我想知道是否可以在容器内启用systemd来运行无根 podman容器(不要与在主机系统级别控制容器本身的 systemd 服务混淆!)?如果是的话,我需要什么?
\n这是一个简单的问题,Dockerfile我一直在尝试以非特权用户身份运行(作为 root 运行良好!)
FROM ubuntu:focal \n \nRUN apt-get -qqy update && apt-get -qqy --no-install-recommends install \\\n init\n\n# Start the systemd Init service by default\nCMD ["/sbin/init"]\n我注意到期间$podman build -t foo:latest .发生了以下情况。顺便说一句,这也会以 root 用户身份发生,因此可能与问题无关:
...\nSetting up systemd (245.4-4ubuntu3.13) ...\nCreated symlink /etc/systemd/system/getty.target.wants/getty@tty1.service \xe2\x86\x92 /lib/systemd/system/getty@.service.\nCreated symlink /etc/systemd/system/multi-user.target.wants/remote-fs.target \xe2\x86\x92 /lib/systemd/system/remote-fs.target.\nCreated symlink /etc/systemd/system/dbus-org.freedesktop.resolve1.service \xe2\x86\x92 /lib/systemd/system/systemd-resolved.service.\nCreated symlink /etc/systemd/system/multi-user.target.wants/systemd-resolved.service \xe2\x86\x92 /lib/systemd/system/systemd-resolved.service.\nln: failed to create symbolic link \'/etc/resolv.conf\': Device or resource busy\nCreated symlink /etc/systemd/system/multi-user.target.wants/ondemand.service \xe2\x86\x92 /lib/systemd/system/ondemand.service.\nCreated symlink /etc/systemd/system/sysinit.target.wants/systemd-pstore.service \xe2\x86\x92 /lib/systemd/system/systemd-pstore.service.\nInitializing machine ID from random generator.\nCannot set file attribute for \'/var/log/journal\', value=0x00800000, mask=0x00800000, ignoring: Input/output error\n...\n使用该映像运行容器会$podman run -d foo:latest导致 255 错误,我无法进一步调试。podman ps输出:
427b3ce050dc localhost/foo:latest /sbin/init 6 seconds ago Exited (255) 7 seconds ago quirky_poincare\n我的 podman 版本是 3.3.1。有人知道这里发生了什么吗?如前所述,以 root身份在同一个 Dockerfile 下构建并运行同一个容器会导致 systemd 在容器内完美运行!
\nlingering我通过以下方式为用户启用了它loginctl enable-linger $user:
\n\n启用/禁用一名或多名用户的用户延迟。如果为特定用户启用,则会在启动时为该用户生成一个用户管理器,并在注销后保留。这允许未登录的用户运行长时间运行的服务。采用一个或多个用户名或数字 UID 作为参数。如果未指定参数,则为调用方会话的用户启用/禁用延迟。
\n
有关更多详细信息,请参阅联机帮助页
\n是的,可以在无根 Podman 容器内运行Systemd 。
\n我在Fedora 35笔记本电脑上使用Podman 3.4.1尝试了您的示例。似乎有效。也许您遇到了一些错误,后来在较新的 Podman 版本中修复了?
