for non-executable output:

-\`\`\`
+\`\`\`text
 ✅ infra-debian-target     - healthy  (Debian 12 Bookworm)
 ✅ infra-alpine-target     - healthy  (Alpine 3.19)

Apply ```text language specifier to lines 415, 437, and 450 as well.

Also applies to: 415-415, 437-437, 450-450

🧰 Tools
🪛 markdownlint-cli2 (0.18.1)

38-38: Fenced code blocks should have a language specified

(MD040, fenced-code-language)

🤖 Prompt for AI Agents 
In docs/PROJECT-03-TESTING.md around lines 415, 437, and 450, several fenced
code blocks currently lack language specifiers causing MD040 lint violations;
update each of those fenced blocks by adding a language identifier appropriate
for plain status output (for example ```text) or convert the blocks to indented
(non-fenced) code blocks so they are treated as plain text output and the
markdown linter is satisfied.

@w7-learn @claude
Refactor: Address Sourcery AI code review feedback
894e76e 
Implemented all suggested improvements from Sourcery AI bot review on PR #4:

1. Entrypoint Flexibility (Critical Priority)
   - Added conditional exec pattern to all three entrypoint scripts
   - Containers now support custom commands: `docker run ... container bash`
   - Maintains backward compatibility with default `tail -f /dev/null`
   - Pattern: if args provided, exec them; else keep running with tail

2. Safer rsyslog Cleanup (Medium Priority)
   - Replaced unconditional `pkill -9` with conditional cleanup
   - Only kills rsyslog when PID file exists or process is running
   - Clearer intent with explicit "Cleaning up..." message
   - Reduces unnecessary SIGKILL operations on clean starts

3. Documentation Improvements (Low Priority)
   - Added example output disclaimers to test results section
   - Clarified that timestamps, RTT values, etc. vary by environment
   - Fixed Hungarian grammar: "tesztelés" → "tesztelése" (3 instances)
   - Fixed Hungarian accusative case: "státuszt" → "státuszát"

Files Modified:
- project-03-infra-automation/containers/debian/entrypoint.sh
- project-03-infra-automation/containers/alpine/entrypoint.sh
- project-03-infra-automation/containers/ubuntu/entrypoint.sh
- docs/PROJECT-03-TESTING.md

Testing:
- All containers start successfully and reach healthy status
- Conditional rsyslog cleanup verified (no cleanup on fresh start)
- Scripts execute correctly on all three OS targets
- No regression in default container behavior

Credit: Sourcery AI code review on PR #4

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
coderabbitai[bot]
coderabbitai bot reviewed Nov 30, 2025
View reviewed changes
Copy link

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 4

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)
project-03-infra-automation/containers/alpine/entrypoint.sh (1)

1-7: Update to match codebase standards: use #!/bin/bash and set -euo pipefail, then update Dockerfile ENTRYPOINT.

Alpine's entrypoint is the only script in the repository using #!/bin/sh with set -eu. All other scripts (Debian, Ubuntu entrypoints and 10 other scripts) consistently use #!/bin/bash with set -euo pipefail. Bash is explicitly installed in the Alpine image. Additionally, the Dockerfile ENTRYPOINT must be updated to /bin/bash to align with Debian and Ubuntu containers.

entrypoint.sh:

-#!/bin/sh
+#!/bin/bash
 #===============================================================================
 # Alpine Container Entrypoint
 # Starts SSH daemon and keeps container running
 #===============================================================================
 
-set -eu
+set -euo pipefail

Dockerfile:

-ENTRYPOINT ["/bin/sh", "/entrypoint.sh"]
+ENTRYPOINT ["/bin/bash", "/entrypoint.sh"]
♻️ Duplicate comments (1)
docs/PROJECT-03-TESTING.md (1)

38-46: Add language specifiers to fenced code blocks (MD040 linting).

Four plain-text output blocks lack language identifiers, triggering markdown linter violations. Add ```text to clearly indicate these are plain-text output, not executable code.

