|
|
@@ -42,7 +42,7 @@ By default, the CentOS containers are built using yum's `nodocs` option, which h
|
|
|
|
|
|
# Systemd integration
|
|
|
|
|
|
-Currently, systemd in CentOS 7 has been removed and replaced with a `fakesystemd` package for dependency resolution. This is due to systemd requiring the `CAP_SYS_ADMIN` capability, as well as being able to read the host's cgroups. If you wish to replace the fakesystemd package and use systemd normally, please follow the steps below.
|
|
|
+Systemd is now included in both the centos:7 and centos:latest base containers, but it is not active by default. In order to use systemd, you will need to include text similar to the example Dockerfile below:
|
|
|
|
|
|
## Dockerfile for systemd base image
|
|
|
|
|
|
@@ -50,9 +50,7 @@ Currently, systemd in CentOS 7 has been removed and replaced with a `fakesystemd
|
|
|
FROM centos:7
|
|
|
MAINTAINER "you" <[email protected]>
|
|
|
ENV container docker
|
|
|
-RUN yum -y swap -- remove fakesystemd -- install systemd systemd-libs
|
|
|
-RUN yum -y update; yum clean all; \
|
|
|
-(cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i ==
|
|
|
+RUN (cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i ==
|
|
|
systemd-tmpfiles-setup.service ] || rm -f $i; done); \
|
|
|
rm -f /lib/systemd/system/multi-user.target.wants/*;\
|
|
|
rm -f /etc/systemd/system/*.wants/*;\
|
|
|
@@ -65,7 +63,7 @@ VOLUME [ "/sys/fs/cgroup" ]
|
|
|
CMD ["/usr/sbin/init"]
|
|
|
```
|
|
|
|
|
|
-This Dockerfile swaps out fakesystemd for the real package, but deletes a number of unit files which might cause issues. From here, you are ready to build your base image.
|
|
|
+This Dockerfile deletes a number of unit files which might cause issues. From here, you are ready to build your base image.
|
|
|
|
|
|
```console
|
|
|
$ docker build --rm -t local/c7-systemd .
|
|
|
@@ -90,13 +88,13 @@ $ docker build --rm -t local/c7-systemd-httpd
|
|
|
|
|
|
## Running a systemd enabled app container
|
|
|
|
|
|
-In order to run a container with systemd, you will need to use the `--privileged` option mentioned earlier, as well as mounting the cgroups volumes from the host. Below is an example command that will run the systemd enabled httpd container created earlier.
|
|
|
+In order to run a container with systemd, you will need to mount the cgroups volumes from the host. Below is an example command that will run the systemd enabled httpd container created earlier.
|
|
|
|
|
|
```console
|
|
|
-$ docker run --privileged -ti -v /sys/fs/cgroup:/sys/fs/cgroup:ro -p 80:80 local/c7-systemd-httpd
|
|
|
+$ docker run -ti -v /sys/fs/cgroup:/sys/fs/cgroup:ro -p 80:80 local/c7-systemd-httpd
|
|
|
```
|
|
|
|
|
|
-This container is running with systemd in a limited context, but it must always be run as a privileged container with the cgroups filesystem mounted.
|
|
|
+This container is running with systemd in a limited context, with the cgroups filesystem mounted. There have been reports that if you're using an Ubuntu host, you will need to add `-v /tmp/$(mktemp -d):/run` in addition to the cgroups mount.
|
|
|
|
|
|
# Supported Docker versions
|
|
|
|
Jim Perrin