\n[testuser@laptop ~]$ cat /etc/fedora-release \nFedora release 35 (Thirty Five)\n[testuser@laptop ~]$ podman --version\npodman version 3.4.1\n[testuser@laptop ~]$ mkdir testdir\n[testuser@laptop ~]$ cd testdir\n[testuser@laptop testdir]$ emacs Dockerfile\n[testuser@laptop testdir]$ cat Dockerfile \nFROM ubuntu:focal \n\nRUN apt-get -qqy update && apt-get -qqy --no-install-recommends install \\\n init\n\n# Start the systemd Init service by default\nCMD ["/sbin/init"]\n[testuser@laptop e]$ podman build -t foo:latest .\nSTEP 1/3: FROM ubuntu:focal\nResolved "ubuntu" as an alias (/etc/containers/registries.conf.d/000-shortnames.conf)\nTrying to pull docker.io/library/ubuntu:focal...\nGetting image source signatures\nCopying blob 7b1a6ab2e44d done \nCopying config ba6acccedd done \nWriting manifest to image destination\nStoring signatures\nSTEP 2/3: RUN apt-get -qqy update && apt-get -qqy --no-install-recommends install init\ndebconf: delaying package configuration, since apt-utils is not installed\nSelecting previously unselected package libapparmor1:amd64.\n(Reading database ... 4127 files and directories currently installed.)\nPreparing to unpack .../00-libapparmor1_2.13.3-7ubuntu5.1_amd64.deb ...\nUnpacking libapparmor1:amd64 (2.13.3-7ubuntu5.1) ...\nSelecting previously unselected package libcap2:amd64.\nPreparing to unpack .../01-libcap2_1%3a2.32-1_amd64.deb ...\nUnpacking libcap2:amd64 (1:2.32-1) ...\nSelecting previously unselected package libargon2-1:amd64.\nPreparing to unpack .../02-libargon2-1_0~20171227-0.2_amd64.deb ...\nUnpacking libargon2-1:amd64 (0~20171227-0.2) ...\nSelecting previously unselected package libdevmapper1.02.1:amd64.\nPreparing to unpack .../03-libdevmapper1.02.1_2%3a1.02.167-1ubuntu1_amd64.deb ...\nUnpacking libdevmapper1.02.1:amd64 (2:1.02.167-1ubuntu1) ...\nSelecting previously unselected package libjson-c4:amd64.\nPreparing to unpack .../04-libjson-c4_0.13.1+dfsg-7ubuntu0.3_amd64.deb ...\nUnpacking libjson-c4:amd64 (0.13.1+dfsg-7ubuntu0.3) ...\nSelecting previously unselected package libssl1.1:amd64.\nPreparing to unpack .../05-libssl1.1_1.1.1f-1ubuntu2.9_amd64.deb ...\nUnpacking libssl1.1:amd64 (1.1.1f-1ubuntu2.9) ...\nSelecting previously unselected package libcryptsetup12:amd64.\nPreparing to unpack .../06-libcryptsetup12_2%3a2.2.2-3ubuntu2.3_amd64.deb ...\nUnpacking libcryptsetup12:amd64 (2:2.2.2-3ubuntu2.3) ...\nSelecting previously unselected package libip4tc2:amd64.\nPreparing to unpack .../07-libip4tc2_1.8.4-3ubuntu2_amd64.deb ...\nUnpacking libip4tc2:amd64 (1.8.4-3ubuntu2) ...\nSelecting previously unselected package libkmod2:amd64.\nPreparing to unpack .../08-libkmod2_27-1ubuntu2_amd64.deb ...\nUnpacking libkmod2:amd64 (27-1ubuntu2) ...\nSelecting previously unselected package systemd-timesyncd.\nPreparing to unpack .../09-systemd-timesyncd_245.4-4ubuntu3.13_amd64.deb ...\nUnpacking systemd-timesyncd (245.4-4ubuntu3.13) ...\nSelecting previously unselected package systemd.\nPreparing to unpack .../10-systemd_245.4-4ubuntu3.13_amd64.deb ...\nUnpacking systemd (245.4-4ubuntu3.13) ...\nSetting up libapparmor1:amd64 (2.13.3-7ubuntu5.1) ...\nSetting up libcap2:amd64 (1:2.32-1) ...\nSetting up libargon2-1:amd64 (0~20171227-0.2) ...\nSetting up libdevmapper1.02.1:amd64 (2:1.02.167-1ubuntu1) ...\nSetting up libjson-c4:amd64 (0.13.1+dfsg-7ubuntu0.3) ...\nSetting up libssl1.1:amd64 (1.1.1f-1ubuntu2.9) ...\ndebconf: unable to initialize frontend: Dialog\ndebconf: (TERM is not set, so the dialog frontend is not usable.)