Hello,
the FreeIPA server in container
https://github.com/adelton/docker-freeipa
is now based on systemd run in the container, primarily because the
IPA server consists of multiple services that get configured and
started during the initial ipa-server-install configuration stage.
The approach works reasonably well, and compared to the original
systemctl workaround that just provided compatibility for IPA's
services, we now have support for full systemd.unit so newer versions
of packages that change their unit definitions will hopefully be
less of a source of regressions.
In the container, we run the ipa-server-install from a service, so
that it finds systemd alredy running.
Now we'd like to prepare pre-configured container images with IPA
server not just installed but already configured and ready to use, to
skip the couple of minutes' penalty that ipa-server-install
configuration step takes in runtime, primarily for application
developer use-cases.
For that we'd like to be able to run ipa-server-install during docker
build and for that we'd need to be able to run systemd during docker
build.
What is the recommended way to do that?
In runtime, we seem to have to use
docker run --rm -ti -e container=docker -v
/sys/fs/cgroup:/sys/fs/cgroup:ro -v /tmp -v /run fedora:23 /usr/sbin/init
to make systemd happy. I've tried docker 1.10's -v to mount
/sys/fs/cgroup but for /tmp and /run volumes are not (yet?) supported
in 1.10.
It's extremely hard to figure out what systemd sees to be a problem,
partially because there seems to be no /dev/console during build
time which I've tried to workaround with
RUN ln -s /dev/stdout /dev/console && exec /usr/sbin/init
--log-target=console
but I still don't get any output and the process ends with pause(),
which looking at the source code suggests freeze() was called.
Is there any hope / effort to get systemd runnable in docker build
time or should I go back to the systemctl workaround?
--
Jan Pazdziora | adelton at #ipa*, #brno
Sr. Principal Software Engineer, Identity Management Special Projects, Red Hat
