Cet article rapide explique comment faire un workaround lorsqu’on essaye de faire un systemctl status un_service dans un container Docker sur Centos (ou Ubuntu) avec Docker 19.03. Sans ce workaround on obtient l’erreur suivante Failed to get D-Bus connection: Operation not permitted.

Créer une image docker basée sur Centos 7:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
# This shows systemd services (nginx and named) running in a centos7 container.
# There have been lots of problems and workarounds for this, see:
# https://hub.docker.com/_/centos/
# https://github.com/docker/docker/issues/7459

FROM centos:centos7

RUN yum install -y epel-release # for nginx
RUN yum install -y initscripts # for old "service"

ENV container=docker

RUN (cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i == systemd-tmpfiles-setup.service ] || rm -f $i; done); \
rm -f /lib/systemd/system/multi-user.target.wants/*;\
rm -f /etc/systemd/system/*.wants/*;\
rm -f /lib/systemd/system/local-fs.target.wants/*; \
rm -f /lib/systemd/system/sockets.target.wants/*udev*; \
rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \
rm -f /lib/systemd/system/basic.target.wants/*;\
rm -f /lib/systemd/system/anaconda.target.wants/*;

# named (dns server) service
RUN yum install -y bind bind-utils
RUN systemctl enable named.service

# Unrelated to systemd, but Apacehe httpd install fails at least if docker uses
# (default) aufs.
# Error unpacking rpm package httpd-2.4.6-40.el7.centos.x86_64
# error: unpacking of archive failed on file /usr/sbin/suexec: cpio: cap_set_file
#RUN yum install -y httpd

# webserver service
RUN yum install -y nginx
RUN systemctl enable nginx.service

# Without this, init won't start the enabled services and exec'ing and starting
# them reports "Failed to get D-Bus connection: Operation not permitted".
VOLUME /run /tmp

# Don't know if it's possible to run services without starting this
CMD /usr/sbin/init

Maintenant on crée un docker-compose.yml:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
version: '3'
services:
test:
build:
context: .
cap_add:
- SYS_ADMIN
security_opt:
- seccomp:unconfined
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:ro
ports:
- "80:80"
# The DNS server works within container (dig @localhost example.com), but
# *not* via published port. Not sure this is related to systemd.
#- "53:53/tcp"
#- "53:53/udp"

Et voilà. Buildez et démarrez votre container :

1
docker-compose build && docker-compose down && docker-compose up -d

Connectez vous à votre container et essayez de voir le status d’un service:

1
2
3
4
docker ps # pour récupérer son id
# Puis
docker exec -it ID_DU_CONTAINER /bin/bash
systemctl status nginx

Cela va fonctionner ;) …