Apply these diffs:

-```
+```text
 Network: infra-test-net (172.30.0.0/24)
 ├── Gateway: 172.30.0.1
-```
+```text
 ✅ infra-debian-target     - healthy  (Debian 12 Bookworm)
 ✅ infra-alpine-target     - healthy  (Alpine 3.19)
 ✅ infra-ubuntu-target     - healthy  (Ubuntu 24.04 Noble)
 ✅ infra-test-webserver    - healthy  (Nginx Alpine)
 ⚠️  infra-test-dns         - unhealthy (CoreDNS - non-critical)
-```
+```text
-```
+```text
 Source: Alpine (infra-alpine-target)
 Target: Nginx (172.30.0.10)
 
 ✅ Ping Status: Success
 ✅ Packet Loss: 0%
 ✅ Average RTT: 0.091ms
 ✅ Gateway: 172.30.0.1 (reachable)
 ✅ Traceroute: 1 hop
 ✅ MTU Test: Pass (1500 bytes)
-```
+```text
-```
+```text
 Forrás: Alpine (infra-alpine-target)
 Cél: Nginx (172.30.0.10)
 
 ✅ Ping Státusz: Sikeres
 ✅ Csomagvesztés: 0%
 ✅ Átlagos RTT: 0.091ms
 ✅ Átjáró: 172.30.0.1 (elérhető)
 ✅ Traceroute: 1 ugrás
 ✅ MTU Teszt: Sikeres (1500 bájt)
-```
+```text

Also applies to: 419-425, 441-450, 454-464

🧹 Nitpick comments (1)
docs/PROJECT-03-TESTING.md (1)

1-20: Excellent bilingual documentation and test suite.

The document follows all learnings and guidelines:

  • ✅ Bilingual structure with ## Title | Cím format across all major sections
  • ✅ Comprehensive test infrastructure documentation (5 services, 6 scripts, network config, volumes)
  • ✅ Clear testing procedures (quick, full rebuild, comprehensive, manual, cross-platform)
  • ✅ Troubleshooting section with concrete examples covering common issues and debugging tips
  • ✅ CI/CD integration example with GitHub Actions workflow
  • ✅ Performance metrics and test results templates
  • ✅ Hungarian grammar corrections applied (e.g., "státuszát" on line 102)

This documentation aligns well with the PR objectives (container entrypoint fixes, PID path standardization, health check validation) and provides clear guidance for testing and debugging across Debian 12, Alpine 3.19, and Ubuntu 24.04.

Optional enhancement: Consider adding a quick reference/cheat sheet section with one-liners for common tasks (e.g., "Check all container health," "Run all 6 scripts," "Clean rebuild and test"). This could appear after the Table of Contents for faster access during development.

Also applies to: 24-64, 66-156, 160-403, 407-483, 486-716, 720-771, 775-805

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between d14ac11 and 894e76e.

📒 Files selected for processing (4)
  • docs/PROJECT-03-TESTING.md (1 hunks)
  • project-03-infra-automation/containers/alpine/entrypoint.sh (2 hunks)
  • project-03-infra-automation/containers/debian/entrypoint.sh (1 hunks)
  • project-03-infra-automation/containers/ubuntu/entrypoint.sh (1 hunks)
🚧 Files skipped from review as they are similar to previous changes (1)
  • project-03-infra-automation/containers/debian/entrypoint.sh
🧰 Additional context used
📓 Path-based instructions (1)
**/*.sh

📄 CodeRabbit inference engine (CLAUDE.md)

**/*.sh: All Bash scripts must begin with set -euo pipefail for error handling
All Bash scripts must pass shellcheck without errors; use # shellcheck disable=SC#### only when absolutely necessary with explanation
Bash scripts must implement structured logging using a log() function with timestamp in format: [YYYY-MM-DD HH:MM:SS] [LEVEL] message
Bash scripts must use readonly environment variables with fallback defaults using pattern: readonly VAR_NAME="${VAR_NAME:-default_value}"
Bash scripts that produce JSON output must use heredocs for JSON generation and include ISO 8601 formatted timestamps
Bash daemon scripts must implement signal handling with trap for SIGTERM and SIGINT that calls cleanup before exit

Files:

  • project-03-infra-automation/containers/alpine/entrypoint.sh
  • project-03-infra-automation/containers/ubuntu/entrypoint.sh
🧠 Learnings (5)
📚 Learning: 2025-11-30T08:16:01.079Z 
Learnt from: CR
Repo: w7-mgfcode/linux-sysadmin-portfolio PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-11-30T08:16:01.079Z
Learning: Applies to **/README.md : Documentation files must follow bilingual structure: Overview, Quick Start, Features sections with English/Hungarian parallel descriptions (code examples don't need translation)

Applied to files:

  • docs/PROJECT-03-TESTING.md
📚 Learning: 2025-11-30T08:16:01.079Z 
Learnt from: CR
Repo: w7-mgfcode/linux-sysadmin-portfolio PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-11-30T08:16:01.079Z
Learning: Projects must include comprehensive test suites with clear documentation covering test setup, execution, and CI/CD integration

Applied to files:

  • docs/PROJECT-03-TESTING.md
📚 Learning: 2025-11-30T08:16:01.079Z 
Learnt from: CR
Repo: w7-mgfcode/linux-sysadmin-portfolio PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-11-30T08:16:01.079Z
Learning: Applies to **/README.md : All README files must be bilingual (English/Hungarian) with clear section headers in format: `## Section Name | Szekció Név`

Applied to files:

  • docs/PROJECT-03-TESTING.md
📚 Learning: 2025-11-30T08:16:01.079Z 
Learnt from: CR
Repo: w7-mgfcode/linux-sysadmin-portfolio PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-11-30T08:16:01.079Z
Learning: Applies to **/Dockerfile* : Docker base images must use official images where possible; prefer Alpine or Debian-slim for custom builds; pin versions exactly (e.g., `nginx:1.25-alpine` not `nginx:latest`)

Applied to files:

  • project-03-infra-automation/containers/alpine/entrypoint.sh
📚 Learning: 2025-11-30T08:16:01.079Z 
Learnt from: CR
Repo: w7-mgfcode/linux-sysadmin-portfolio PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-11-30T08:16:01.079Z
Learning: Applies to **/*.sh : All Bash scripts must begin with `set -euo pipefail` for error handling

Applied to files:

  • project-03-infra-automation/containers/ubuntu/entrypoint.sh
🪛 markdownlint-cli2 (0.18.1)
docs/PROJECT-03-TESTING.md

38-38: Fenced code blocks should have a language specified

(MD040, fenced-code-language)

419-419: Fenced code blocks should have a language specified

(MD040, fenced-code-language)

441-441: Fenced code blocks should have a language specified

(MD040, fenced-code-language)

454-454: Fenced code blocks should have a language specified

(MD040, fenced-code-language)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)
  • GitHub Check: Sourcery review
🔇 Additional comments (3)
project-03-infra-automation/containers/alpine/entrypoint.sh (2)

9-27: Add structured logging function and implement signal handling.

The script uses plain echo statements instead of the structured logging required by coding guidelines (format: [YYYY-MM-DD HH:MM:SS] [LEVEL] message). Additionally, since this script starts an SSH daemon and keeps it running, it should trap SIGTERM and SIGINT for graceful shutdown.

[raise_essential_refactor]
Apply this diff to add a log function and signal handling:

 #!/bin/bash
 #===============================================================================
 # Alpine Container Entrypoint
 # Starts SSH daemon and keeps container running
 #===============================================================================
 
 set -euo pipefail

+# Structured logging function
+log() {
+  local level="$1"
+  shift
+  local message="$*"
+  echo "[$(date +'%Y-%m-%d %H:%M:%S')] [$level] $message"
+}
+
+# Cleanup function for graceful shutdown
+cleanup() {
+  log "INFO" "Received shutdown signal, cleaning up..."
+  if [ -f /run/sshd.pid ]; then
+    rm -f /run/sshd.pid
+  fi
+  exit 0
+}
+
+trap cleanup SIGTERM SIGINT
+
 # Create required directories
-mkdir -p /var/run/sshd /run/sshd /var/reports /var/backups /var/log/infra
+mkdir -p /var/run/sshd /run/sshd /var/reports /var/backups /var/log/infra 2>/dev/null || true
+log "INFO" "Required directories initialized"
 
