Hi Guix,
I have a need to build some Docker images (well, really OCI-compliant
images) to run some service on computing systems that I don't manage. I
thought I would use `guix system image` to build these images. In order to
get a feel for it, I'm testing it out with the docker service running on
my Guix System (commit 50dd91bc30634c75c0001cfd38bbcc2fbbeb894e).
So far, I've created an image from this file with `guix system image
filename.scm`:
```
(use-modules (gnu)
(gnu image)
(gnu system image))
(use-service-modules databases ssh)
(use-package-modules databases linux)
(define container-os
(operating-system
(host-name "container")
(timezone "America/New_York")
(kernel linux-libre)
(bootloader (bootloader-configuration
(bootloader grub-efi-bootloader)
(targets '("/dev/sdX"))))
(file-systems '())
(packages %base-packages)
(users (cons* (user-account
(name "jackhill")
(comment "Jack Hill")
(group "users")
(supplementary-groups '("wheel" )))
%base-user-accounts))
(services
(cons* (service openssh-service-type
(openssh-configuration
(port-number 2222)
(password-authentication? #f)
(authorized-keys
`(("jackhill" ,(local-file
"/home/jackhill/.ssh/id_ed25519.pub"))))))
(service postgresql-service-type
(postgresql-configuration
(postgresql postgresql-14)
(config-file
(postgresql-config-file
(log-destination "stderr")
(hba-file
(plain-file "pg_hba.conf"
"
local all all trust
host all all 172.17.0.1/32 trust"))
(extra-config
'(("listen_addresses" "*")
("log_directory" "/var/log/postgresql")))))))
(service postgresql-role-service-type
(postgresql-role-configuration
(roles
(list (postgresql-role
(name "test")
(create-database? #t))))))
%base-services))))
(define container-image
(image
(format 'docker)
(operating-system container-os)
(shared-network? #t)))
container-image
```
I then load that into docker: `docker load < /gnu/store/…tar.gz`, and run
it with `docker run guix`.
So far, so good. However, ssh-daemon and postgres don't start. If I then
get a shell in the running container with `docker exec -ti … /bin/sh`, I
can see that `herd status` reports that those services are stopped. Trying
to start either service fails:
```
sh-5.1# herd start ssh-daemon
herd: exception caught while executing 'start' on service 'loopback':
Throw to key `%exception' with args `("#<&netlink-response-error errno: 1>")'.
sh-5.1# herd start postgres
herd: exception caught while executing 'start' on service 'loopback':
Throw to key `%exception' with args `("#<&netlink-response-error errno: 1>")'.
```
What's going on here? Is this a disagreement between shepherd and docker
about who's in charge of the networking? What's the right way to create a
docker system image that can run services?
Or, alternatively, is system image the way to go here? I haven't yet
explored running these services from a `guix pack` produced image, but I
suppose that could work as well?
Thanks!
Jack
