This is image of CentOS7 with systemd installed, which can be ran in
unprivileged mode, or even in privileged mode (but use it with caution:
in privileged mode systemd can affect host system, use
It contains initialization script /usr/sbin/init.sh, which must be ran as
container initialization script (pid 1), either directly using CMD
["/usr/sbin/init.sh"], or from a wrapper script via exec.
As alternative, rpm package can be used to modify an existing container,
see spec/ directory for details. Dockerfile must contain same
instructions, except that "copy files/ /" will be replaced by "yum
RPM package is designed in such way that it cannot harm a hw/vm based
system, because installed files will be ran when /usr/sbin/init.sh will
be executed only, so it safe to add package as dependency to a
metapackage without checking is hw/vm or container is targetted by
Add this text to your Dockerfile to use rpm instead of depending on
# Instruct systemd to work properly in container. (Required). ENV container=docker # NOTE: Systemd needs /sys/fs/cgroup directoriy to be mounted from host in # read-only mode. (Required). # Systemd needs /run directory to be a mountpoint, otherwise it will try # to mount tmpfs here (and will fail). (Required). VOLUME /run # Install initialization script, which will execute kickstart scripts and # then will start systemd as pid 1. RUN rpm -vi https://github.com/vlisivka/docker-centos7-systemd-unpriv/releases/download/v1.0/docker-centos7-systemd-unpriv-1.0-1.el7.centos.noarch.rpm # Run systemd by default via init.sh script, to start required services. CMD ["/usr/sbin/init.sh"] # NOTE: Run container with "--stop-signal=$(kill -l RTMIN+3)" option to # shutdown container using "docker stop CONTAINER", OR run # /usr/local/sbin/shutdown.sh script as root from container and then kill # container using "docker kill CONTAINER".
See run.sh script with example how to start container properly.
Systemd and journald logs are forwarded to console, but option -t must be
used with docker run command to create /dev/console. Add option
"Storage=none" to journald configuration to disable writting of logs to
disk in container, i.e. to use docker/kubernetes logging system only.
To shutdown container properly:
- (docker 1.9) run container with option
docker run --stop-signal=$(kill -l RTMIN+3) CONTAINER, so command
docker stopwill work properly;
- OR kill server with signal RTMIN+3:
docker kill --signal=$(kill -l RTMIN+3) CONTAINER;
- OR attach to container and execute command