 # Generate SSH host keys if not exists
 if [ ! -f /etc/ssh/ssh_host_rsa_key ]; then
-    echo "Generating SSH host keys..."
+    log "INFO" "Generating SSH host keys..."
     ssh-keygen -A
 fi
 
 # Start SSH daemon
-echo "Starting SSH daemon..."
+log "INFO" "Starting SSH daemon..."
 /usr/sbin/sshd
 
 # Create PID file for health check
 touch /run/sshd.pid
 
-echo "Alpine target container ready"
-echo "Hostname: $(hostname)"
-echo "IP Address: $(hostname -i)"
+log "INFO" "Alpine target container ready"
+log "INFO" "Hostname: $(hostname)"
+log "INFO" "IP Address: $(hostname -i)"

29-34: Conditional exec pattern is well implemented.

The logic correctly allows custom commands via docker run while defaulting to keep-alive when no arguments are provided. This addresses the earlier concern about losing command override capability and maintains the no-exit behavior needed to prevent restart loops.

project-03-infra-automation/containers/ubuntu/entrypoint.sh (1)

37-41: Flexible command handling properly addresses prior feedback.

The conditional logic correctly implements the suggestion from the past review comment: if arguments are provided, execute them; otherwise keep the container running. This preserves configurability while supporting the keep-alive use case.

project-03-infra-automation/containers/ubuntu/entrypoint.sh
Comment on lines +7 to +41
set -euo pipefail

# Create required directories
mkdir -p /var/run/sshd /var/reports /var/backups /var/log/infra
mkdir -p /run/sshd /var/reports /var/backups /var/log/infra

# Start SSH daemon
echo "Starting SSH daemon..."
/usr/sbin/sshd

# Start rsyslog
# Start rsyslog (clean start if needed)
echo "Starting rsyslog..."
rsyslogd || true
if [ -f /run/rsyslogd.pid ] || pgrep rsyslogd >/dev/null 2>&1; then
echo "Cleaning up existing rsyslog instance..."
pkill -9 rsyslogd 2>/dev/null || true
rm -f /run/rsyslogd.pid 2>/dev/null || true
sleep 1
fi
rsyslogd 2>/dev/null || echo "rsyslog start skipped (may already be running)"

# Disable UFW by default (will be configured by scripts)
ufw --force disable || true
ufw --force disable 2>/dev/null || true

# Create PID file for health check
touch /var/run/sshd.pid
touch /run/sshd.pid

echo "Ubuntu target container ready"
echo "Hostname: $(hostname)"
echo "IP Address: $(hostname -I)"

# Keep container running
exec "$@"
# Keep container running (allow custom commands via docker run)
if [ "$#" -gt 0 ]; then
exec "$@"
else
exec tail -f /dev/null
fi
Copy link

@coderabbitai coderabbitai bot Nov 30, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

Add signal handling for daemon processes.

This script starts the sshd daemon but lacks signal handlers for SIGTERM and SIGINT as required by the coding guidelines for daemon scripts. Without proper cleanup, terminating the container may leave orphaned processes.

Add signal handling and cleanup function:

 set -euo pipefail
 
+# Cleanup function for signal handlers
+cleanup() {
+  local exit_code=$?
+  log INFO "Received signal, cleaning up..."
+  pkill -TERM sshd 2>/dev/null || true
+  pkill -TERM rsyslogd 2>/dev/null || true
+  exit "$exit_code"
+}
+
+trap cleanup SIGTERM SIGINT
+

Then ensure the keep-alive loop at the end properly respects signals:

 # Keep container running (allow custom commands via docker run)
 if [ "$#" -gt 0 ]; then
   exec "$@"
 else
-  exec tail -f /dev/null
+  tail -f /dev/null &
+  wait
 fi

This allows the trap handler to run when signals arrive.

Committable suggestion skipped: line range outside the PR's diff.

