如何解决通过打包程序构建 docker 容器并通过 Chef-solo 进行配置在启动服务时失败
以下是一个更大的镜像工厂模板的摘录,它构建了一个 centos:7 docker 镜像。一切都按预期工作,但是我在运行的容器上遇到了 dbus 错误。任何帮助表示赞赏!
同样的代码在以下情况下有效:
- 我使用
vmware-iso或virtualbox构建器。 - 我使用
centos:6图像
我试过没有效果:
- 切换到
chef-client -z - 添加了
/sys/fs/cgroup:/sys/fs/cgroup:ro卷 - 将
privileged添加到 docker 构建器
模板:
{
"builders": [{
"type": "docker","image": "centos:7","privileged": true,"changes": [
"ONBUILD RUN {{ isotime }}"
],"volumes": {
"/sys/fs/cgroup": "/sys/fs/cgroup:ro"
},"export_path": "~/tmp/party_parrot.tar"
}],"provisioners": [{
"cookbook_paths": [
"chef"
],"prevent_sudo": true,"run_list": [
"redhat_factory::default"
],"chef_license": "accept","type": "chef-solo"
}]
}
厨师食谱:
package 'tuned'
service 'tuned' do
action %i(start enable)
end
日志:
docker: output will be in this color.
==> docker: Creating a temporary directory for sharing data...
==> docker: Pulling Docker image: centos:7
docker: 7: Pulling from library/centos
docker: Digest: sha256:0f4ec88e21daf75124b8a9e5ca03c37a5e937e0e108a255d890492430789b60e
docker: Status: Image is up to date for centos:7
docker: docker.io/library/centos:7
==> docker: Starting docker container...
docker: Run command: docker run --privileged -v /sys/fs/cgroup:/sys/fs/cgroup:ro -v /Users/cr2p/.packer.d/tmp727655581:/packer-files -d -i -t --entrypoint=/bin/sh -- centos:7
docker: Container ID: f62d47e257a210442cce7f059a2be3dceb06fbce7673f16e04a52bdf5fa92891
==> docker: Using docker communicator to connect: 172.17.0.4
==> docker: Provisioning with chef-solo
docker: Installing Chef...
==> docker: % Total % Received % Xferd Average Speed Time Time Time Current
==> docker: Dload Upload Total Spent Left Speed
docker: el 7 x86_64
docker: Getting information for chef stable for el...
docker: downloading https://omnitruck.chef.io/stable/chef/metadata?v=&p=el&pv=7&m=x86_64
docker: to file /tmp/install.sh.17/metadata.txt
docker: trying curl...
==> docker: 100 23409 100 23409 0 0 34412 0 --:--:-- --:--:-- --:--:-- 34374
docker: sha1 dffee30e640f443cf1fbf8db17f319db09c1e21e
docker: sha256 b855820c1697dad395d3798f265e8c431b54a3bd29bbbd9ef87995cceaad3f17
docker: url https://packages.chef.io/files/stable/chef/17.2.29/el/7/chef-17.2.29-1.el7.x86_64.rpm
docker: version 17.2.29
docker: downloaded metadata file looks valid...
docker: downloading https://packages.chef.io/files/stable/chef/17.2.29/el/7/chef-17.2.29-1.el7.x86_64.rpm
docker: to file /tmp/install.sh.17/chef-17.2.29-1.el7.x86_64.rpm
docker: trying curl...
docker: Comparing checksum with sha256sum...
docker:
docker: WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
docker:
docker: You are installing a package without a version pin. If you are installing
docker: on production servers via an automated process this is DANGEROUS and you will
docker: be upgraded without warning on new releases,even to new major releases.
docker: Letting the version float is only appropriate in desktop,test,development or
docker: CI/CD environments.
docker:
docker: WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
docker:
docker: Installing chef
docker: installing with rpm...
==> docker: warning: /tmp/install.sh.17/chef-17.2.29-1.el7.x86_64.rpm: Header V4 DSA/SHA1 Signature,key ID 83ef826a: NOKEY
docker: Preparing... ########################################
docker: Updating / installing...
docker: chef-17.2.29-1.el7 ########################################
docker: Thank you for installing Chef Infra Client! For help getting started visit https://learn.chef.io
docker: Creating directory: /tmp/packer-chef-solo
docker: Creating directory: /tmp/packer-chef-solo/cookbooks-0
docker: Creating configuration file 'solo.rb'
docker: Creating JSON attribute file
docker: Executing Chef: chef-solo --no-color -c /tmp/packer-chef-solo/solo.rb -j /tmp/packer-chef-solo/node.json
docker: +---------------------------------------------+
docker: ✔ 2 product licenses accepted.
docker: +---------------------------------------------+
docker: Starting Chef Infra Client,version 17.2.29
docker: Patents: https://www.chef.io/patents
docker: [2021-06-17T15:02:07+00:00] WARN: Plugin Network: unable to detect ipaddress
docker: [2021-06-17T15:02:07+00:00] ERROR: shard_seed: Failed to get dmi property serial_number: is dmidecode installed?
docker: resolving cookbooks for run list: ["redhat_factory::default"]
docker: Synchronizing Cookbooks:
docker: - redhat_factory (1.0.0)
docker: Installing Cookbook Gems:
docker: Compiling Cookbooks...
docker: [2021-06-17T15:02:08+00:00] WARN: Resource yum_package built into Chef Infra Client is being overridden by the resource from a cookbook. Please upgrade your cookbook or remove the cookbook from your run_list.
