Testing Ansible roles in Drone CI, systemd services not working

Question

When testing Ansible roles, my systemd services fail to startup. This is the error I get,

TASK [memcached : Packages Present] ********************************************
changed: [localhost] => (item=[u'memcached', u'libmemcached'])

TASK [memcached : Service Enabled] *********************************************
fatal: [localhost]: FAILED! => {"changed": false, "msg": "Could not find the requested service memcached: host"}

My .drone.yml

pipeline:
  build:
    image: samdoran/centos7-ansible
    privileged: true
    commands:
      - echo 'sslverify=0' >> /etc/yum.conf
      - yum install -y redhat-lsb-core python-devel openldap-devel git gcc gcc-c++ python2-pip
      - pip install -U pip tox
      - tox

My docker-compose.yml

version: '2'

services:
  drone-server:
    image: drone/drone:0.8

    ports:
      - 8000:8000
      - 9000
    volumes:
      - /var/lib/drone:/var/lib/drone/
      - /etc/ssl/certs/ca-bundle.crt:/etc/ssl/certs/ca-certificates.crt
    restart: always
    environment:
      - DRONE_OPEN=true
      - DRONE_HOST=https://example.server
      - DRONE_ADMIN=drone
      - DRONE_VOLUME=/etc/ssl/certs/ca-bundle.crt:/etc/ssl/certs/ca-certificates.crt
      - DRONE_GOGS_GIT_USERNAME=drone
      - DRONE_GOGS_GIT_PASSWORD=XXXXXXXX
      - DRONE_GOGS=true
      - DRONE_GOGS_URL=https://example.gogs
      - DRONE_SECRET=${DRONE_SECRET}

  drone-agent:
    image: drone/agent:0.8

    command: agent
    restart: always
    depends_on:
      - drone-server
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
    environment:
      - DRONE_SERVER=drone-server:9000
      - DRONE_SECRET=${DRONE_SECRET}
      - DOCKER_API_VERSION=1.24

I've tried to do a memcached install manually, starting a base centos:7 docker container from my fedora workstation, and the service starts as expected when --privileged. The drone dockers are running on a RHEL 7 host. I have already set the repository to trusted, within the Drone interface.

score 0 · Answer 1 · answered Dec 04 '17 at 22:20

0

Add readonly rights to /sys/fs/cgroup to your volumessection: - /sys/fs/cgroup:/sys/fs/cgroup:ro

The full explanation here.

answered Dec 04 '17 at 22:20

sebthebert

12,196
2
26
37

Yea, but where? I already tried doing that in the `.drone.yml` – J. M. Becker Dec 09 '17 at 02:32
Placed it in all three locations, useless. – J. M. Becker Dec 09 '17 at 02:35

score 0 · Accepted Answer · answered Dec 24 '17 at 19:01

Turns out the problem is related to how the entrycommands are implemented, if you override the commands it doesn't init like expected. Thus the workaround is to start the container, detach, then send commands to the running container.

---

pipeline:
  system:
    image: cyberpunkspike/docker-centos7-ansible:latest
    labels:
      com.amtrustna.it.infr.serv.system: "true"
    cap_add:
      - SYS_ADMIN
    volumes:
      - /sys/fs/cgroup:/sys/fs/cgroup:ro
    init: /usr/lib/systemd/systemd
    detach: true

  exec:
    image: docker
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
    commands:
      - CONTAINER_ID="$(docker ps -qf "label=com.amtrustna.it.infr.serv.system")"
      - test -n "$CONTAINER_ID" || { echo "Container Not Found"; exit 1 ;}
      - docker exec -t "$CONTAINER_ID" sh -c "export TERM=xterm-256color; cd $PWD && tox"

score 0 · Answer 3 · answered Jan 02 '18 at 01:54

0

Sometimes you can drop the whole priviledged/systemd stuff by replacing the init-command with systemctl.py. It may even give you different error diagnostics.

answered Jan 02 '18 at 01:54

Guido U. Draheim

3,038
1
20
19

Testing Ansible roles in Drone CI, systemd services not working

3 Answers3