🤖 Prompt for AI Agents 
In project-03-infra-automation/containers/ubuntu/entrypoint.sh around lines 7 to
41, the script starts sshd and rsyslog but lacks SIGTERM/SIGINT handlers so
terminating the container can leave orphaned daemons; add a cleanup function
that stops/terminates sshd and rsyslog (graceful stop then SIGKILL fallback),
removes any pid files (/run/sshd.pid, /run/rsyslogd.pid), and performs any other
necessary teardown, then install trap 'cleanup' for SIGTERM and SIGINT at the
top after set -euo pipefail; finally change the keep-alive behavior to run a
foreground wait (e.g., start a background sleep or tail and call wait) so the
script can receive signals and the trap will run instead of using exec tail -f
/dev/null which bypasses the trap.

project-03-infra-automation/containers/ubuntu/entrypoint.sh

# Create required directories
mkdir -p /var/run/sshd /var/reports /var/backups /var/log/infra
mkdir -p /run/sshd /var/reports /var/backups /var/log/infra
Copy link

@coderabbitai coderabbitai bot Nov 30, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion | 🟠 Major

Use readonly environment variables with defaults instead of hardcoded paths.

Paths like /run/sshd, /var/reports, /var/backups, /var/log/infra, and /run/rsyslogd.pid are hardcoded throughout the script. Per coding guidelines, these should be readonly environment variables with fallback defaults for configurability.

Apply this refactor at the beginning of the script (after logging function):

+# Configuration with readonly defaults
+readonly SSH_RUN_DIR="${SSH_RUN_DIR:-/run/sshd}"
+readonly VAR_REPORTS_DIR="${VAR_REPORTS_DIR:-/var/reports}"
+readonly VAR_BACKUPS_DIR="${VAR_BACKUPS_DIR:-/var/backups}"
+readonly VAR_LOG_INFRA_DIR="${VAR_LOG_INFRA_DIR:-/var/log/infra}"
+readonly RSYSLOG_PID_FILE="${RSYSLOG_PID_FILE:-/run/rsyslogd.pid}"
+readonly SSHD_PID_FILE="${SSHD_PID_FILE:-/run/sshd.pid}"
+
 # Create required directories
-mkdir -p /run/sshd /var/reports /var/backups /var/log/infra
+mkdir -p "$SSH_RUN_DIR" "$VAR_REPORTS_DIR" "$VAR_BACKUPS_DIR" "$VAR_LOG_INFRA_DIR"
 
 # Start SSH daemon
 log INFO "Starting SSH daemon..."
 /usr/sbin/sshd
 
 # Start rsyslog (clean start if needed)
 log INFO "Starting rsyslog..."
-if [ -f /run/rsyslogd.pid ] || pgrep rsyslogd >/dev/null 2>&1; then
+if [ -f "$RSYSLOG_PID_FILE" ] || pgrep rsyslogd >/dev/null 2>&1; then
     log INFO "Cleaning up existing rsyslog instance..."
     pkill -9 rsyslogd 2>/dev/null || true
-    rm -f /run/rsyslogd.pid 2>/dev/null || true
+    rm -f "$RSYSLOG_PID_FILE" 2>/dev/null || true
     sleep 1
 fi
 rsyslogd 2>/dev/null || log WARN "rsyslog start skipped (may already be running)"
 
 # Create PID file for health check
-touch /run/sshd.pid
+touch "$SSHD_PID_FILE"

Also applies to: 16-16, 27-27, 30-30

🤖 Prompt for AI Agents 
In project-03-infra-automation/containers/ubuntu/entrypoint.sh around lines
10,16,27 and 30, replace hardcoded paths with readonly environment variables
that provide fallback defaults: define variables such as RUN_SSHD_DIR,
REPORTS_DIR, BACKUPS_DIR, INFRA_LOG_DIR, and RSYSLOG_PID_FILE immediately after
the logging function (using parameter expansion defaults, e.g.
VAR="${VAR:-/default/path}"), mark them readonly, then update the mkdir and any
other references on lines 10,16,27,30 to use these variables instead of the
literal paths so the script remains configurable while preserving existing
behavior.

project-03-infra-automation/containers/ubuntu/entrypoint.sh
Comment on lines 13 to 14
echo "Starting SSH daemon..."
/usr/sbin/sshd
Copy link

@coderabbitai coderabbitai bot Nov 30, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor

Add error handling for sshd startup.

