Rockylinux with systemd
1) 下載一個 image
Info: https://hub.docker.com/r/rockylinux/rockylinux
podman pull docker.io/rockylinux/rockylinux
2) 建立行 systemd 的 Containerfile
Containerfile # which contains instructions for building the image
FROM docker.io/rockylinux/rockylinux:8 ENV container docker RUN (cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i == \ systemd-tmpfiles-setup.service ] || rm -f $i; done); \ rm -f /lib/systemd/system/multi-user.target.wants/*;\ rm -f /etc/systemd/system/*.wants/*;\ rm -f /lib/systemd/system/local-fs.target.wants/*; \ rm -f /lib/systemd/system/sockets.target.wants/*udev*; \ rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \ rm -f /lib/systemd/system/basic.target.wants/*;\ rm -f /lib/systemd/system/anaconda.target.wants/*; VOLUME [ "/sys/fs/cgroup" ] CMD ["/usr/sbin/init"]
3) 建立 Image
podman build --rm -t r8-systemd .
Opns:
- -t imageName # 會自動叫 localhost/imageName
- --rm # Remove intermediate containers after a successful build (Default: true)
- --file, -f=Containerfile.txt # Default: Containerfile
4) Run Container
docker run -dit \
--privileged \
--volume /sys/fs/cgroup:/sys/fs/cgroup:ro \
--name mytest \
localhost/r8-systemd
* In order to run a container with systemd,
you will need to mount the cgroups volumes from the host.
5) Custom Container
# exec - Run a process in a running container
podman exec -it mytest bash
dnf install epel-release
dnf install vim screen wget curl iproute procps-ng passwd
dnf install openssh-server rsyslog
6) sshd Service start failed
.. sshd[395]: fatal: linux_audit_write_entry failed: Operation not permitted .. sshd[395]: pam_unix(sshd:session): session closed for user root .. sshd[395]: fatal: linux_audit_write_entry failed: Operation not permitted .. sshd[404]: fatal: mm_request_send: write: Broken pipe
原因: podman dropped the audit_write capability by default.
Fix:
podman run --cap-add AUDIT_WRITE \
-p 22000:22 --expose=22 -dit centos:7 \
/bin/bash -c "yum install -y openssh-server && ssh-keygen -f /etc/ssh/ssh_host_rsa_key -N '' && /usr/sbin/sshd -Dd"