RHEL 6: Not possible to containerize ANY systemd based image (any docker version) #13297
Labels
Comments
AXGKl
changed the title
|
Here a definite confirmation from Lennart: https://bugs.freedesktop.org/show_bug.cgi?id=90517 => You might really want to provide this information in your install notes for Red Hat, Cent Os 6 type OSes. Since it will save users a lot of time finding out the hard way :-/ |
|
Thanks! I updated the issue to reflect what needs to be done |
|
#dibs |
|
@AXGKl current docs state that 3.10 and above kernel is required. Docs also state that only v7 of RHEL/Centos are supported. Is this sufficient to close the issue? |
|
@mikebrow thanks, yes, I think this can be closed now that we no longer have RHEL/CentOS 6 in the list of supported versions |
|
@mikebrow thanks also from here. Sorry was pretty much offline for quite some time. Closing also ok with me. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
---- TRIAGE -----
Problem: Systemd is not supported on RHEL6 kernels (and this won't be fixed). As such containers which include systemd will not work.
Resolution: Update docs to reflect issues attempting to run systemd based images on kernels < 3.8
---- END TRIAGE ----
Hi,
this is more a documentation / information related problem:
"Develop, Ship and Run Any Application, Anywhere" NOT true for:
This should be at least mentioned in the install description for RH6.
In our case we realized this only when we wanted to deploy ready, working containerized Apps to production at a customer. Their operations and security departments disallows major Kernel or OS upgrades so we have a real problem - which bit us unexpectedly, due to the claim that the docker enabled series 2 RH kernel is fine.
Description of problem:
Any systemd enabled container can't start on RH 6, with systemd as Pid 1
The root cause is the missing /sys/fs/cgroup interface of the kernel - which can't be created there (sysfs) - allthough all cgroups are actually supported, mounted to /cgroup
I'm clear that docker supports the one container per process approach but for various reasons (many legacy) we require a full init system - and systemd is the default in Linux these days.
docker version:Tried 1.3.0 and also Docker version 1.6.2, build 7c8fca2
docker info:[root@ip-172-30-0-24 ~]# docker info
Containers: 19
Images: 11
Storage Driver: devicemapper
Pool Name: docker-202:80-3145731-pool
Pool Blocksize: 65.54 kB
Backing Filesystem: extfs
Data file:
Metadata file:
Data Space Used: 2.375 GB
Data Space Total: 107.4 GB
Data Space Available: 105 GB
Metadata Space Used: 2.879 MB
Metadata Space Total: 2.147 GB
Metadata Space Available: 2.145 GB
Udev Sync Supported: false
Library Version: 1.02.82-git (2013-10-04)
Execution Driver: native-0.2
Kernel Version: 2.6.32-504.el6.x86_64
Operating System: (containerized)
CPUs: 1
Total Memory: 994.7 MiB
Name: ip-172-30-0-24.eu-west-1.compute.internal
ID: IZBN:IMN5:OGHI:L2LQ:IVB7:RBPC:7KPS:KKSW:ZKZF:SHMD:EPNF:ABXB
uname -a:Linux ip-172-30-0-24.eu-west-1.compute.internal 2.6.32-504.el6.x86_64 #1 SMP Tue Sep 16 01:56:35 EDT 2014 x86_64 x86_64 x86_64 GNU/Linux
Environment details (AWS, VirtualBox, physical, etc.):
[root@ip-172-30-0-24 ~]# cat /etc/redhat-release
Red Hat Enterprise Linux Server release 6.6 (Santiago)
Reproduced on AWS (ami-9cfd53eb)
On customer site its in vmware server.
How reproducible:
100%
Steps to Reproduce:
We tried various ways. Here the most naive ones:
a) # docker run -ti --privileged -e "container=docker" debian:jessie /sbin/init
-> Failed to mount tmpfs at /sys/fs/cgroup: No such file or directory
b) # docker run -ti --privileged -e "container=docker" -v '/cgroup:/sys/fs/cgroup' debian:jessie /sbin/init
-> FATA[0000] Error response from daemon: Cannot start container 3c37ba2028310fcfbe7fa3e8f8f084ecb28670d7b1566e4865d3c9ff0eeca590: [8] System error: mkdir /var/lib/docker/devicemapper/mnt/3c37ba2028310fcfbe7fa3e8f8f084ecb28670d7b1566e4865d3c9ff0eeca590/rootfs/sys/fs/cgroup: no such file or directory
c) # ./docker-1.3.0 run -t -i --privileged --lxc-conf="lxc.mount.auto = proc:rw sys:rw cgroup-full:mixed" -e 'container=docker' debian:jessie /sbin/init
-> Failed to mount tmpfs at /sys/fs/cgroup: No such file or directory
d) # ./docker-1.3.0 run -it --privileged cloudbees/archbase
-> Failed to mount tmpfs at /sys/fs/cgroup: No such file or directory
e) # ./docker-1.3.0 run -it cloudbees/archbase
-> Failed to mount tmpfs at /run: Operation not permitted
Expected Results:
systemd as pid1 inside (as working with ubuntu as base OS or also when we upgrade the kernel according to http://nareshv.blogspot.com/2014/02/installing-docker-08-version-on-centos.html (which is not allowed in production))
Additional info:
In general I want to say that the problem is not a bug in docker as such. Since it is also not possible to get systemd up on RH6 using lxc.
But it should be made very clear to users of dockers that their containers can't work on default RH 6 - if systemd is used as init system inside.
PS: If there is any workaround whatsoever (dind?) I would be very happy if I'm proven wrong with the main claim of this issue.
The text was updated successfully, but these errors were encountered: