Why Run Monit as PID 1 in Containers?

Running Monit as PID 1 (init process) in a container provides several key benefits:

1. Process Reaping: In containers, the PID 1 process is responsible for "reaping" zombie processes - processes that have completed but whose exit status hasn't been collected. Without proper reaping, zombies accumulate and consume resources. Monit properly manages this critical init responsibility.

2. Signal Handling: PID 1 must handle and forward signals properly. When a container receives a shutdown signal (SIGTERM), Monit ensures all child processes shut down gracefully before the container stops, preventing data corruption.

3. Consolidated Functionality: Rather than using separate tools (like tini, dumb-init, or s6) alongside Monit, using Monit directly as PID 1 reduces complexity and container bloat.

4. Built-in Monitoring: Unlike other init replacements, Monit also provides robust service monitoring, automatic restarts, and notifications, making it a comprehensive solution for container health.

5. Ordered Startup and Dependencies: Monit can start services in a specific sequence and manage dependencies between them. This is crucial for multi-service containers where certain services must be fully operational before others start, a capability typically found only in full init systems like systemd.

6. Improved Reliability: Proper init functionality prevents common issues in containerized applications such as orphaned processes, improper shutdowns, and resource leaks.

This approach is particularly valuable for production containers where reliability, proper resource management, and clean application lifecycle handling are critical.

Monit Docker Testing Guide

A guide for testing Monit's ability to function as the init process (PID 1) in a Docker container, specifically targeting the latest Monit 5.35.x version with init implementation.

Project Structure

You've already created the directory structure:

monit-docker-test/
├── Dockerfile
├── monitrc  # Will be placed at /etc/monitrc in the container
└── scripts/
    ├── program.sh
    ├── process.sh
    └── check_zombies.sh

Test Script Details

1. program.sh: Sleeps for 10 seconds and exits

   • Checks for zombie processes before running
   • Logs execution to /results/program_execution.log

2. process.sh: Writes its PID to a file, sleeps for 30 min, and exits

   • Checks for zombie processes before running
   • Logs execution to /results/process_execution.log
   • Handles SIGTERM gracefully

3. check_zombies.sh: Utility to check for zombie processes

   • Can be run manually to verify Monit is properly reaping child processes

Testing Monit as PID 1 in Docker

This guide provides step-by-step instructions for testing Monit's capabilities as a PID 1 replacement in a Docker container, with a focus on making it accessible for Docker beginners.

Prerequisites

1. Install Docker

   • For macOS: Docker Desktop
     • Download Docker Desktop from https://desktop.docker.com/mac/main/arm64/Docker.dmg for macOS with Apple Silicon
     • For Intel Macs, use https://desktop.docker.com/mac/main/amd64/Docker.dmg
     • Install the application by dragging it to your Applications folder
   • For Linux: Docker Engine
   • For Windows: Docker Desktop with WSL2

2. Clone or download the test repository

   • Ensure you have the monit-docker-test directory containing all necessary files:
     • Dockerfile
     • monitrc
     • scripts/program.sh
     • scripts/process.sh
     • scripts/check_zombies.sh

Step 1: Build the Docker Image

Open Terminal and navigate to your test directory:

cd monit-docker-test

Build the Docker image with the following command:

docker build --no-cache -t monit-test .

This creates a Docker image named "monit-test" containing Monit and all necessary test scripts. The --no-cache flag ensures a fresh build.

Note: This builds Monit from source in the container for testing purposes. See the NOTE in the Dockerfile for recommended production use.

Step 2: Run the Container

Remove any existing containers with the same name:

docker rm -f monit-container 2>/dev/null || true

Start a new container:

docker run -d --name monit-container -p 2812:2812 monit-test

This runs the container in detached mode (-d), names it "monit-container", and maps port 2812 for Monit's web interface.

Step 3: Verify Monit is Running as PID 1

docker exec -it monit-container ps -p 1 -o comm=

You should see monit as the output, confirming Monit is running as PID 1.

Step 4: Check for Zombie Processes

docker exec -it monit-container /usr/local/bin/check_zombies.sh

This runs the check_zombies.sh script inside the container, which provides information about the container's processes and checks for zombie processes.

Step 5: Test Zombie Process Reaping

Create some short-lived processes and check if they become zombies:

docker exec -it monit-container bash -c 'for i in {1..10}; do (sleep 1 && exit) & done; sleep 3; ps -eo stat,pid,ppid,cmd | grep -c "^Z"'

The output should be 0 if Monit is properly reaping processes.

Step 6: Test Process Monitoring

Kill the monitored process and verify that Monit restarts it:

docker exec -it monit-container bash -c 'kill $(cat /tmp/process.pid); sleep 5; ps ax | grep process.sh'

You should see that process.sh is running again after being killed.

Step 7: Check Monit's Status

docker exec -it monit-container monit summary

This shows the status of all services monitored by Monit.

Step 8: Check Resource Usage

Verify that Monit has minimal resource overhead as PID 1:

docker exec -it monit-container bash -c 'ps -o pid,pcpu,pmem,rss,cmd -p 1'

You should see low CPU and memory usage for the Monit process.

Step 9: Access the Web Interface

Open a browser and go to:

• http://localhost:2812 (for monit-container)

Step 10: Test Signal Handling (Container Shutdown)

Stop the container to test Monit's shutdown handling:

docker stop monit-container

Check the logs to verify proper shutdown:

docker logs monit-container | grep -E "shutdown|stopped|performing|responsibilities"

You should see messages indicating that Monit recognized it was running as PID 1 and performed shutdown responsibilities.

Step 11: Clean Up

When finished testing:

docker stop monit-container
docker rm monit-container
docker rmi monit-test

What Success Looks Like

Your test is successful if:

1. Monit is running as PID 1: Confirmed in Step 3
2. No zombie processes: Verified in Steps 4 and 5
3. Process monitoring works: Processes restart when killed as seen in Step 6
4. Clean shutdown: Proper signal handling during container termination in Step 10
5. Resource efficiency: Low resource usage as observed in Step 8

Troubleshooting

If the container stops immediately:

• Check container logs: docker logs monit-container
• Verify file permissions within the container
• Validate the monitrc file: docker exec -it monit-container monit -t

If zombie processes are detected:

• Run docker exec -it monit-container ps -eo stat,pid,ppid,cmd to see details
• Check if Monit eventually reaps them after a few seconds