The sshd daemon start (line 14) lacks error checking. If sshd fails to start, the container will continue with degraded functionality undetected.

Apply this improvement:

 log INFO "Starting SSH daemon..."
-/usr/sbin/sshd
+if /usr/sbin/sshd; then
+  log INFO "SSH daemon started successfully"
+else
+  log ERROR "Failed to start SSH daemon"
+  exit 1
+fi

Committable suggestion skipped: line range outside the PR's diff.

🤖 Prompt for AI Agents 
In project-03-infra-automation/containers/ubuntu/entrypoint.sh around lines
13-14, the script starts sshd without checking its result; modify it to start
sshd and immediately check its exit status (or run it in background and verify
it launched), log an error with the exit code/message to stderr if it failed,
and exit the container with a non-zero status so failure is detected by
orchestrators; ensure successful start proceeds (or use exec to replace the
shell with sshd when appropriate).

project-03-infra-automation/containers/ubuntu/entrypoint.sh
Comment on lines 13 to 34
echo "Starting SSH daemon..."
/usr/sbin/sshd

# Start rsyslog
# Start rsyslog (clean start if needed)
echo "Starting rsyslog..."
rsyslogd || true
if [ -f /run/rsyslogd.pid ] || pgrep rsyslogd >/dev/null 2>&1; then
echo "Cleaning up existing rsyslog instance..."
pkill -9 rsyslogd 2>/dev/null || true
rm -f /run/rsyslogd.pid 2>/dev/null || true
sleep 1
fi
rsyslogd 2>/dev/null || echo "rsyslog start skipped (may already be running)"

# Disable UFW by default (will be configured by scripts)
ufw --force disable || true
ufw --force disable 2>/dev/null || true

# Create PID file for health check
touch /var/run/sshd.pid
touch /run/sshd.pid

echo "Ubuntu target container ready"
echo "Hostname: $(hostname)"
echo "IP Address: $(hostname -I)"
Copy link

@coderabbitai coderabbitai bot Nov 30, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

Implement structured logging per coding guidelines.

The script uses plain echo statements instead of a structured log() function with timestamps in format [YYYY-MM-DD HH:MM:SS] [LEVEL] as required by the coding guidelines. Replace all logging with a log function.

Apply this refactor to add structured logging:

 set -euo pipefail
 
+# Structured logging function
+log() {
+  local level="$1"
+  shift
+  local message="$*"
+  local timestamp
+  timestamp=$(date '+%Y-%m-%d %H:%M:%S')
+  echo "[$timestamp] [$level] $message"
+}
+
 # Create required directories
 mkdir -p /run/sshd /var/reports /var/backups /var/log/infra
 
 # Start SSH daemon
-echo "Starting SSH daemon..."
+log INFO "Starting SSH daemon..."
 /usr/sbin/sshd
 
 # Start rsyslog (clean start if needed)
-echo "Starting rsyslog..."
+log INFO "Starting rsyslog..."
 if [ -f /run/rsyslogd.pid ] || pgrep rsyslogd >/dev/null 2>&1; then
-    echo "Cleaning up existing rsyslog instance..."
+    log INFO "Cleaning up existing rsyslog instance..."
     pkill -9 rsyslogd 2>/dev/null || true
     rm -f /run/rsyslogd.pid 2>/dev/null || true
     sleep 1
 fi
-rsyslogd 2>/dev/null || echo "rsyslog start skipped (may already be running)"
+rsyslogd 2>/dev/null || log WARN "rsyslog start skipped (may already be running)"
 
 # Disable UFW by default (will be configured by scripts)
 ufw --force disable 2>/dev/null || true
 
 # Create PID file for health check
 touch /run/sshd.pid
 
-echo "Ubuntu target container ready"
-echo "Hostname: $(hostname)"
-echo "IP Address: $(hostname -I)"
+log INFO "Ubuntu target container ready"
+log INFO "Hostname: $(hostname)"
+log INFO "IP Address: $(hostname -I)"

Committable suggestion skipped: line range outside the PR's diff.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sourcery-ai sourcery-ai[bot] sourcery-ai[bot] left review comments

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@w7-mgfcode @w7-learn