3

Am trying to install and configure openstack (devstack) inside docker container. While installing am getting the following error

"Failed to get D-Bus connection: No connection to service manager."

Later, I checked and found that its because of systemd problem. When I tried executing the command systemd

$>systemd

Am getting the following output.

Trying to run as user instance, but the system has not been booted with systemd.

Following are the things which am used.

Host machine OS : Ubuntu 14.04, Docker Version : Docker version 1.12.4, build 1564f02, Docker Container OS : Ubuntu 14.04

Can anyone help in this. Thanks in advance.

abinesh s
  • 87
  • 1
  • 2
  • 14
  • Docker is not a virtual machine, normally it only runs a single process, explaining why there is no systemd process running. See also: http://stackoverflow.com/questions/41494592/is-it-best-practice-to-daemonize-a-process-within-docker/41495150#41495150 – Mark O'Connor Jan 08 '17 at 21:19
  • Please update the question to be clear what OS and version the docker /host/ is running as well which which OS and version is running *inside* a docker container. – Mark Stosberg Jan 09 '17 at 15:23
  • As @MarkO'Connor mentioned, you can run for every service a container, Why not you try to divide your processes into services? check out docker-compose to manage such services more easily. – julian salas Jul 09 '17 at 20:30

4 Answers4

2

First of all, systemd expects /sys/fs/cgroup to be mounted. Additionally, you must make the container privileged, or else this happens:

operation not permitted

docker run -v /sys/fs/cgroup:/sys/fs/cgroup:ro --privileged -it --rm ubuntu

Then you can go ahead and run /bin/systemd --system --unit=basic.target from bash, and it should run normally (with some errors of course, because Docker does not virtualize an entire system, nor is the library:ubuntu image more than the minimum size required to run properly):

operation is permitted!

After you have systemd running (semi-)properly, you can simply use a docker stop to stop the container.

This post is based on my own research, a few weeks of it too, for a project I like to call initbuntu (originally I tried to get init running, but running systemd directly was my only solution after all my failed tries). The container will be available on Docker Hub as logandark/initbuntu, Soon™. For now, a broken copy (or not broken, I dunno) is available there at the time of posting.

Sources (kinda):

  • /sys/fs/cgroup: Here
  • systemd --system: A StackOverflow post I lost the link to.
LoganDark
  • 99
  • 4
2

Existing DevStack on Docker Project

First of all, you can get a preconfigured Dockerfile with DevStack Ocata/Pike on Docker here. The repository also contains further information on DevStack and containers.

Build Your Own Image

Running systemd in Docker is certainly possible and has been done before. I found Ubuntu 16.04 LTS is a good foundation for the Docker host as well as the base image.

Your systemd/DevStack Dockerfile needs this configuration, which also cleans up services you probably don't want inside a Docker container:

FROM ubuntu:16.04

#####################################################################
# Systemd workaround from solita/ubuntu-systemd and moby/moby#28614 #
#####################################################################
ENV container docker

# No need for graphical.target
RUN systemctl set-default multi-user.target

# Gracefully stop systemd
STOPSIGNAL SIGRTMIN+3

# Cleanup unneeded services
RUN find /etc/systemd/system \
         /lib/systemd/system \
         -path '*.wants/*' \
         -not -name '*journald*' \
         -not -name '*systemd-tmpfiles*' \
         -not -name '*systemd-user-sessions*' \
    -exec rm \{} \;

# Workaround for console output error moby/moby#27202, based on moby/moby#9212
CMD ["/bin/bash", "-c", "exec /sbin/init --log-target=journal 3>&1"]

If you intend to run OpenStack/DevStack inside said container, it might save you lots of trouble to start it privileged instead of defining separate security capabilities and volumes:

docker run \
    --name devstack \
    --privileged \
    --detach \
    image

To get a bash inside your new systemd container try this:

docker exec \
    --tty \
    --interactive \
    devstack \
    bash
user4560540
  • 21
  • 3
1

Systemd should work inside properly configured container. You can run the container in privileged mood to run systemd.

"Systemd cannot run without SYS_ADMIN, less privileges than that won't work (see #2296 (comment)). Yes it's possible to make it "easier" (a tool that automatically sets these), but it'll still need certain privileges"

See this Github issue

After all docker is an application container and it runs the process which you specify at run time , after completing that process it will exit. May be you need an OS container or a virtual machine for your use case. See OS container vs Application Container here

Ijaz Ahmad
  • 11,198
  • 9
  • 53
  • 73
0

In most cases the error messages comes up because an installer program has tried to run "systemctl start ". Unlike initscripts the systemctl command will not try execute the start script directly - instead it tries to contact the systemd daemon to execute the start sequence of the service. So all services have a common parent in the systemd daemon.

It can be quite overdone to run a systemd daemon inside a docker container just to start a service. You could use the systemctl-docker-replacement overwriting /usr/bin/systemctl in which case the target service is started without the help of a systemd daemon. It runs the ExecStart from the *.service file directly.

Guido U. Draheim
  • 3,038
  • 1
  • 20
  • 19