\ndebconf: falling back to frontend: Readline\ndebconf: unable to initialize frontend: Readline\ndebconf: (Can\'t locate Term/ReadLine.pm in @INC (you may need to install the Term::ReadLine module) (@INC contains: /etc/perl /usr/local/lib/x86_64-linux-gnu/perl/5.30.0 /usr/local/share/perl/5.30.0 /usr/lib/x86_64-linux-gnu/perl5/5.30 /usr/share/perl5 /usr/lib/x86_64-linux-gnu/perl/5.30 /usr/share/perl/5.30 /usr/local/lib/site_perl /usr/lib/x86_64-linux-gnu/perl-base) at /usr/share/perl5/Debconf/FrontEnd/Readline.pm line 7.)\ndebconf: falling back to frontend: Teletype\nSetting up libcryptsetup12:amd64 (2:2.2.2-3ubuntu2.3) ...\nSetting up libip4tc2:amd64 (1.8.4-3ubuntu2) ...\nSetting up libkmod2:amd64 (27-1ubuntu2) ...\nSetting up systemd-timesyncd (245.4-4ubuntu3.13) ...\nCreated symlink /etc/systemd/system/dbus-org.freedesktop.timesync1.service \xe2\x86\x92 /lib/systemd/system/systemd-timesyncd.service.\nCreated symlink /etc/systemd/system/sysinit.target.wants/systemd-timesyncd.service \xe2\x86\x92 /lib/systemd/system/systemd-timesyncd.service.\nSetting up systemd (245.4-4ubuntu3.13) ...\nCreated symlink /etc/systemd/system/getty.target.wants/getty@tty1.service \xe2\x86\x92 /lib/systemd/system/getty@.service.\nCreated symlink /etc/systemd/system/multi-user.target.wants/remote-fs.target \xe2\x86\x92 /lib/systemd/system/remote-fs.target.\nCreated symlink /etc/systemd/system/dbus-org.freedesktop.resolve1.service \xe2\x86\x92 /lib/systemd/system/systemd-resolved.service.\nCreated symlink /etc/systemd/system/multi-user.target.wants/systemd-resolved.service \xe2\x86\x92 /lib/systemd/system/systemd-resolved.service.\nln: failed to create symbolic link \'/etc/resolv.conf\': Device or resource busy\nCreated symlink /etc/systemd/system/multi-user.target.wants/ondemand.service \xe2\x86\x92 /lib/systemd/system/ondemand.service.\nCreated symlink /etc/systemd/system/sysinit.target.wants/systemd-pstore.service \xe2\x86\x92 /lib/systemd/system/systemd-pstore.service.\nInitializing machine ID from random generator.\nSelecting previously unselected package systemd-sysv.\n(Reading database ... 4939 files and directories currently installed.)\nPreparing to unpack .../systemd-sysv_245.4-4ubuntu3.13_amd64.deb ...\nUnpacking systemd-sysv (245.4-4ubuntu3.13) ...\nSetting up systemd-sysv (245.4-4ubuntu3.13) ...\nSelecting previously unselected package init.\n(Reading database ... 4956 files and directories currently installed.)\nPreparing to unpack .../archives/init_1.57_amd64.deb ...\nUnpacking init (1.57) ...\nSetting up init (1.57) ...\nProcessing triggers for libc-bin (2.31-0ubuntu9.2) ...\n--> 8365295f680\nSTEP 3/3: CMD ["/sbin/init"]\nCOMMIT foo:latest\n--> c5943cdefb8\nSuccessfully tagged localhost/foo:latest\nc5943cdefb8da63207de2195d08a00588ba1a725c9203f0642d2d070c505e717\n[testuser@laptop testdir]$ podman run -d foo:latest\n717f98bc12cd59297073985582f1c4cbc5718595da66ac8a1ee750b9e44bba10\n[testuser@laptop testdir]$ podman logs 717f98bc12cd59297073985582f1c4cbc5718595da66ac8a1ee750b9e44bba10\n[testuser@laptop testdir]$ podman container list\nCONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES\n717f98bc12cd localhost/foo:latest /sbin/init 15 seconds ago Up 15 seconds ago laughing_nobel\n[testuser@laptop testdir]$ podman container list\nCONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES\n717f98bc12cd localhost/foo:latest /sbin/init 31 seconds ago Up 31 seconds ago laughing_nobel\n[testuser@laptop testdir]$ podman container list\nCONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES\n717f98bc12cd localhost/foo:latest /sbin/init 4 minutes ago Up 4 minutes ago laughing_nobel\n[testuser@laptop testdir]$ \n我还可以提到我的笔记本电脑使用 cgroup v2
\n$ ls /sys/fs/cgroup/cgroup.controllers\n/sys/fs/cgroup/cgroup.controllers\n(我不知道这对于示例来说是否是重要信息)
\n| 归档时间: |
|
| 查看次数: |
1678 次 |
| 最近记录: |