solita/docker-systemd solita/docker-systemd

  • This repository has been archived on 06/Aug/2018
  • Stars
    star
    119
  • Rank 289,577 (Top 6 %)
  • Language
    Shell
  • License
    MIT License
  • Created about 8 years ago
  • Updated almost 6 years ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
solita/docker-systemd
github

solita

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

systemd-enabled versions of Docker base images

PROJECT UNMAINTAINED

This image is no longer used nor maintained by its original developer. If you want to continue its development, you may fork the project in accordance with its license.

solita/ubuntu-systemd

A Docker image based on ubuntu that runs systemd with a minimal set of services.

This image is meant for development use only. We strongly recommend against running it in production!

Supported tags

  • 18.04, bionic
  • 16.04, xenial, latest

But why?

The short answer: use solita/ubuntu-systemd for running applications that need to be run in a full Ubuntu system and not on their own as PID 1.

The long answer: solita/ubuntu-systemd might be a better choice than the stock ubuntu image if one of the following is true:

  • You want to test a provisioning or deployment script that configures and starts systemd services.

  • You want to run multiple services in the same container.

  • You want to solve the the PID 1 zombie reaping problem.

If you just want to run a single, short-lived process in a container, you should probably use the stock ubuntu image instead.

Setup

Before you start your first systemd container, run the following command to set up your Docker host. It uses special privileges to create a cgroup hierarchy for systemd. We do this in a separate setup step so we can run systemd in unprivileged containers.

docker run --rm --privileged -v /:/host solita/ubuntu-systemd setup

Running

You need to add a couple of flags to the docker run command to make systemd play nice with Docker.

We must disable seccomp because systemd uses system calls that are not allowed by Docker's default seccomp profile:

--security-opt seccomp=unconfined

Ubuntu's systemd expects /run and /run/lock to be tmpfs file systems, but it can't mount them itself in an unprivileged container:

--tmpfs /run
--tmpfs /run/lock

systemd needs read-only access to the kernel's cgroup hierarchies:

-v /sys/fs/cgroup:/sys/fs/cgroup:ro

Allocating a pseudo-TTY is not strictly necessary, but it gives us pretty color-coded logs that we can look at with docker logs:

-t

Testing

This image is useless as it's only meant to serve as a base for your own images, but you can still create a container from it. First set up your Docker host as described in Setup above. Then run the following command:

docker run -d --name systemd --security-opt seccomp=unconfined --tmpfs /run --tmpfs /run/lock -v /sys/fs/cgroup:/sys/fs/cgroup:ro -t solita/ubuntu-systemd

Check the logs to see if systemd started correctly:

docker logs systemd

If everything worked, the output should look like this:

systemd 229 running in system mode. (+PAM +AUDIT +SELINUX +IMA +APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ -LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD -IDN)
Detected virtualization docker.
Detected architecture x86-64.

Welcome to Ubuntu 16.04.2 LTS!

Set hostname to <aad1d41c3a2e>.
Initializing machine ID from random generator.
[  OK  ] Created slice System Slice.
[  OK  ] Reached target Slices.
[  OK  ] Listening on Journal Socket.
[  OK  ] Listening on Journal Socket (/dev/log).
[  OK  ] Reached target Local File Systems.
         Starting Journal Service...
         Starting Create Volatile Files and Directories...
[  OK  ] Reached target Swap.
[  OK  ] Reached target Sockets.
[  OK  ] Reached target Paths.
[  OK  ] Started Create Volatile Files and Directories.
[  OK  ] Started Journal Service.

Also check the journal logs:

docker exec systemd journalctl

The output should look like this:

-- Logs begin at Thu 2017-03-16 14:12:14 UTC, end at Thu 2017-03-16 14:12:26 UTC. --
Mar 16 14:12:14 aad1d41c3a2e systemd-journald[19]: Runtime journal (/run/log/journal/) is 8.0M, max 99.9M, 91.9M free.
Mar 16 14:12:14 aad1d41c3a2e systemd-journald[19]: Journal started
Mar 16 14:12:14 aad1d41c3a2e systemd[1]: Reached target System Initialization.
Mar 16 14:12:15 aad1d41c3a2e systemd[1]: Reached target Basic System.
Mar 16 14:12:17 aad1d41c3a2e systemd[1]: Starting LSB: Set the CPU Frequency Scaling governor to "ondemand"...
Mar 16 14:12:18 aad1d41c3a2e systemd[1]: Starting Permit User Sessions...
Mar 16 14:12:19 aad1d41c3a2e systemd[1]: Starting /etc/rc.local Compatibility...
Mar 16 14:12:20 aad1d41c3a2e systemd[1]: Started Daily Cleanup of Temporary Directories.
Mar 16 14:12:21 aad1d41c3a2e systemd[1]: Reached target Timers.
Mar 16 14:12:22 aad1d41c3a2e systemd[1]: Started Permit User Sessions.
Mar 16 14:12:23 aad1d41c3a2e systemd[1]: Started /etc/rc.local Compatibility.
Mar 16 14:12:24 aad1d41c3a2e systemd[1]: Started LSB: Set the CPU Frequency Scaling governor to "ondemand".
Mar 16 14:12:25 aad1d41c3a2e systemd[1]: Reached target Multi-User System.
Mar 16 14:12:26 aad1d41c3a2e systemd[1]: Startup finished in 11.215s.