docker: [2021-06-17T15:02:08+00:00] WARN: Provider yum_package built into Chef Infra Client is being overridden by the provider from a cookbook. Please upgrade your cookbook or remove the cookbook from your run_list.
docker: Converging 4 resources
docker: Recipe: redhat_factory::default
docker: * entitler[entitler] action nothing (skipped due to action :nothing)
docker: Recipe: redhat_factory::dummy
docker: * yum_package[tuned] action install
docker: - install version 0:2.11.0-11.el7_9.noarch of package tuned
docker: * service[tuned] action start
docker: * service[tuned]: No custom command for start specified and unable to locate the init.d script!
docker: ================================================================================
docker: Error executing action `start` on resource 'service[tuned]'
docker: ================================================================================
docker:
docker: Chef::Exceptions::Service
docker: -------------------------
docker: service[tuned]: No custom command for start specified and unable to locate the init.d script!
docker:
docker: Resource Declaration:
docker: ---------------------
docker: # In /tmp/packer-chef-solo/local-mode-cache/cache/cookbooks/redhat_factory/recipes/dummy.rb
docker:
docker: 3: service 'tuned' do
docker: 4: action %i(start enable)
docker: 5: end
docker:
docker: Compiled Resource:
docker: ------------------
docker: # Declared in /tmp/packer-chef-solo/local-mode-cache/cache/cookbooks/redhat_factory/recipes/dummy.rb:3:in `from_file'
docker:
docker: service("tuned") do
docker: action [:start,:enable]
docker: default_guard_interpreter :default
docker: declared_type :service
docker: cookbook_name "redhat_factory"
docker: recipe_name "dummy"
docker: service_name "tuned"
docker: supports {:restart=>nil,:reload=>nil,:status=>nil}
docker: end
docker:
docker: System Info:
docker: ------------
docker: chef_version=17.2.29
docker: platform=centos
docker: platform_version=7.9.2009
docker: ruby=ruby 3.0.1p64 (2021-04-05 revision 0fb782ee38) [x86_64-linux]
docker: program_name=/usr/bin/chef-solo
docker: executable=/opt/chef/bin/chef-solo
docker:
docker:
docker: Running handlers:
docker: [2021-06-17T15:02:37+00:00] ERROR: Running exception handlers
docker: Running handlers complete
docker: [2021-06-17T15:02:37+00:00] ERROR: Exception handlers complete
docker: Chef Infra Client failed. 1 resources updated in 31 seconds
docker: [2021-06-17T15:02:37+00:00] FATAL: Stacktrace dumped to /tmp/packer-chef-solo/local-mode-cache/cache/chef-stacktrace.out
docker: [2021-06-17T15:02:37+00:00] FATAL: Please provide the contents of the stacktrace.out file if you file a bug report
docker: [2021-06-17T15:02:37+00:00] FATAL: Chef::Exceptions::Service: service[tuned] (redhat_factory::dummy line 3) had an error: Chef::Exceptions::Service: service[tuned]: No custom command for start specified and unable to locate the init.d script!
==> docker: Provisioning step had errors: Running the cleanup provisioner,if present...
==> docker: Killing the container: f62d47e257a210442cce7f059a2be3dceb06fbce7673f16e04a52bdf5fa92891
Build 'docker' errored after 48 seconds 995 milliseconds: Error executing Chef: Non-zero exit status: 1
==> Wait completed after 48 seconds 996 milliseconds
==> Some builds didn't complete successfully and had errors:
--> docker: Error executing Chef: Non-zero exit status: 1
==> Builds finished but no artifacts were created.
连接到正在运行的容器:
[root@a74a6b2cfa39 /]# systemctl --system status tuned
Failed to get D-Bus connection: Operation not permitted
[root@a74a6b2cfa39 /]# systemctl --system start tuned
Failed to get D-Bus connection: Operation not permitted
提前致谢!
解决方法
我已经能够通过以下方式修改我的工作来解决这个问题:
- 特别修改
run_command的entrypoint属性 - 添加
tmpfs数组 - 最后修改chef provisioner的staging目录
打包模板:
{
"builders": [{
"type": "docker","image": "centos:7","pull": false,"privileged": true,"changes": [
"ONBUILD RUN {{ isotime }}"
],"volumes": {
"/sys/fs/cgroup": "/sys/fs/cgroup:ro"
},"export_path": "~/tmp/party_parrot.tar","tmpfs": [
"/tmp","/run"
],"run_command": ["-d","-i","-t","--entrypoint=/usr/sbin/init","--","{{.Image}}"]
}],"provisioners": [{
"cookbook_paths": [
"chef"
],"prevent_sudo": true,"run_list": [
"redhat_factory::default"
],"chef_license": "accept","type": "chef-solo","staging_directory": "/chef"
}]
}
“systemctl”脚本是一个小程序,它只与系统中 PID 1 上的 systemd dameon 进行通信。通过询问也未启动的 d-bus 来打开通信通道。 privledged/cgroup 技巧已经使用了一段时间,直到 docker 容器能够直接运行 systemd 守护进程。
我个人更喜欢使用 docker-systemctl-replacement/ 来启动和运行未为 docker 环境准备的安装程序。虽然它是在考虑“ansible”的情况下开发的,但看到它与“厨师”一起工作可能会很有趣。
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。