2

I am currently using kitchen-docker driver for my test kitchen runs in order to speed up our automated cookbook tests.

However after playing for a while with this I found that every kitchen run fails if there is involved in any recipe a service resource, if I try to stop/start/restart a service, this is not allowed within the container and the run fails.

If I get inside the container using kitchen login, every time I try to use systemctl... I get this error message:

[kitchen@17c054a76e8f ~]$ sudo systemctl restart foo
Failed to get D-Bus connection: Operation not permitted

Is there any way to fix this? I am currently running this image with option privileged: true in .kitchen.yml.

Navarro
  • 1,284
  • 2
  • 17
  • 40
  • This is one of many reasons that even as the maintainer of kitchen-docker, I recommend most people use dokken instead. – coderanger Mar 17 '17 at 08:25
  • Is there any plan to fix this anytime Soon® or should I jump in to Kitchen-Dokken and never look back? – Navarro Mar 17 '17 at 08:46
  • I mean it's not something to fix per se, just that dokken works better for this model. – coderanger Mar 17 '17 at 09:19
  • There are some examples of how to configure Docker to run systemd inside the container, the driver neither helps nor hinders :) just the raw unpleasantness that is Docker. – coderanger Mar 17 '17 at 09:23
  • 1
    Yes... I made systemd services work with `dokken`, but now things like `hostnamectl` makes my whole system crash when invoked inside a container. There is too much pain in this. :( – Navarro Mar 17 '17 at 10:07
  • Docker for cookbook testing is a careful dance, it will never be as robust as a true VM – coderanger Mar 17 '17 at 17:20
  • I was facing the similar issue. So created a service file and copied it into /etc/init.d and it works for restarting the required service. Do we have any better option to restart the services inside a container? – KritiS Aug 18 '17 at 09:16

1 Answers1

4

As I didn't make the move to kitchen-dokken yet as well, here is the config that I use to enable systemd inside kitchen-docker:

driver:
  name: docker
  run_command: /bin/systemd
  cap_add:
    - SYS_ADMIN
  volume:
    - /sys/fs/cgroup

WARNING: I assume that you are familiar with the implications of giving a container SYS_ADMIN capabilities (root-equivalent on the host system, read more).

StephenKing
  • 36,187
  • 11
  • 83
  • 112
  • Great idea! However I don't believe I should use this approach in an environment where many people will be using the agent where cookbooks will be tested... still great for personal usage though. – Navarro Mar 17 '17 at 13:06