Tag Archives: docker

systemd[34]: Failed at step NAMESPACE spawning /usr/sbin/httpd: Operation not permitted

Process: 64 ExecStop=/bin/kill -WINCH ${MAINPID} (code=exited, status=226/NAMESPACE)

If you have problems start centos 7 on docker running ssytemd without privileged containers rights:

sed -i s/PrivateTmp=True/PrivateTmp=False/ /lib/systemd/system/httpd.service
systemctl daemon-reload

and; systemctl start httpd

docker centos 7.1 systemd

cat Dockerfile
FROM docker.io/centos
MAINTAINER vitasis
ENV container docker
RUN yum clean all; yum -y install hostname tar git; yum -y update; yum clean all
# https://bugzilla.redhat.com/show_bug.cgi?id=1118740
RUN yum -y swap -- remove systemd-libs -- install systemd systemd-libs; yum clean all; \
#RUN yum -y install systemd systemd-libs; yum clean all; \
(cd /lib/systemd/system/sysinit.target.wants/ && for i in *; do [ $i == systemd-tmpfiles-setup.service ] || rm -f $i; done); \
rm -f /lib/systemd/system/multi-user.target.wants/*;\
rm -f /etc/systemd/system/*.wants/*;\
rm -f /lib/systemd/system/local-fs.target.wants/*; \
rm -f /lib/systemd/system/sockets.target.wants/*udev*; \
rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \
rm -f /lib/systemd/system/basic.target.wants/*;\
rm -f /lib/systemd/system/anaconda.target.wants/*;
VOLUME [ "/sys/fs/cgroup" ]
CMD ["/usr/sbin/init"]

sudo docker build --rm=true -t vitasis/centos7-systemd .
sudo docker run --name test --privileged -ti -v /sys/fs/cgroup:/sys/fs/cgroup:ro vitasis/centos7-systemd
sudo docker ps | grep test
sudo docker exec -i -t 63f43c4ccbba bash

Detected virtualization 'other'.

Welcome to CentOS Linux 7 (Core)!

Set hostname to <79251a373052>.
Cannot add dependency job for unit display-manager.service, ignoring: Unit display-manager.service failed to load: No such file or directory.
[ OK ] Reached target Paths.
[ OK ] Listening on Journal Socket.
[ OK ] Listening on Delayed Shutdown Socket.
[ OK ] Reached target Swap.
[ OK ] Created slice Root Slice.
[ OK ] Created slice System Slice.
[ OK ] Reached target Slices.
[ OK ] Reached target Local File Systems.
Starting Create Volatile Files and Directories...
Starting Journal Service...
[ OK ] Started Journal Service.
[ OK ] Started Create Volatile Files and Directories.
[ OK ] Reached target System Initialization.
[ OK ] Listening on D-Bus System Message Bus Socket.
[ OK ] Reached target Sockets.
[ OK ] Reached target Timers.
[ OK ] Reached target Basic System.
[ OK ] Reached target Multi-User System.
[ OK ] Reached target Graphical Interface.

If you want to deatech form docker session, you need to use a daemon:

sudo docker run --name test --cap-add SYS_ADMIN -d -ti -v /sys/fs/cgroup:/sys/fs/cgroup:ro vitasis/centos7-systemd

privileged or SYS_ADMIN is needed, because of using mount with selinux or apparmor.

decking create docker cluster simple

Decking json example:
vi decking.json
{
"containers": {
"centos7a": "milcom/centos7-systemd",
"centos7b": "milcom/centos7-systemd"
},
"clusters": {
"main": ["centos7a", "centos7b"]
}
}

And lets build:

sudo decking create main

centos7a ...
centos7b ...
centos7a creating...
centos7b ...
centos7a creating... ✔
centos7b ...
centos7a creating... ✔
centos7b creating...
centos7a creating... ✔
centos7b creating... ✔

sudo decking start main

centos7a ...
centos7b ...
centos7a starting...
centos7b ...
centos7a starting... ✔
centos7b ...
centos7a starting... ✔
centos7b starting...
centos7a starting... ✔
centos7b starting... ✔

sudo decking status main

centos7a ...
centos7b ...
centos7a ...
centos7b running 172.17.0.2
centos7a running 172.17.0.1
centos7b running 172.17.0.2

Lets check if its really running:

c4175064768b milcom/centos7-systemd:latest “/usr/sbin/init” 3 minutes ago Up About a minute centos7b
b4b1766eb4d8 milcom/centos7-systemd:latest “/usr/sbin/init” 3 minutes ago Up About a minute centos7a

