问题
I have a situation where I need to start some services within this jenkins container to make it work in our project. So i need Systemd enabled in order to do that...
As of now I get the below error when I try to run "systemctl" command within this container:
Failed to get D-Bus connection: Operation not permitted
Which is expected. Now on my research, I found that if we use the below docker file to create an image and then run a container, we should be able to run systemctl commands:
FROM docker.io/openshift/jenkins-1-centos7
MAINTAINER "you" your@email.here
ENV container docker
RUN (cd /lib/systemd/system/sysinit.target.wants/; for i in ; do [ $i ==systemd-tmpfiles-setup.service ] || rm -f $i; done); \
rm -f /lib/systemd/system/multi-user.target.wants/;\
rm -f /etc/systemd/system/.wants/;\
rm -f /lib/systemd/system/local-fs.target.wants/; \
rm -f /lib/systemd/system/sockets.target.wants/udev; \
rm -f /lib/systemd/system/sockets.target.wants/initctl; \
rm -f /lib/systemd/system/basic.target.wants/;\
rm -f /lib/systemd/system/anaconda.target.wants/*;
VOLUME [ "/sys/fs/cgroup" ]
CMD ["/usr/sbin/init"]
I got the below error
/bin/sh: line 0: [: cryptsetup.target: unary operator expected
rm: cannot remove 'cryptsetup.target': Permission denied
/bin/sh: line 0: [: dev-hugepages.mount: unary operator expected
rm: cannot remove 'dev-hugepages.mount': Permission denied
/bin/sh: line 0: [: dev-mqueue.mount: unary operator expected
rm: cannot remove 'dev-mqueue.mount': Permission denied
...
I am using the root user to run the command.
Although, if I replace the source image to normal centos image
FROM centos:7
The systemd for this newly created image (based on centos) works fine.
Is there a reason for this error? or I can't create a systemd type image on top of given jenkins-1-centos7 image?
EDIT: ok, so an expert helped me understand that "by default in a Dockerfile you run commands as root until you explicity change users with the USER directive. However, since you are building on an image that has already made that change I believe you are running commands as the Jenkins user and not as the root user. If you explicitly switch back to root then you can run the commands."
So the new file looks something like this:
FROM docker.io/openshift/jenkins-1-centos7
MAINTAINER "you" your@email.here
#ENV container docker
USER root
RUN (cd /lib/systemd/system/sysinit.target.wants/; for i in ; do [ $i ==systemd-tmpfiles-setup.service ] || rm -f $i; done); \
rm -rf /lib/systemd/system/multi-user.target.wants/;\
rm -rf /etc/systemd/system/.wants/;\
rm -rf /lib/systemd/system/local-fs.target.wants/; \
rm -rf /lib/systemd/system/sockets.target.wants/udev; \
rm -rf /lib/systemd/system/sockets.target.wants/initctl; \
rm -rf /lib/systemd/system/basic.target.wants/;\
rm -rf /lib/systemd/system/anaconda.target.wants/*;
VOLUME [ "/sys/fs/cgroup" ]
CMD ["/usr/sbin/init"]
It works!! But now, the jenkins service doesn't start back giving the below error: bash-4.2# systemctl status jenkins.service ● jenkins.service - LSB: Jenkins Continuous Integration Server Loaded: loaded (/etc/rc.d/init.d/jenkins) Active: failed (Result: exit-code) since Tue 2016-10-18 19:45:17 UTC; 5s ago Docs: man:systemd-sysv-generator(8) Process: 95 ExecStart=/etc/rc.d/init.d/jenkins start (code=exited, status=1/FAILURE)
Oct 18 19:45:17 578908315d82 systemd[1]: Starting LSB: Jenkins Continuous Integration Server...
Oct 18 19:45:17 578908315d82 jenkins[95]: /etc/rc.d/init.d/jenkins: line 51: /etc/init.d/functions: No such file or directory
Oct 18 19:45:17 578908315d82 systemd[1]: jenkins.service: control process exited, code=exited status=1
Oct 18 19:45:17 578908315d82 systemd[1]: Failed to start LSB: Jenkins Continuous Integration Server.
Oct 18 19:45:17 578908315d82 systemd[1]: Unit jenkins.service entered failed state.
Oct 18 19:45:17 578908315d82 systemd[1]: jenkins.service failed.
Currently still researching on this...
EDIT2: So I solved the issue sometime back, because I decided to use a separate container for running everything else, and this jenkins container was untouched as it is...
回答1:
In addition of your issue on openshift/jenkins, you also have docker issue 7459 which points out:
It works for me with this PR #25567 with just
--cap-add SYS_ADMIN.
This commit is yet to be released in docker though.
回答2:
Let me point out again that you do not need to run a systemd daemon in a systemd controlled container if it is just about running multiple services in it. Simply overwrite /usr/bin/systemctl with the docker-systemctl-replacement script. Then go to register it with CMD ["/usr/bin/systemctl"] as the init process of the container.
That's it. Now you can run any systemctl-start process from the operating system. It works to the extent that even provisioning with ansible/puppet scripts have no problem at all. And specficially, I am using that to provision Jenkins images with the operating system that the developers like to have as a basis.
来源:https://stackoverflow.com/questions/40053483/how-to-enable-systemd-service-in-openshift-jenkins-1-centos7-docker-container