2

I have this question which I hope is asked in the right place, if not, feel free to guide me.

I'm developing several Ansible roles and using Molecule as a tool to test the roles against. Molecule uses in turn containers to test the role against.

I'm specifically developing my roles for RHEL 8 based operating systems. I chose to use Rocky Linux as the OS for the container since this is one of the closest OS'es to RHEL.

In a role there are tasks executed using/utilizing systemd. However, containers do not have systemd available by default. There are 'workarounds' to actually make systemd available for containers, which is my goal.

So, I created a container which builds systemd in a Rocky Linux container, following this Dockerfile.

I build the container, and try to start it.

$ docker build -t my_test .
[+] Building 1.4s (6/6) FINISHED
...

Then, I try to run the container, but it provides an error.

$ docker run --tty --privileged --volume /sys/fs/cgroup:/sys/fs/cgroup:ro my_test
Failed to insert module 'autofs4': No such file or directory
systemd 239 (239-51.el8) running in system mode. (+PAM +AUDIT +SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD +IDN2 -IDN +PCRE2 default-hierarchy=legacy)
Detected virtualization docker.
Detected architecture x86-64.

Welcome to Rocky Linux 8.5 (Green Obsidian)!

Set hostname to <dea75c1001fd>.
Initializing machine ID from random generator.
Failed to create /init.scope control group: Read-only file system
Failed to allocate manager object: Read-only file system
[!!!!!!] Failed to allocate manager object, freezing.
Freezing execution.

Question: How can I successfully build a container which has systemd available on a Rocky Linux container?

Info: MacOS 10.15.7, Docker version 20.10.11, build dea9396

Improve this question

2 Answers 2

Reset to default
1

If you want to have systemd inside container and you are running on systemd enabled system why bother with alien and non-standard crap like docker?

All up to date systemd systems support systemd-nspawnd containers natively: https://www.freedesktop.org/software/systemd/man/systemd-nspawn.html

These containers will run systemd inside natively and will have almost everyhting working, including service managment and other stuff. This type of container also does not depend on clunky docker hub silliness, so you can easily install any OS inside that is supported by your kernel.

In fact, nspawnd containers behave more like freebsd jails or real vms than some docker stuff. In your use case this would make perfect sense.

EDIT:

Sorry I did not notice you are on MacOS.

It's some time I was dealing with MacOS and I am pretty sure their linux emulation is nonexistant and even if it was the opposite case, you certainly can not succeed in loading this kernel module to completely different system architecture:

Failed to insert module 'autofs4': No such file or directory

I heard about some reasearch usermode linux kernel emulation written in go some years ago, but I am not entirely sure if docker is or even would be capable of handling that.

In short you are using the wrong tool for the given job.

Proper approach would be running lightweight VM and run systemd inside that. You can then mentally treat that VM as container, after all it does not matter.

If you really need to run some linux specific containerization engine to test your use cases, build a small centors/rhel/rocky VM and instal you containerization framewrok into it (nspawn is present by default though).

Improve this answer
1
  • I gave you the correct answer because: "You certainly can not succeed in loading this kernel module to completely different system architecture". I've changed the title of my question. I hopes this helps other MacOS users with the same use case as well. Commented Dec 20, 2021 at 21:57
0

Here is an example of someone who got systemd working in a docker container on MacOS, using a docker-compose.yml file to mount the /sys/fs/cgroup volume and the necessary tmpfs directories:

https://github.com/moby/moby/issues/30723#issuecomment-365927679

by adding the following to their docker-compose file:

    privileged: true
    cap_add:
      - SYS_ADMIN
    security_opt:
      - seccomp:unconfined
    tmpfs:
      - /run
      - /run/lock
    volumes:
      - /sys/fs/cgroup:/sys/fs/cgroup:ro

Elsewhere in that issue thread, it is explained that docker on Mac uses its own linux vm, so the container mounts that, and /sys/fs/cgroup does not need to exist on your mac.

Improve this answer
2
  • If /sys/fs/cgroup does not need to exist on the mac then could it just point to some other local directory? What's the point of the volume mount if it's not needed? Or maybe your point is that it points to something on the local VM and not directly in the mac filesystem? Commented May 16 at 15:37
  • Right: my point was the directory doesn't need to exist on the Mac's host filesystem, because the container mounts it from the Linux VM running on the Mac Commented May 16 at 19:11

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.