I guess its better than FIG.
Next step use ansible to manage these VM, its quit fast.

brooklyn clocker

wget –no-check-certificate –quiet -O brooklyn-clocker-examples-0.4.0-dist.tar.gz https://git.io/WOhfyw
tar zxf brooklyn-clocker-examples-0.4.0-dist.tar.gz
cd brooklyn-clocker-examples-0.4.0/
./clocker.sh launch

OpenJDK 64-Bit Server VM warning: ignoring option MaxPermSize=1024m; support was removed in 8.0
_ _ _
| |__ _ __ ___ ___ | | _| |_ _ _ __ (R)
| ‘_ \| ‘__/ _ \ / _ \| |/ / | | | | ‘_ \
| |_) | | | (_) | (_) | <| | |_| | | | | |_.__/|_| \___/ \___/|_|\_\_|\__, |_| |_| |___/ 0.7.0-SNAPSHOT 2015-04-29 20:45:16,712 INFO Persistence disabled 2015-04-29 20:45:16,713 INFO High availability disabled 2015-04-29 20:45:16,717 INFO Starting brooklyn web-console on loopback interface because no security config is set 2015-04-29 20:45:19,991 INFO Started Brooklyn console at http://127.0.0.1:8081/, running classpath://brooklyn.war 2015-04-29 20:45:24,827 INFO Launched Brooklyn; will now block until shutdown issued. Shutdown via GUI or API or process interrupt.

docker create redmine

mkdir /opt/mysql/data
sudo docker run –name mysql -it –rm -v /opt/mysql/data:/var/lib/mysql sameersbn/mysql:latest

150429 16:50:41 mysqld_safe Logging to syslog.
150429 16:50:41 mysqld_safe Starting mysqld daemon with databases from /var/lib/mysql

sudo docker exec -it mysql bash
mysql -uroot -p
CREATE USER ‘redmine’@’%.%.%.%’ IDENTIFIED BY ‘password’;
CREATE DATABASE IF NOT EXISTS `redmine_production` DEFAULT CHARACTER SET `utf8` COLLATE `utf8_unicode_ci`;
GRANT SELECT, LOCK TABLES, INSERT, UPDATE, DELETE, CREATE, DROP, INDEX, ALTER ON `redmine_production`.* TO ‘redmine’@’%.%.%.%’;

sudo docker run –name=redmine -it –rm –link mysql:mysql -e “DB_USER=redmine” -e “DB_PASS=password” -e “DB_NAME=redmine_production” -v /opt/redmine/data:/home/redmine/data sameersbn/redmine:latest

Generating secure token…
2015-04-29 17:14:03,461 CRIT Supervisor running as root (no user in config file)
2015-04-29 17:14:03,461 WARN Included extra file “/etc/supervisor/conf.d/unicorn.conf” during parsing
2015-04-29 17:14:03,461 WARN Included extra file “/etc/supervisor/conf.d/nginx.conf” during parsing
2015-04-29 17:14:03,461 WARN Included extra file “/etc/supervisor/conf.d/cron.conf” during parsing
2015-04-29 17:14:03,500 INFO RPC interface ‘supervisor’ initialized
2015-04-29 17:14:03,500 CRIT Server ‘unix_http_server’ running without any HTTP authentication checking
2015-04-29 17:14:03,500 INFO supervisord started with pid 1
2015-04-29 17:14:04,504 INFO spawned: ‘unicorn’ with pid 131
2015-04-29 17:14:04,506 INFO spawned: ‘cron’ with pid 132
2015-04-29 17:14:04,509 INFO spawned: ‘nginx’ with pid 133
2015-04-29 17:14:06,363 INFO success: unicorn entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2015-04-29 17:14:06,364 INFO success: cron entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2015-04-29 17:14:06,364 INFO success: nginx entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)

sudo docker inspect redmine | grep -i ip

[vit@localhost docker-redmine]$ sudo docker inspect redmine | grep -i ip
“IpcMode”: “”,
“GlobalIPv6Address”: “”,
“GlobalIPv6PrefixLen”: 0,
“IPAddress”: “172.17.0.19”,
“IPPrefixLen”: 16,
“IPv6Gateway”: “”,
“LinkLocalIPv6Address”: “fe80::42:acff:fe11:13”,
“LinkLocalIPv6PrefixLen”: 64,

Now you can access redmine using IPAddress. Default user admin, password admin.