To check for clean shutdown, in one terminal run:

docker exec systemd journalctl -f

And in another shut down systemd:

docker stop systemd

The journalctl logs should look like this on a clean shutdown:

Mar 16 14:15:49 aad1d41c3a2e systemd[1]: Received SIGRTMIN+3.
Mar 16 14:15:49 aad1d41c3a2e systemd[1]: Stopped target Multi-User System.
Mar 16 14:15:50 aad1d41c3a2e systemd[1]: Stopping Permit User Sessions...
Mar 16 14:15:51 aad1d41c3a2e systemd[1]: Stopping LSB: Set the CPU Frequency Scaling governor to "ondemand"...
Mar 16 14:15:52 aad1d41c3a2e systemd[1]: Stopped /etc/rc.local Compatibility.
Mar 16 14:15:53 aad1d41c3a2e systemd[1]: Stopped target Timers.
Mar 16 14:15:54 aad1d41c3a2e systemd[1]: Stopped Daily Cleanup of Temporary Directories.
Mar 16 14:15:55 aad1d41c3a2e systemd[1]: Stopped Permit User Sessions.
Mar 16 14:15:56 aad1d41c3a2e systemd[1]: Stopped LSB: Set the CPU Frequency Scaling governor to "ondemand".
Mar 16 14:15:57 aad1d41c3a2e systemd[1]: Stopped target Basic System.
Mar 16 14:15:58 aad1d41c3a2e systemd[1]: Stopped target Slices.

Known issues

There's a bug in Docker versions < 1.12.0 that randomly causes /run and /run/lock to be mounted in the wrong order. In this case the output of docker logs looks like this:

Failed to mount tmpfs at /run/lock: Permission denied
[!!!!!!] Failed to mount API filesystems, freezing.
Freezing execution.

If this happens to you, docker kill the container (it won't listen for the shutdown signal) and start it again with docker start. Better luck next time!

Contributors

License

Copyright © 2016-2018 Solita. Licensed under the MIT license.

More Repositories

1

clamav-rest

Simple clamd REST proxy
Java
128
star
2

clamav-java

Simple ClamAV client for streaming data to clamd server
Java
101
star
3

blackhat-python

Black Hat Python workshop for Disobey 2019
Python
29
star
4

solita.github.com

Solita Developer Blog
Python
24
star
5

ansible-role-solita.jenkins

Ansible role: Jenkins, completely configured with Ansible
Ruby
23
star
6

kansalaisaloite

Kansalaisaloite.fi / Medborgarinitiativ.fi
Java
23
star
7

functional-utils

More-or-less functional util library for Java.
Java
22
star
8

dev-academy-2022-fall-exercise

An exercise for Solita Dev Academy 2022 Fall
22
star
9

avoinkoodi

Lista julkishallinnon avoimen lähdekoodin projekteista.
19
star
10

phantom-runner

Javascript test integration with JUnit and PhantomJS headless browser
Java
18
star
11

inkwell

Improved interactive and functional programming for Quil
Clojure
15
star
12

kyberoppi

Verkkosovelluksen tietoturvan varmistaminen. Tukimateriaali ohjelmistoalan ammattilaisille.
12
star
13

solita-rooms

Solita Rooms is a web application which can be used to view Microsoft Exchange room bookings.
Clojure
10
star
14

powershell-webdevelopertools

Powershell modules to provide utility functions for day-to-day problems in .NET web development.
PowerShell
10
star
15

laundry

data sanitation services
Clojure
10
star
16

powershell-dsc-jenkins

Repository to host powershell dsc script to setup a jenkins server.
PowerShell
9
star
17

dev-academy-2022-exercise

An exercise for Solita Dev Academy 2022
9
star
18

sqli-poc

PoC for blind SQL injection bug found in Solita Webhack 2016.
Java
8
star
19

vaccine-exercise-2021

8
star
20

powershell-zap

PowerShell module for using OWASP-ZAP from PowerShell
PowerShell
7
star
21

mnt-teet

Maanteeamet TEET: Road Lifecycle Software
Clojure
6
star
22

episerver-webapi

WebApi components and attributes for Episerver 9
C#
6
star
23

solita-cd

Solita CD Tools
Ruby
5
star
24

demo-forum-backend

Backend for https://github.com/solita/demo-forum-frontend
Java
5
star
25

json-migraine

JSON data migration library for Java
Java
4
star
26

jenkins-ansible-demo

Demo: Jenkins Configuration Management with Ansible
Ruby
4
star
27

livijuku

Liikennevirasto Joukkoliikenteen rahoitus-, kustannus- ja suoritetietojen keräys- ja seurantajärjestelmä
Clojure
4
star
28

