如何在openshift / jenkins-1-centos7 docker容器中启用系统服务？ [英] How to Enable Systemd service in openshift/jenkins-1-centos7 docker container?

问题描述

我遇到一种情况，我需要在这个jenkins容器中启动一些服务以使其在我们的项目中起作用。因此，我需要启用Systemd才能做到这一点...

I have a situation where I need to start some services within this jenkins container to make it work in our project. So i need Systemd enabled in order to do that...

到目前为止，当我尝试在此容器中运行 systemctl命令时，出现以下错误：

As of now I get the below error when I try to run "systemctl" command within this container:

无法获得D-Bus连接：不允许操作

Failed to get D-Bus connection: Operation not permitted

这是预期的。
现在，在我的研究中，我发现如果我们使用下面的docker文件创建映像然后运行容器，我们应该能够运行systemctl命令：

Which is expected. Now on my research, I found that if we use the below docker file to create an image and then run a container, we should be able to run systemctl commands:

FROM docker.io/openshift/jenkins-1-centos7
MAINTAINER "you" your@email.here
ENV container docker
RUN (cd /lib/systemd/system/sysinit.target.wants/; for i in ; do [ $i ==systemd-tmpfiles-setup.service ] || rm -f $i; done); \
rm -f /lib/systemd/system/multi-user.target.wants/;\
rm -f /etc/systemd/system/.wants/;\
rm -f /lib/systemd/system/local-fs.target.wants/; \
rm -f /lib/systemd/system/sockets.target.wants/udev; \
rm -f /lib/systemd/system/sockets.target.wants/initctl; \
rm -f /lib/systemd/system/basic.target.wants/;\
rm -f /lib/systemd/system/anaconda.target.wants/*;
VOLUME [ "/sys/fs/cgroup" ]
CMD ["/usr/sbin/init"]

我收到以下错误

/bin/sh: line 0: [: cryptsetup.target: unary operator expected
rm: cannot remove 'cryptsetup.target': Permission denied
/bin/sh: line 0: [: dev-hugepages.mount: unary operator expected
rm: cannot remove 'dev-hugepages.mount': Permission denied
/bin/sh: line 0: [: dev-mqueue.mount: unary operator expected
rm: cannot remove 'dev-mqueue.mount': Permission denied
...

我正在使用root用户运行命令。

I am using the root user to run the command.

不过，如果我将源图像替换为普通的centos图像

Although, if I replace the source image to normal centos image

FROM centos：7

FROM centos:7

此新创建的图像（基于centos）的systemd工作正常。

The systemd for this newly created image (based on centos) works fine.

是否存在此错误的原因？还是我无法在给定的jenkins-1-centos7图像之上创建系统类型的图像？

Is there a reason for this error? or I can't create a systemd type image on top of given jenkins-1-centos7 image?

编辑：确定，所以专家帮助我了解到：默认情况下，在Dockerfile中，您以root用户身份运行命令，直到您使用USER指令显式更改用户为止。但是，由于您是基于已进行更改的映像构建的，因此我相信您以Jenkins用户身份运行命令而不是root用户。如果您明确切换回root用户，则可以运行命令。

ok, so an expert helped me understand that "by default in a Dockerfile you run commands as root until you explicity change users with the USER directive. However, since you are building on an image that has already made that change I believe you are running commands as the Jenkins user and not as the root user. If you explicitly switch back to root then you can run the commands."

因此，新文件如下所示：

So the new file looks something like this:

FROM docker.io/openshift/jenkins-1-centos7
MAINTAINER "you" your@email.here
#ENV container docker

USER root

RUN (cd /lib/systemd/system/sysinit.target.wants/; for i in ; do [ $i ==systemd-tmpfiles-setup.service ] || rm -f $i; done); \
rm -rf /lib/systemd/system/multi-user.target.wants/;\
rm -rf /etc/systemd/system/.wants/;\
rm -rf /lib/systemd/system/local-fs.target.wants/; \
rm -rf /lib/systemd/system/sockets.target.wants/udev; \
rm -rf /lib/systemd/system/sockets.target.wants/initctl; \
rm -rf /lib/systemd/system/basic.target.wants/;\
rm -rf /lib/systemd/system/anaconda.target.wants/*;
VOLUME [ "/sys/fs/cgroup" ]
CMD ["/usr/sbin/init"]

有效！！
但是，现在，jenkins服务没有开始返回，并显示以下错误：
bash-4.2＃systemctl status jenkins.service
●jenkins.service-LSB：Jenkins Continuous Integration Server
已加载：已加载（/etc/rc.d/init.d/jenkins）
活动：自UTC星期二2016-10-18 19:45:17失败（结果：退出代码）; 5 s前
文档：man：systemd-sysv-generator（8）
进程：95 ExecStart = / etc / rc.d / init.d / jenkins start（代码=已退出，状态= 1 /失败）

It works!! But now, the jenkins service doesn't start back giving the below error: bash-4.2# systemctl status jenkins.service ● jenkins.service - LSB: Jenkins Continuous Integration Server Loaded: loaded (/etc/rc.d/init.d/jenkins) Active: failed (Result: exit-code) since Tue 2016-10-18 19:45:17 UTC; 5s ago Docs: man:systemd-sysv-generator(8) Process: 95 ExecStart=/etc/rc.d/init.d/jenkins start (code=exited, status=1/FAILURE)

Oct 18 19:45:17 578908315d82 systemd[1]: Starting LSB: Jenkins Continuous Integration Server...
Oct 18 19:45:17 578908315d82 jenkins[95]: /etc/rc.d/init.d/jenkins: line 51: /etc/init.d/functions: No such file or directory
Oct 18 19:45:17 578908315d82 systemd[1]: jenkins.service: control process exited, code=exited status=1
Oct 18 19:45:17 578908315d82 systemd[1]: Failed to start LSB: Jenkins Continuous Integration Server.
Oct 18 19:45:17 578908315d82 systemd[1]: Unit jenkins.service entered failed state.
Oct 18 19:45:17 578908315d82 systemd[1]: jenkins.service failed.

当前仍在对此进行研究...

Currently still researching on this...

EDIT2：
所以我前一段时间解决了这个问题，因为我决定使用一个单独的容器来运行其他所有东西，而这个jenkins容器则保持不变…… p>

So I solved the issue sometime back, because I decided to use a separate container for running everything else, and this jenkins container was untouched as it is...

推荐答案

除了您的在$code> openshift / jenkins 上发布的问题，您也有码头工人问题7459 指出：

此功能对我有用 PR＃25567 仅需 --cap-add SYS_ADMIN 。

此提交尚未在docker中发布。

This commit is yet to be released in docker though.

这篇关于如何在openshift / jenkins-1-centos7 docker容器中启用系统服务？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！