diff --git a/Dockerfile b/Dockerfile
index 99fed6b..1854a3f 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -25,13 +25,25 @@ RUN ln -sf /usr/share/zoneinfo/UTC /etc/localtime \
 RUN yum -y install --setopt=tsflags=nodocs epel-release && \
     yum -y install net-tools wget curl tar unzip mlocate logrotate strace telnet man unzip vim wget rsyslog cron && \
     yum clean all && \
-    mkdir -p /opt/tier
+    mkdir -p \
+      /opt/autoexec/bin  \
+      /opt/autoexec/onbuild  \
+      /opt/autoexec/firstrun \
+      /opt/bin  \
+      /opt/etc  \
+      /opt/log \
+      /opt/tier
 
 # Install Trusted Certificates
 RUN update-ca-trust force-enable
 ADD ./cert/InCommon.crt /etc/pki/ca-trust/source/anchors/
 RUN update-ca-trust extract
 
+ADD container_files/bin/firstrun.sh /opt/autoexec/bin/firstrun.sh
+ADD container_files/bin/onbuild.sh /opt/autoexec/bin/onbuild.sh
+ADD container_files/bin/stub.sh /opt/autoexec/firstrun/stub.sh
+ADD container_files/bin/stub.sh /opt/autoexec/onbuild/stub.sh
+
 # Set default environment variables.
 ENV HOME /opt/tier
 
diff --git a/Jenkinsfile b/Jenkinsfile
index 7c11b45..dda7869 100644
--- a/Jenkinsfile
+++ b/Jenkinsfile
@@ -1,4 +1,4 @@
-node {
+node('docker') {
   stage 'Checkout'
 
     checkout scm
diff --git a/README.md b/README.md
index 99032bb..5cbde40 100644
--- a/README.md
+++ b/README.md
@@ -7,4 +7,8 @@ Internet2 managed CentOS 7 base image
 
 ## purpose
 
-This container allows I2/TIER to insulate itself against upstream changes from CentOS managed images that may be unwanted.  It can also be used to trigger global changes (e.g. a new InCommon.crt) when appropriate.
\ No newline at end of file
+This container allows I2/TIER to insulate itself against upstream changes from CentOS managed images that may be unwanted.  It can also be used to trigger global changes (e.g. a new InCommon.crt) when appropriate.
+
+## autorun
+
+You are encouraged to include /opt/autorun/bin/onbuild.sh when closing your Dockerfiles, and to include /opt/autorun/bin/firstrun.sh in your CMD entrypoints.
\ No newline at end of file
diff --git a/container_files/bin/firstrun.sh b/container_files/bin/firstrun.sh
new file mode 100755
index 0000000..97f9d92
--- /dev/null
+++ b/container_files/bin/firstrun.sh
@@ -0,0 +1,6 @@
+#!/bin/bash
+
+for file in /opt/autoexec/firstrun/*
+do
+  exec "$file" >> /opt/log/autoexec.firstrun.log
+done
\ No newline at end of file
diff --git a/container_files/bin/onbuild.sh b/container_files/bin/onbuild.sh
new file mode 100755
index 0000000..07d014a
--- /dev/null
+++ b/container_files/bin/onbuild.sh
@@ -0,0 +1,6 @@
+#!/bin/bash
+
+for file in /opt/autoexec/onbuild/*
+do
+  exec "$file" >> /opt/log/autoexec.build.log
+done
\ No newline at end of file
diff --git a/container_files/bin/stub.sh b/container_files/bin/stub.sh
new file mode 100755
index 0000000..08ba7a6
--- /dev/null
+++ b/container_files/bin/stub.sh
@@ -0,0 +1,3 @@
+#!/bin/bash
+
+echo 'test'
\ No newline at end of file
diff --git a/tests/base.bats b/tests/base.bats
index 7ebaccf..1777cce 100644
--- a/tests/base.bats
+++ b/tests/base.bats
@@ -14,3 +14,27 @@ load ../common
   [ "$status" -eq 0 ]
   [[ ${output} == *"302"* || ${output} == *"200"* ]]
 }
+
+@test "Onbuild support script" {
+  docker run -i $maintainer/$imagename find /opt/autoexec/bin/onbuild.sh
+}
+
+@test "Onbuild support home" {
+  docker run -i $maintainer/$imagename find /opt/autoexec/onbuild
+}
+
+@test "Firstrun support bin" {
+  docker run -i $maintainer/$imagename find /opt/autoexec/bin/firstrun.sh
+}
+
+@test "Firstrun support home" {
+  docker run -i $maintainer/$imagename find /opt/autoexec/firstrun
+}
+
+@test "Onbuild terminates correctly" {
+  docker run -i $maintainer/$imagename /opt/autoexec/bin/onbuild.sh
+}
+
+@test "First run terminates correctly" {
+  docker run -i $maintainer/$imagename /opt/autoexec/bin/firstrun.sh
+}
\ No newline at end of file