systemctl start service in Dockerfile script - dockerfile

I am trying to build the docker image using CentOS 7.7 as my base docker image which is systemd image.
Now, my requirement is like this: install the first RPM which starts the systemctl start my-process and this process required to be started in order to install my second RPM. But since Dockerfile not able to start the process using systemctl, i am not able to install any RPM correctly. I am getting following error:
Failed to get D-Bus connection: Operation not permitted

The "systemctl" client tool does not do much. It looks for the socket to contact the systemd daemon running on PID 1, i.e. the program you have been running from ENTRYPOINT. If you have removed the systemd service then you will get an error like that.
If you want to use a container like a virtual machine then it may be better run a different service-manager on PID-1. An example would be the docker-systemctl-replacement service.
It has served me well to bring applications into containers which were not really meant for that.

Related

How can I use kubernetes cluster in Windows WSL2?

I am trying to create cluster by using this article in my WSl Ubuntu. But It returns some errors.
Errors:
yusuf#DESKTOP-QK5VI8R:~/aws/kubs2$ sudo systemctl daemon-reload
System has not been booted with systemd as init system (PID 1). Can't operate.
Failed to connect to bus: Host is down
yusuf#DESKTOP-QK5VI8R:~/aws/kubs2$ sudo systemctl restart kubelet
System has not been booted with systemd as init system (PID 1). Can't operate.
Failed to connect to bus: Host is down
yusuf#DESKTOP-QK5VI8R:~/aws/kubs2$ sudo kubeadm init --pod-network-cidr=10.244.0.0/16
[init] Using Kubernetes version: v1.21.1
[preflight] Running pre-flight checks
[WARNING Service-Docker]: docker service is not enabled, please run 'systemctl enable docker.service'
[WARNING IsDockerSystemdCheck]: detected "cgroupfs" as the Docker cgroup driver. The recommended driver is "systemd". Please follow the guide at https://kubernetes.io/docs/setup/cri/
error execution phase preflight: [preflight] Some fatal errors occurred:
[ERROR Port-6443]: Port 6443 is in use
[ERROR Service-Docker]: docker service is not active, please run 'systemctl start docker.service'
[ERROR Swap]: running with swap on is not supported. Please disable swap
[preflight] If you know what you are doing, you can make a check non-fatal with `--ignore-preflight-errors=...`
To see the stack trace of this error execute with --v=5 or higher
I don't understand the reason when I use sudo systemctl restart kubelet. Error like this occurs:
docker service is not enabled, please run 'systemctl enable docker.service'
When I use:
yusuf#DESKTOP-QK5VI8R:~/aws/kubs2$ systemctl enable docker.service
Failed to enable unit, unit docker.service does not exist.
But I have docker images still runnig:
What is wrong while creating Cluster Kubernetes in WSL? Is there any good tutorial for creating cluster in WSL?
Tutorial you're following is designed for cloud Virtual machines with Linux OS on them (this is important since WSL works a bit differently).
E.g. SystemD is not presented in WSL, behaviour you're facing is currently in development phase.
What you need is to follow designated tutorial for WSL (WSL2 in this case). Also see that docker is set up on Windows machine and shares its features with WSL integration. Please find Kubernetes on Windows desktop tutorial (this uses KinD or minikube which is enough for development and testing)
Also there's a part for enabling SystemD which can potentially resolve your issue on a state where you are (I didn't test this as I don't have a windows machine).

Running postgres 9.5 and django in one container for CI (Bamboo)

I am trying to configure a CI job on Bamboo for a Django app, the tests to be run rely on a database (postgres 9.5). It seems that a prudent way to go about is it run the whole test in a docker container, as I do not control the agent environment so I cannot install Postgres there.
Most guides I found recommend running postgres and django in two separate containers and using docker-compose to easily manage them. In this scenario each docker image runs just one service, started with CMD. In Bamboo I cannot use docker-compose however, I need to use just one image, so I am trying to get Postgres and Django to run nicely together in one container but with little success so far.
My problem is that I see no easy way to start Postgres as a service inside docker but NOT as a docker CMD command, official postgre image uses an entrypoint.sh approach, also described in the official docker docs
But it is not clear to me how to implement that. I would appreciate your help!
Well, basically you would start postgres as a background process in the docker-entrypoint shell script that does otherwise start your django application.
The only trick here is that you need to put a 'trap' command in it so that you can send a shutdown/kill to the background process when your master process stops.
Although I have done that a thousand times, I know that it is a good source for programming errors. In general I do just use my docker-systemctl-replacement which takes care of running multiple applications as services, just as if the container is a virtual machine hosting multiple applications.
Your only other option is to add in a startup script in your Dockerfile, or kick it off as part of your docker run ... commands. We don't generally use the "Docker" tasks, as I find them ... distasteful (also why I usually just fall back to running a "Script" task, and directly calling docker run in that script task)
Anyway, you'd have to have your Docker container execute a script that would:
Start up Postgres (like a sudo systemctl start postgresql)
Execute your tests.
Your Dockerfile will have to install Postgresql and do some minor setup work I imagine (like create relevant users and databases with the proper owner). Since we're all good citizens, we remember to never run your containers as root, right?
Note - you can always hack around getting two containers to talk to each other without using docker-compose. It's a bit less convenient, but you could do something like:
docker run --detach --cidfile=db_cidfile --name ci_db postgresql_image
...
docker run --link ci_db testing_image
Make sure that you EXPOSE the right ports on the postgresql image to the testing_image container.
EDIT: I'm looking more at my specific case - we just install Postgresql into a base CentOS host rather than use the postgresql default image (using yum install http://yum.postgresql.org/..../pgdg-centos...rpm and then just install postgresql-server and postgresql-contrib packages from there). There is a CMD [ "/usr/pgsql-ver/bin/postgres", "-D", "/var/lib/pgsql/ver/data"] in our Dockerfile, too. We don't do anything fancy with the docker container, though. NOTE: we don't use this in production at all, this is strictly for local and CI testing.

Unable to bring up docker project

I'm following this Docker tutorial, which creates a simple Docker-managed Django site, and when I try to run docker-compose up to launch my docker project, I get the ambiguous error:
ERROR: Couldn't connect to Docker daemon at http+docker://localunixsocket - is it running?
The error suggests that the Docker daemon isn't running, but service docker status shows the Docker daemon is running.
If instead I run sudo docker-compose up, then it succeeds, but it chowns a lot of my local development files to the root user, which is easy enough to fix, but annoying.
Why does Docker require root access just to start a local Django development server? How do I fix this?
My versions:
Docker version 18.06.1-ce, build e68fc7a
docker-compose version 1.11.1, build 7c5d5e4
Ubuntu 16.04.5 LTS
If you can run any Docker command at all, you can trivially root the host:
docker run --rm -v /:/host busybox \
cat /host/etc/shadow
Additionally, Docker containers frequently run as root within their own container space, which means that whatever parts of the host filesystem you choose to expose into them, they can make arbitrary changes as arbitrary user IDs. You can use a docker run -u option to pick a different user ID, but you can pick any user ID, even one that belongs to another user on a shared system.
It is very reasonable to use sudo as a way to get root privileges for things that need it, and this is a typical out-of-the-box Docker configuration.
At the end of the day the only real gate on this is the Unix permissions on the file /var/run/docker.sock. This is often mode 0660 owned by a dedicated docker group. If you don’t mind your normal user being able to read and write arbitrary host files without much of a control at all, you can add yourself to that group. That’s frequently appropriate for something like a developer laptop; but on anything like a production system it deserves some real consideration of its security implications.

Chaincode setup Hyperledger Fabric

I'm trying to setup Hyperledger Fabric chaincode development setup in my MAC machine. I already have the development environment setup, but my end goal is to just develop a blockchain application on top of Hyperledger Fabric. So I am moving towards the docker chaincode developement and test environment. I'm following the instructions given here (following the Option 2). The docker-compose up command is throwing the following error :
himanshus-mbp:fabric himanshutyagi$ docker-compose up
Recreating fabric_membersrvc_1
Creating fabric_vp_1
ERROR: for vp driver failed programming external connectivity on endpoint fabric_vp_1 (98887f3aa674ed269b3bf9cae87f28d7686920343a9cb2aac5f2715b1a945da8): Error starting userland proxy: write /port/tcp:0.0.0.0:5000:tcp:172.17.0.2:5000/ctl: errno 526
ERROR: Encountered errors while bringing up the project.
There is nothing related to this on the github issues. Can anyone explain what might be going wrong ?
If you know what process is running at port 5000 then try with sudo lsof -i tcp:5000 then note the process id and run sudo kill -15 <PROCESS_ID_HERE>. After that retry running docker commad
The port is probably already in use by another process. Has it already been started or is another program using the port. Use lsof to help find the process.

Hyperledger fabric behave tests failing "cannot connect to Docker endpoint"

Using Hyperledger fabric, I run make behave-deps then make behave, yet several of the behave test scenarios fail ("Error starting container: cannot connect to Docker endpoint") - how would I go about fixing this?
Typically this problem is encountered when running outside of Vagrant.
Ensure you can run
docker run hello-world
Without sudo
If this fails, this can be resolved by adding he user to the group as in the installation docs
If running the vagrant-based development environment described here, a change was recently made to the Docker port mapping that would manifest itself with these failed tests. Reconstruct your development environment with vagrant destroy and vagrant up from the $GOPATH/src/github.com/hyperledger/fabric/devenv directory.