Develop Reference

"systemctl" command doesn't work on centos with docker

I use docker with centos 8.
How can i use systemctl command in dockerfile please ?
When i install an app it needs systemctl.
I have an error:
System has not been booted with systemd as init system (PID 1). Can't
operate. Failed to connect to bus: Host is down
I build docker like this:
docker build -t myapp:11 .
Same when i try in container:
docker run -it --privileged app:11 /bin/bash
Thank you.
docker build -t nuance:11 .
docker run -it --cap-add=NET_ADMIN nuance:11 /bin/bash
# syntax=docker/dockerfile:1
FROM centos:latest
USER root
RUN cd /etc/yum.repos.d/
RUN sed -i 's/mirrorlist/#mirrorlist/g' /etc/yum.repos.d/CentOS-*
RUN sed -i 's|#baseurl=http://mirror.centos.org|baseurl=http://vault.centos.org|g' /etc/yum.repos.d/CentOS-*
RUN yum -y update && \
yum clean all
RUN yum -y install \
java-11-openjdk-devel \
perl-Data-Dumper \
redhat-lsb-core.x86_64 \
glibc.x86_64 \
glibc.i686 \
libstdc++.x86_64 \
libstdc++.i686 \
openssl \
libgcc \
libgcc.i686 \
libaio.x86_64 \
libaio.i686 \
libnsl.i686 \
ncurses-libs \
httpd.x86_64 \
unzip \
-x postfix \
-x mariadb-libs \
zlib.i686 \
zlib.x86_64
WORKDIR /tmp
COPY Nuance_Speech_Suite-11.0.10-x86_64-linux.tgz ./Nuance_Speech_Suite-11.0.10-x86_64-linux.tgz
COPY NRec-fr-FR-10.0.0-10.1.0.i686-linux.tar.gz ./languages/NRec-fr-FR-10.0.0-10.1.0.i686-linux.tar.gz
COPY NVE_fr_FR_audrey-ml_xpremium-2.1.0_linux.zip ./languages/NVE_fr_FR_audrey-ml_xpremium-2.1.0_linux.zip
COPY NRec-fr-FR-10.0.0-10.1.0-CumulativePatch-1_linux.zip ./languages/NRec-fr-FR-10.0.0-10.1.0-CumulativePatch-1_linux.zip
COPY NRec-fr-FR-10.0.0-10.1.0-CumulativePatch-2_linux.zip ./languages/NRec-fr-FR-10.0.0-10.1.0-CumulativePatch-2_linux.zip
COPY nuance.lic ./nuance.lic
RUN tar -zxf Nuance_Speech_Suite-11.0.10-x86_64-linux.tgz
RUN tar -zxf languages/NRec-fr-FR-10.0.0-10.1.0.i686-linux.tar.gz
RUN unzip languages/NVE_fr_FR_audrey-ml_xpremium-2.1.0_linux.zip
RUN unzip languages/NRec-fr-FR-10.0.0-10.1.0-CumulativePatch-1_linux.zip
RUN unzip languages/NRec-fr-FR-10.0.0-10.1.0-CumulativePatch-2_linux.zip
WORKDIR /tmp/Nuance_Speech_Suite-11.0.10
RUN ./setup.sh -s -f "/tmp/nuance.lic" -j "/usr/lib/jvm/java-11-openjdk" -V "/tmp/languages" -I "NLM,NSS"
last lines of log
2022-12-16 09:22:11 setup.sh: info: Restarting the Nuance License Manager service
2022-12-16 09:22:11 setup.sh: info: starting command 'systemctl restart nuance-licmgr'; output sent to log
System has not been booted with systemd as init system (PID 1). Can't operate.
Failed to connect to bus: Host is down
2022-12-16 09:22:11 setup.sh: info: Command 'systemctl restart nuance-licmgr' returned 1
2022-12-16 09:22:11 setup.sh: error: install_postprocessing_nlm_startservices() failed to start services
2022-12-16 09:22:11 setup.sh: info: skipping invocation of install_postprocessing_nms() due to previous post processing errors
2022-12-16 09:22:11 setup.sh: info: Skipping install_execute_installsuite due to previous errors

