Merge pull request #61 from gruntwork-io/centos-systemd

Update CentOS Docker image to run systemd by default.
gruntwork-io · Mar 14, 2018 · 63b0a95 · 63b0a95
2 parents 30ad0be + 9bf23f2
commit 63b0a95
Show file tree

Hide file tree

Showing 2 changed files with 37 additions and 4 deletions.
diff --git a/_docker-images/gruntwork-centos-test/Dockerfile b/_docker-images/gruntwork-centos-test/Dockerfile
@@ -1,4 +1,4 @@
-FROM centos:7
+FROM centos/systemd:latest
 
 # Reduce Docker image size per https://blog.replicated.com/refactoring-a-dockerfile-for-image-size/
 # - The last line upgrades pip to the latest version.
@@ -22,4 +22,15 @@ RUN wget -O jq https://github.com/stedolan/jq/releases/download/jq-1.5/jq-linux6
 # Install the AWS CLI per https://docs.aws.amazon.com/cli/latest/userguide/installing.html
 RUN pip install --upgrade pip && \
     pip install --upgrade setuptools && \
-    pip install awscli --upgrade
+    pip install awscli --upgrade
+
+# We run systemd as our container process. Systemd can spawn other forks as necessary to help us simulate a real-world
+# CentOS systemd environment.
+CMD ["/usr/sbin/init"]
+
+# NOTE! This Docker container should be run with the following runtime options to ensure that systemd works correctly:
+# Although this bind-mounted volume would appear at first glance not to work on MacOS or Windows, because those OSs are
+# running a VM to execute Docker and only a limited set of paths are mounted directly from the host, Docker is able to
+# use the Linux VM's privileges to execute systemd correctly.
+#
+# docker run -d --privileged -v /sys/fs/cgroup:/sys/fs/cgroup:ro gruntwork/centos-test
diff --git a/_docker-images/gruntwork-centos-test/README.md b/_docker-images/gruntwork-centos-test/README.md
@@ -1,8 +1,9 @@
 # Gruntwork CentOS-Test Docker Image
 
 The purpose of this Docker image is to provide a pre-built CentOS 7 Docker image that has most of the libraries
-we would expect to be installed on the CentOS 7 AMI that would run in AWS. For example, we'd expect `sudo` in AWS,
-but it doesn't exist by default in Docker `centos:7`.
+we would expect to be installed on the CentOS 7 AMI that would run in AWS. For example, we'd expect `sudo` in AWS, but it
+doesn't exist by default in Docker `centos:7`. It also aims to allow [systemd](https://www.freedesktop.org/wiki/Software/systemd/)
+to run, which, in turn, allows you to run one or more services as [systemd units](https://www.freedesktop.org/software/systemd/man/systemd.unit.html).
 
 ### Building and Pushing a New Docker Image to Docker Hub
 
@@ -12,3 +13,24 @@ upload it:
 1. `docker build -t gruntwork/centos-test:7 .`
 1. `docker push gruntwork/centos-test:7`
 
+### Running this Docker Image
+
+Running systemd require elevated privileges for the Docker container, so you should run this Docker image with at least
+the following options:
+
+```
+docker run -d --privileged -v /sys/fs/cgroup:/sys/fs/cgroup:ro gruntwork/zookeeper-centos-test:latest
+```
+
+Note that:
+
+- We do not specify a run command like `/bin/bash` because we need to retain the Docker Image's default run command of
+  `/usr/sbin/init`. This makes systemd Process ID 1, which allows it to spawn an arbitrary number of other services
+- You can then connect to the Docker container with `docker exec -it <container-id> /bin/bash`.
+- The container must be `--privileged` because it needs to break out of the typical [cgroups](
+  https://docs.docker.com/engine/docker-overview/#the-underlying-technology) to run an init system like systemd.
+- You must "hook in" to a Linux host's cgroups to allow each service to run in its own cgroup. This works even on Docker
+  for Mac and Docker for Windows because those systems still use a Linux VM to run the Docker engine and do not expose
+  the entire host system (e.g. your Mac laptop) for docker volume mounting.
+
+