Running /usr/sbin/init in Dockerfile along with salt-master

Question

I am trying to run /usr/sbin/init in a shell script, but it never executes. I tried the solution mentioned here, but it did not work or maybe I am doing something wrong. Error Message from container logs: Couldn't find an alternative telinit implementation to spawn. Here is my Dockerfile

FROM centos
RUN yum install -y epel-release && \
yum install -y --nogpgcheck https://repo.saltstack.com/yum/redhat/salt-repo-latest-2.el7.noarch.rpm && \
yum update -y && \
yum install -y virt-what salt-master salt-api vim && \
yum clean all && \
rm -rf /var/cache/yum


COPY extras/netapi.conf /etc/salt/master.d/
COPY entrypoint-master.sh /entrypoint-master.sh

RUN yum -y install systemd; yum clean all; \
(cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i == 
systemd-tmpfiles-setup.service ] || rm -f $i; done); \
rm -f /lib/systemd/system/multi-user.target.wants/*;\
rm -f /etc/systemd/system/*.wants/*;\
rm -f /lib/systemd/system/local-fs.target.wants/*; \
rm -f /lib/systemd/system/sockets.target.wants/*udev*; \
rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \
rm -f /lib/systemd/system/basic.target.wants/*;\
rm -f /lib/systemd/system/anaconda.target.wants/*;
VOLUME [ “/sys/fs/cgroup” ]

EXPOSE 4505/tcp
EXPOSE 4506/tcp
EXPOSE 8080/tcp
CMD ["/entrypoint-master.sh"]

And here is my entrypoint script

#!/bin/bash

set -e

/usr/sbin/init

# Start the first process
/usr/bin/salt-master -d -l debug
status=$?
if [ $status -ne 0 ]; then
  echo "Failed to start salt-master: $status"
  exit $status
fi

# Start the second process
/usr/bin/salt-api -d -l debug
status=$?
if [ $status -ne 0 ]; then
  echo "Failed to start salt-api: $status"
  exit $status
fi

# Naive check runs checks once a minute to see if either of the processes exited.
# This illustrates part of the heavy lifting you need to do if you want to run
# more than one service in a container. The container exits with an error
# if it detects that either of the processes has exited.
# Otherwise it loops forever, waking up every 60 seconds

while sleep 60; do
  ps aux |grep salt-master |grep -q -v grep
  PROCESS_1_STATUS=$?
  ps aux |grep salt-api |grep -q -v grep
  PROCESS_2_STATUS=$?
  # If the greps above find anything, they exit with 0 status
  # If they are not both 0, then something is wrong
  if [ $PROCESS_1_STATUS -ne 0 -o $PROCESS_2_STATUS -ne 0 ]; then
    echo "One of the processes has already exited."
    exit 1
  fi
done

exec "$@"

Can someone please suggest how I can fix it. Thanks.

Answer 1

Try removing the init section and rather then checking process availability with ps output use HEALTHCHECK instruction to check if the service is running and respawn the container if the servive (/usr/bin/python /usr/bin/salt-master -d ) is not listening on the port or gives expected response.

For systemd to start d-bus should be running. So if it's absolutely necessary use some specific base images with some init system e.g. phusion/baseimage - generally they don't keep it.

I tried keeping the entrypoint file only with two commands but both just finish starting some process in background.

[root@0ef85a95d843 /]# /usr/bin/salt-api -d -l debug
[DEBUG   ] Reading configuration from /etc/salt/master
[DEBUG   ] Including configuration from '/etc/salt/master.d/netapi.conf'
[DEBUG   ] Reading configuration from /etc/salt/master.d/netapi.conf
[DEBUG   ] Missing configuration file: /root/.saltrc
[DEBUG   ] Configuration file path: /etc/salt/master
[root@0ef85a95d843 /]# ps auxwf
USER       PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
root       253  0.0  0.0  11820  1900 pts/0    Ss   10:17   0:00 /bin/bash
root       360  0.0  0.0  51736  1708 pts/0    R+   10:18   0:00  \_ ps auxwf
root         1  0.0  0.0  11680  1360 ?        Ss   10:16   0:00 /bin/bash /entrypoint-master.sh
root        15  0.0  0.2 214840 23628 ?        S    10:16   0:00 /usr/bin/python /usr/bin/salt-master -d -l debug
root        16  0.4  0.3 306288 29800 ?        Sl   10:16   0:00  \_ /usr/bin/python /usr/bin/salt-master -d -l debug
root        17  0.0  0.2 296768 23376 ?        Sl   10:16   0:00  \_ /usr/bin/python /usr/bin/salt-master -d -l debug
root        18  0.0  0.3 296768 24392 ?        Sl   10:16   0:00  \_ /usr/bin/python /usr/bin/salt-master -d -l debug
root        19  0.0  0.2 214840 22820 ?        S    10:16   0:00  \_ /usr/bin/python /usr/bin/salt-master -d -l debug
root        23  1.1  0.3 959776 27912 ?        Sl   10:16   0:00      \_ /usr/bin/python /usr/bin/salt-master -d -l debug
root        24  1.1  0.3 959776 27836 ?        Sl   10:16   0:00      \_ /usr/bin/python /usr/bin/salt-master -d -l debug
root        27  1.1  0.3 959776 27864 ?        Sl   10:16   0:00      \_ /usr/bin/python /usr/bin/salt-master -d -l debug
root        32  1.1  0.3 959776 27848 ?        Sl   10:16   0:00      \_ /usr/bin/python /usr/bin/salt-master -d -l debug
root        33  1.1  0.3 959776 27904 ?        Sl   10:16   0:00      \_ /usr/bin/python /usr/bin/salt-master -d -l debug
root        34  0.0  0.2 591696 23332 ?        Sl   10:16   0:00      \_ /usr/bin/python /usr/bin/salt-master -d -l debug
root        67  0.0  0.0   4360   360 ?        S    10:16   0:00 sleep 40m

The process starts and can be seen in ps output but it's in Sl (multi-threaded process in interruptible sleep). So you need some process that will keep running. I was able to connect container only as I have added sleep in the end. Try salt-unity master to start master it keeps on running just get one warning

[WARNING ] Although 'dmidecode' was found in path, the current user cannot execute it. Grains output might not be accurate.

see if this works for you.

Answer 2

The "normal" Docker setup is to not run an init system at all, or else to run an extremely lightweight init like tini, and then to run whatever service as a foreground process. The reverse of that is that this means running only one process/service in a container, in the foreground. You basically have all of the parts here already, though.

For the Salt master, I'd remove the special entrypoint script, and reduce the Dockerfile to:

FROM centos:7
RUN yum install -y epel-release && \
    yum install -y --nogpgcheck https://repo.saltstack.com/yum/redhat/salt-repo-latest-2.el7.noarch.rpm && \
    yum update -y && \
    yum install -y virt-what salt-master && \
    yum clean all && \
    rm -rf /var/cache/yum
EXPOSE 4505 4506
CMD ["salt-master", "-l", "debug"]

and similarly for the netapi server container. I might use Docker Compose to manage the two related containers.

If you really want to stick with systemd (and its various mismatches with Docker), all of the Salt Stack installation instructions suggest that it ships with its own unit files, and so I'd let systemd manage the startup for you. When you remove all of the default systemd configuration, do that before installing the two Salt servers, so that when you do install them, their unit files from the RPMs will get installed. Then you can again skip the custom entrypoint file and CMD ["/usr/sbin/init"].