2

Trying to test docker containers over server with CentOS 8.5 Server.

The container has CentOS 7.9 within it.

Entrypoint for it is /usr/sbin/init.

First launch:

docker run --name test --network=host --privileged --cap-add centos7_with_sbin_init

Is passing success.

After that,trying to launch ANY docker image with --network=host fails:

docker run -network=host hello-world

docker: Error response from daemon: failed to create shim: OCI runtime create failed:
container_linux.go:380:
starting container process caused: process_linux.go:402:
getting the final childs pid from pipe caused:
EOF: unknown.
ERRO 0000 error waiting for container: context canceled

I assume the sbin/init entrypoint of the 1st container launched, Some how breaks following container functionality, By some corruption to undelying host docker conf,

Due to differences in systemd versions

On server (centos 8.5):

systemd 239 (239-51.el8_5.2)
+PAM +AUDIT +SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD +IDN2 -IDN +PCRE2 default-hierarchy=legacy

On container (centos 7.9):

systemd 219
+PAM +AUDIT +SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 -SECCOMP +BLKID +ELFUTILS +KMOD +IDN

Only by restarting docker & containerd services, I'm able to launch containers with host network again. (until next time i run my custom container..)

Any ideas?? Thanks

Adiel
  • 1,203
  • 3
  • 18
  • 31
  • 1
    Systemd wants to manage a _lot_ of things, and starting it in a privileged container with host networking allows it to. You may need to reboot the host to get back to a consistent state. I'd avoid trying to run Systemd in a container; use a light-weight single-process init system like `tini` or even just run the application directly in the foreground as the container `CMD`. – David Maze Apr 28 '22 at 16:41
  • @davidmaze thanks, but i do need it as it. Inside the container I'm emulating a vm using libvirt. The same flow and configuration works when the physical host is running centos7 instead of 8 – Adiel Apr 28 '22 at 17:12
  • @Adiel AFAIK CentOS 8.5 didn't have docker in their standart repo. That means that you have installed docker either by hand or from a side repository. It would be good to clarify the version of docker you are running and the way you've installed it. – Max Dmitrichenko Feb 04 '23 at 21:51
  • @MaxDmitrichenko installed docker-ce as docker documentation instructs (https://docs.docker.com/engine/install/centos/) . Version is not so relevant - i tried many versions, latest and older from ~year ago. all failed the same. I was able to repro on centos 7.9 as well – Adiel Feb 05 '23 at 17:39

0 Answers0