This is image of CentOS7 with systemd installed, which can be ran in unprivileged mode, or even in privileged mode (but use it with caution: in privileged mode systemd can affect host system, use --cap-add=SYS_ADMIN instead).
It contains initialization script /usr/sbin/init.sh, which must be ran as container initialization script (pid 1), either directly using CMD ["/usr/sbin/init.sh"], or from a wrapper script via exec.
As alternative, rpm package can be used to modify an existing container, see spec/ directory for details. Dockerfile must contain same instructions, except that "copy files/ /" will be replaced by "yum install docker-centos7-systemd-unpriv".
RPM package is designed in such way that it cannot harm a hw/vm based system, because installed files will be ran when /usr/sbin/init.sh will be executed only, so it safe to add package as dependency to a metapackage without checking is hw/vm or container is targetted by installation.
Add this text to your Dockerfile to use rpm instead of depending on vlisivka/docker-centos7-systemd-unpriv container.
# Instruct systemd to work properly in container. (Required).
ENV container=docker
# NOTE: Systemd needs /sys/fs/cgroup directoriy to be mounted from host in
# read-only mode. (Required).
# Systemd needs /run directory to be a mountpoint, otherwise it will try
# to mount tmpfs here (and will fail). (Required).
VOLUME /run
# Install initialization script, which will execute kickstart scripts and
# then will start systemd as pid 1.
RUN rpm -vi https://github.com/vlisivka/docker-centos7-systemd-unpriv/releases/download/v1.0/docker-centos7-systemd-unpriv-1.0-1.el7.centos.noarch.rpm
# Run systemd by default via init.sh script, to start required services.
CMD ["/usr/sbin/init.sh"]
# NOTE: Run container with "--stop-signal=$(kill -l RTMIN+3)" option to
# shutdown container using "docker stop CONTAINER", OR run
# /usr/local/sbin/shutdown.sh script as root from container and then kill
# container using "docker kill CONTAINER".
See run.sh script with example how to start container properly.
Systemd and journald logs are forwarded to console, but option -t must be used with docker run command to create /dev/console. Add option "Storage=none" to journald configuration to disable writting of logs to disk in container, i.e. to use docker/kubernetes logging system only.
To shutdown container properly:
- (docker 1.9) run container with option
docker run --stop-signal=$(kill -l RTMIN+3) CONTAINER
, so commanddocker stop
will work properly; - OR kill server with signal RTMIN+3:
docker kill --signal=$(kill -l RTMIN+3) CONTAINER
; - OR attach to container and execute command
halt
.