Here’s another quick post about docker, sorry again if it will come out a bit raw.
In my previous post I talked about my first experiments with docker. There was a number of unanswered questions at first, which got an answer through updates to the blog post during the following days. All but one. When talking about a containerized process that needs to log through syslog to an external server, the post concluded:
if the dockerized process itself needs to communicate with a syslog service “on board”, this may not be enough…
Let’s restate the problem to make it clear:
- the logs from a docker container are available either thorough the
docker logscommand or through logging drivers;
- the log of a docker container consists of the output of the containerized process to the usual filehandles; if the process has no output, no logs are exported; if the process logs to file, those files must be collected either copying them out of the container or through an external volume/filesystem, otherwise they will be lost;
- if we want a containerized process to send its logs through syslog and the process expects to have a syslog daemon on board of the same host (in this case, the same container), you are in trouble.
Well, OK, maybe “in trouble” is a bit too much. Then let’s say that running more than one process in the same container requires a bit more work than the “one container, one process” case. The case of putting more than one process in a container is actually so common that it’s even included in the official documentation. That’s probably why supervisor seems to be so common among docker users.
Since the solution is explained in the documentation I could well use it, but I was more intrigued in understanding what a real init system looks like in a container. So rather than just study and slavishly apply the supervisor approach I decided to research on how to run systemd inside a docker container. It turned out it may not be easy or super-safe, but it’s definitely possible. This is what I did:
- starting from the ubuntu Baseimage running systemd I found on GitHub I built a new image of a Debian jessie running systemd;
- with that new image, I built a proof-of-concept image based on the cf-serverd image described in my previous post, this time running cf-serverd and syslog-ng in the container.
And that worked! According to the logs I actually have cf-serverd and syslog-ng running in the container. For example:
root@tyrrell:/home/bronto# docker run -ti --rm -P --cap-add=SYS_ADMIN -v /sys/fs/cgroup:/sys/fs/cgroup:ro --log-driver=syslog --log-opt tag="poc-systemd" bronto/poc-systemd systemd 215 running in system mode. (+PAM +AUDIT +SELINUX +IMA +SYSVINIT +LIBCRYPTSETUP +GCRYPT +ACL +XZ -SECCOMP -APPARMOR) Detected virtualization 'other'. Detected architecture 'x86-64'. Welcome to Debian GNU/Linux 8 (jessie)! Set hostname to <ffb5129613a3>. [ OK ] Reached target Paths. [ OK ] Created slice Root Slice. [ OK ] Listening on Delayed Shutdown Socket. [ OK ] Listening on Journal Socket (/dev/log). [ OK ] Listening on Journal Socket. [ OK ] Created slice System Slice. [ OK ] Listening on Syslog Socket. [ OK ] Reached target Sockets. [ OK ] Reached target Slices. [ OK ] Reached target Swap. [ OK ] Reached target Local File Systems. Starting Create Volatile Files and Directories... Starting Journal Service... [ OK ] Started Journal Service. [ OK ] Started Create Volatile Files and Directories. [ OK ] Reached target System Initialization. [ OK ] Reached target Timers. [ OK ] Reached target Basic System. Starting CFEngine 3 deamons... Starting Regular background program processing daemon... [ OK ] Started Regular background program processing daemon. Starting /etc/rc.local Compatibility... Starting System Logger Daemon... Starting Cleanup of Temporary Directories... [ OK ] Started /etc/rc.local Compatibility. [ OK ] Started Cleanup of Temporary Directories. [ OK ] Started System Logger Daemon. [ OK ] Started CFEngine 3 deamons. [ OK ] Reached target Multi-User System.
“I want to try that, too! Can you share your dockerfiles?”
Sure thing, just head out to GitHub and enjoy!
Things to be sorted out
The systemd container doesn’t stop properly. For some reason, when you run
docker stop docker sends a signal, which the container defiantly ignores, and waits 10 seconds, then it kills it. Dunno why but hey! It’s just a few days I’m using this contraption!!!