(我是Docker初学者。然后我关注了CentOS-7的一些教程)
在我的CentOS 7.2
中,我尝试按照以下步骤学习Docker。
# docker version
Client:
Version: 1.10.3
API version: 1.22
Go version: go1.5.3
Git commit: 20f81dd
Built: Thu Mar 10 15:39:25 2016
OS/Arch: linux/amd64
Server:
Version: 1.10.3
API version: 1.22
Go version: go1.5.3
Git commit: 20f81dd
Built: Thu Mar 10 15:39:25 2016
OS/Arch: linux/amd64
# docker pull centos:latest
# docker images
centos latest 778a53015523 12 days ago 196.7 MB
# mkdir ~/docker/centos7-systemd
# cd ~/docker/centos7-systemd
# vi Dockerfile
FROM centos
MAINTAINER "XXXX XXXX" <[email protected]>
ENV container docker
RUN (cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i == systemd-tmpfiles-setup.service ] || rm -f $i; done); \
rm -f /lib/systemd/system/multi-user.target.wants/*;\
rm -f /etc/systemd/system/*.wants/*;\
rm -f /lib/systemd/system/local-fs.target.wants/*; \
rm -f /lib/systemd/system/sockets.target.wants/*udev*; \
rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \
rm -f /lib/systemd/system/basic.target.wants/*;\
rm -f /lib/systemd/system/anaconda.target.wants/*;
VOLUME [ "/sys/fs/cgroup" ]
CMD ["/usr/sbin/init"]
# docker build --rm -t local/centos7-systemd .
..
Successfully built 1a9f1c4938b3
# docker images
centos latest 778a53015523 12 days ago 196.7 MB
local/centos7-systemd latest 1a9f1c4938b3 8 seconds ago 196.7 MB
所以到目前为止,一切(似乎)都可以。 现在我跑的时候问题出现了:
# docker run -ti -v /sys/fs/cgroup:/sys/fs/cgroup:ro -p 80:80 local/centos7-systemd
Failed to mount tmpfs at /run: Operation not permitted
Failed to mount cgroup at /sys/fs/cgroup/systemd: Operation not permitted
[!!!!!!] Failed to mount API filesystems, freezing.
这甚至意味着什么,更重要的是,发生了什么,我该如何解决这个问题呢?
谢谢你们 :)
尝试以特权模式运行容器:
docker run -ti --privileged=true -v /sys/fs/cgroup:/sys/fs/cgroup:ro -p 80:80 local/centos7-systemd
这应该可以解决你的问题
我跟着
docker run -ti --privileged=true -v /sys/fs/cgroup:/sys/fs/cgroup:ro -p 80:80 local/centos7-systemd
并想出来
Failed to insert module 'autofs4'
Failed to mount cgroup at /sys/fs/cgroup/systemd: No such file or directory
systemd 219 running in system mode. (+PAM +AUDIT +SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ -LZ4 -SECCOMP +BLKID +ELFUTILS +KMOD +IDN)
Detected virtualization docker.
Detected architecture x86-64.
Welcome to CentOS Linux 7 (Core)!
Set hostname to <c7b8edb49c60>.
Initializing machine ID from random generator.
Cannot determine cgroup we are running in: No such file or directory
Failed to allocate manager object: No such file or directory
[!!!!!!] Failed to allocate manager object, freezing.
想知道它不适用于MacOS?
我在Docker for Windows(1.12.3)中遇到了同样的问题......
$ docker logs bareos
systemd 219 running in system mode. (+PAM +AUDIT +SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ -LZ4 -SECCOMP +BLKID +ELFUTILS +KMOD +IDN)
Detected virtualization docker.
Detected architecture x86-64.
Welcome to CentOS Linux 7 (Core)!
Set hostname to <bareos>.
Failed to install release agent, ignoring: No such file or directory
Failed to create root cgroup hierarchy: No such file or directory
Failed to allocate manager object: No such file or directory
[!!!!!!] Failed to allocate manager object, freezing.