docker-systemd-ssh

systemd and ssh-enabled versions of Docker base images
4
star
29

cljs-kurssimateriaali

Sisältää kurssimateriaalin, esitykset jne.
3
star
30

dev-academy-2021

3
star
31

uhka-analyysi

Osittainen suomennus OWASP uhka-analyysiohjeesta
3
star
32

episerver-performance

Performance hacks for Episerver 9
C#
3
star
33

meta-utils

Annotation processors to enable 1st-class-functions pre-java8
Java
3
star
34

Ilmo

JavaScript
3
star
35

dev-academy-spring-2024-exercise

dev-academy-spring-2024-exercise
Dockerfile
3
star
36

Slide

Another jQuery slider thingie. This time with some heavy fallback stuff.
JavaScript
2
star
37

adenotifier

Python library for using ADE Notify API
Python
2
star
38

episerver-localization-editor

C#
2
star
39

episerver-testing

Classes for aiding with test automation of EPiServer websites
C#
2
star
40

solita-genai-tool

Solita GenAI Tool
TypeScript
2
star
41

jQuery-Carousel

YES! Another jQuery carousel/slider!
JavaScript
2
star
42

Selectionz

A jQuery plugin for creating stylized <select> and checkbox elements.
JavaScript
2
star
43

vagrant-ansible

Vagrantfile: Ubuntu 14.04 with Ansible
Shell
2
star
44

metavuo

JavaScript
2
star
45

FitTip

jQuery tooltip plugin for flexible / stretching tooltips. Fits to content.
JavaScript
2
star
46

cljs-kurssi

Tulevan sisäisen ClojureScript kurssin template
Clojure
2
star
47

lipo

LIPO is a LIghtweight POrtal
Clojure
2
star
48

cas-single-sign-out

Ring middleware for CAS single sign out
Clojure
2
star
49

finlandyard

Finland Yard
JavaScript
2
star
50

query-utils

A layer on top of JPA2 to make querying a database even more complex ;)
Java
2
star
51

kanaliiga-rl-discord-bot

TypeScript
2
star
52

perfgraph

Performance radiator data aggregation and visualization
PHP
2
star
53

datatree

Simple way to generate XML documents and schemas using Java, but feeling like Clojure
Java
2
star
54

sv-security-scans-05

Python
1
star
55

jmeter-perfotrator

The most simple performance test template project
XSLT
1
star
56

mule-x-road-connector

X-Road Anypoint Connector for Mule ESB
Java
1
star
57

sv-security-scans-06

For semgrep
1
star
58

cfn-tableau-linux-server

Makefile
1
star
59

kuntalaisaloite

Kuntalaisaloite.fi / Invånarinitiativ.fi - www.kuntalaisaloite.fi
Java
1
star
60

demo-forum-frontend

Frontend for https://github.com/solita/demo-forum-backend
JavaScript
1
star
61

ansible-oracle-database-docker

Creates Oracle Database Enterprise Edition platform on Docker (for dev environments, only testing porpose).
Shell
1
star
62

etp-core

Energiatodistuspalvelu - Yleiset taustapalvelut
Clojure
1
star
63

travis-ci-training

Sample for Travis CI training
Shell
1
star
64

DataHarvester

A sound recording Android application, created with TUNI + Solita collaboration.
Java
1
star
65

jenkins-job-dsl-example

How to set up jobs using Jenkins Job DSL
Groovy
1
star
66

sv-security-scans-05a

Python
1
star
67

anypoint-orders-demo

Source codes from Solita's public Mulesoft demo session
RAML
1
star
68

docker-ansible-ssh

A Docker image with Ansible and an SSH server
1
star
69

sv-security-scans-04

HCL
1
star
70

ploy

Deployment automation tool
Ruby
1
star
71

api-utils

JavaScript
1
star
72

etp-public

Energiatodistuspalvelun julkisivu
Svelte
1
star
73

ade-external-api-cli

Python
1
star
74

sv-security-scans-02

My public repo for security scans
Python
1
star
75

ade-notify-api-reference-gcp

Agile Data Engine reference solution for Notify API in Google Cloud Platform
HCL
1
star
76

sv-security-scans-03

For automatic CodeQL scans
Python
1
star
77

chatGPT_RL_blog1

All resources used and generated in the blog post part 1
Jupyter Notebook
1
star
78

lynx-order-tracker

A simple app with three-tier architecture for tracking ordered products. ReactJS+Next.js+PostgreSQL deployed to Azure with Github actions
TypeScript
1
star
79

ara-etp

ARA Energiatodistuspalvelu
Clojure
1
star
80

sv-security-scans-07-crash-course

Demo drop-in scans for Solita crash course 2023-03-15
HCL
1
star