Rocky Linux container with systemd on MacOS
I have this question which I hope is asked in the right place, if not, feel free to guide me.
I’m developing several Ansible roles and using Molecule as a tool to test the roles against. Molecule uses in turn containers to test the role against.
I’m specifically developing my roles for RHEL 8 based operating systems. I chose to use Rocky Linux as the OS for the container since this is one of the closest OS’es to RHEL.
In a role there are tasks executed using/utilizing systemd. However, containers do not have systemd available by default. There are ‘workarounds’ to actually make systemd available for containers, which is my goal.
So, I created a container which builds systemd in a Rocky Linux container, following this Dockerfile.
I build the container, and try to start it.
$ docker build -t my_test .
[+] Building 1.4s (6/6) FINISHED
...
Then, I try to run the container, but it provides an error.
$ docker run --tty --privileged --volume /sys/fs/cgroup:/sys/fs/cgroup:ro my_test
Failed to insert module 'autofs4': No such file or directory
systemd 239 (239-51.el8) running in system mode. (+PAM +AUDIT +SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD +IDN2 -IDN +PCRE2 default-hierarchy=legacy)
Detected virtualization docker.
Detected architecture x86-64.
Welcome to Rocky Linux 8.5 (Green Obsidian)!
Set hostname to <dea75c1001fd>.
Initializing machine ID from random generator.
Failed to create /init.scope control group: Read-only file system
Failed to allocate manager object: Read-only file system
[!!!!!!] Failed to allocate manager object, freezing.
Freezing execution.
Question: How can I successfully build a container which has systemd available on a Rocky Linux container?
Info: MacOS 10.15.7, Docker version 20.10.11, build dea9396
If you want to have systemd inside container and you are running on systemd enabled system why bother with alien and non-standard crap like docker?
All up to date systemd systems support systemd-nspawnd containers natively:
https://www.freedesktop.org/software/systemd/man/systemd-nspawn.html
These containers will run systemd inside natively and will have almost everyhting working, including service managment and other stuff. This type of container also does not depend on clunky docker hub silliness, so you can easily install any OS inside that is supported by your kernel.
In fact, nspawnd containers behave more like freebsd jails or real vms than some docker stuff. In your use case this would make perfect sense.
EDIT:
Sorry I did not notice you are on MacOS.
It’s some time I was dealing with MacOS and I am pretty sure their linux emulation is nonexistant and even if it was the opposite case, you certainly can not succeed in loading this kernel module to completely different system architecture:
Failed to insert module 'autofs4': No such file or directory
I heard about some reasearch usermode linux kernel emulation written in go some years ago, but I am not entirely sure if docker is or even would be capable of handling that.
In short you are using the wrong tool for the given job.
Proper approach would be running lightweight VM and run systemd inside that. You can then mentally treat that VM as container, after all it does not matter.
If you really need to run some linux specific containerization engine to test your use cases, build a small centors/rhel/rocky VM and instal you containerization framewrok into it (nspawn is present by default though).
Here is an example of someone who got systemd working in a docker container on MacOS, using a docker-compose.yml file to mount the /sys/fs/cgroup volume and the necessary tmpfs directories:
https://github.com/moby/moby/issues/30723#issuecomment-365927679
by adding the following to their docker-compose file:
privileged: true
cap_add:
- SYS_ADMIN
security_opt:
- seccomp:unconfined
tmpfs:
- /run
- /run/lock
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:ro
Elsewhere in that issue thread, it is explained that docker on Mac uses its own linux vm, so the container mounts that, and /sys/fs/cgroup does not need to exist on your mac.