最新的boot2docker
没有systemd
。如果主机没有,我们不能在Docker容器中使用systemd
。因为重要的文件夹是/sys/fs/cgroup/systemd
。
最后,我在基于Alpine Linux的VitualBox和default
default
以及docker-machine
驱动程序中创建了一个generic
vm。
正如我所说的here,你没有被迫使用--privileged=true
参数(这可能是危险的恕我直言),你只是忘了将-v /run
添加到你的docker run
命令。
所以你的最终运行命令应该是:
docker run -ti -v /sys/fs/cgroup:/sys/fs/cgroup:ro -v /run -p 80:80 local/centos7-systemd
在丹尼尔·沃尔什(Daniel Walsh)贡献了一系列补丁之后,更现代化的方法是......
docker run -ti --tmpfs /tmp --tmpfs /run -v /sys/fs/cgroup:/sys/fs/cgroup:ro -p 80:80 local/centos7-systemd
有关更多信息,请参阅https://developers.redhat.com/blog/2016/09/13/running-systemd-in-a-non-privileged-container/
MacOS X不需要在容器中安装cgroups卷
$docker run -it -p 80:80 ${ImageID}
在运行了许多容器实例之后,My mac陷入了困境
[!!!!!!] Failed to mount API filesystems, freezing.
reference目前bash模式对我来说很好
$docker run -it -p 80:80 ${ImageID} /bin/bash
虽然你可以在容器内运行systemd,但我认为这不是一个好主意。原因如下:
EXPOSE 80
CMD [ "/sbin/init" ]
虽然这对于这些容器来说当然不是唯一的,但它仍然不太安全:
Just say no to root (in containers)
Why Non-Root Containers Are Important For SecurityFROM centos:centos7
# RHSCL httpd24 image.
#
# Volumes:
# * /opt/rh/httpd24/root/var/www - Datastore for httpd
# * /var/log/httpd24 - Storage for logs when $HTTPD_LOG_TO_VOLUME is set
# Environment:
# * $HTTPD_LOG_TO_VOLUME (optional) - When set, httpd will log into /var/log/httpd24
EXPOSE 80
EXPOSE 443
COPY run-*.sh /usr/local/bin/
RUN mkdir -p /var/lib/httpd24
COPY contrib /var/lib/httpd24/
RUN rpmkeys --import file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7 && \
yum -y --setopt=tsflags=nodocs install https://www.softwarecollections.org/en/scls/rhscl/httpd24/epel-7-x86_64/download/rhscl-httpd24-epel-7-x86_64.noarch.rpm && \
yum install -y --setopt=tsflags=nodocs gettext hostname bind-utils httpd24 httpd24-mod_ssl && \
yum clean all
# When bash is started non-interactively, to run a shell script, for example it
# looks for this variable and source the content of this file. This will enable
# the SCL for all scripts without need to do 'scl enable'.
ENV BASH_ENV=/var/lib/httpd24/scl_enable \
ENV=/var/lib/httpd24/scl_enable \
PROMPT_COMMAND=". /var/lib/httpd24/scl_enable"
VOLUME ["/opt/rh/httpd24/root/var/www"]
VOLUME ["/var/log/httpd24"]
ENTRYPOINT ["/usr/local/bin/run-httpd24.sh"]
CMD ["httpd", "-DFOREGROUND"]
当然,如果您知道所有这些并且仍然希望在容器中运行systemd,正如其他人已经提到的那样,它是可能的。我不认为重复他们已经说过的话有什么价值。
如果您不需要在前台使用run容器,则可以在分离模式下启动它以避免此错误。例如:
docker run -d --name=my_container_name image_id
然后你可以使用这样的东西将shell放入容器中:
docker exec -ti my_container_name /bin/bash
如果Dockerfile CMD中的前台没有命令,导致容器立即退出,则可以添加一个使其保持运行的命令,例如:
docker run -d --name=my_container_name image_id tail -f /dev/null
有关最后一个示例的更多详细信息,请参阅SO answer。