You can't run systemctl in a Dockerfile at all. More broadly, commands like systemctl or service don't work well in Docker, and you should restructure your container to avoid them.
For systemctl more specifically, it tries to connect to the systemd daemon. In a Dockerfile, each RUN step occurs in a new container, and like other containers, that container only runs the one RUN command; it does not run systemd or any other typical Linux daemons. Furthermore, at the end of the RUN line, the filesystem is persisted but any other changes are lost, so even if you systemctl start something successfully, the image won't contain a running process.
More generally I'd recommend avoiding systemd in Docker. A minimal init system like tini can be a good idea for some problems like reaping zombie processes; if you must run multiple processes in one container and really can't refactor it then supervisord can fill this need. A typical systemd installation will want to configure kernel parameters, start terminal logins, mount filesystems, and configure the network, all of which are basically impossible in Docker; it will capture the main process's stdout so docker logs doesn't work.
Aim for your container to only have one process. Don't run an init system at all if you don't need to. Don't try to "start a service", just run the program you're trying to build in the foreground as the one thing the container does.
FROM some-base-image
RUN a command to install the software
CMD the_program
# with no `systemctl` anywhere

if you are facing following error when running docker -
docker: Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?.
See 'docker run --help'
or
System has not been booted with systemd as init system (PID 1). Can't operate.
Failed to connect to bus: Host is down
Run following commands
$ sudo systemctl status docker
System has not been booted with systemd as init system (PID 1). Can't operate.
Failed to connect to bus: Host is down
The reason is that you are trying to use systemd command to manage services on Linux but your system doesn't use systemd and (most likely) using the classic SysV init (sysvinit) system.
run following command to confirm if its above case
$ ps -p 1 -o comm=
init
so now you check again the status using
$ sudo service docker status
* Docker is not running
you can start docker using the following command
sudo service docker start
* Starting Docker: docker
for more detail pls refer following link
https://linuxhandbook.com/system-has-not-been-booted-with-systemd/
Systemd command
Sysvinit command
systemctl start service_name
service service_name start
systemctl stop service_name
service service_name stop
systemctl restart service_name
service service_name restart
systemctl status service_name
service service_name status
systemctl enable service_name
chkconfig service_name on
systemctl disable service_name
chkconfig service_name off

Docker.dotnet ListImages fails with permission denied on /var/run/docker.sock in Redhat

Disclaimer: I aware the /var/run/docker.sock issue is way common and there are lots of posts out there on it (although most if not all can be summed up to adding the running user to the docker permissions group). I tried all the those instructions and it still does not help me, in redhat.
I have two containers, one Ubuntu and one running Redhat 7.9.
My problem is specifically not being able to run - in the redhat container only - a call to Docker.Dotnet's ListImages (fails with permission denied in /var/run/docker.sock). In the beginning, I was not able to issue any docker command without prefixing it with sudo. I then added the running user to the docker permissions group, and can issue docker commands without sudo.
But Docker.Dotnet ListImages (which is simply a wrapper to docker api's images/json endpoint) still fails with the permission denied error on docker.sock. I tried all recommended here, to no avail.
I thought perhaps I should add the User=root (although this is not present in my Ubuntu service file, and therefore does not make much sense). I then realized that the ubuntu and redhat docker service files differ considerably.
Ubuntu:
[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
After=network-online.target docker.socket firewalld.service
Wants=network-online.target
Requires=docker.socket
[Service]
Type=notify
# the default is not to use systemd for cgroups because the delegate issues still
# exists and systemd currently does not support the cgroup feature set required
# for containers run by docker
ExecStart=/usr/bin/dockerd -H fd://
ExecReload=/bin/kill -s HUP $MAINPID
LimitNOFILE=1048576
# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNPROC=infinity
LimitCORE=infinity
# Uncomment TasksMax if your systemd version supports it.
# Only systemd 226 and above support this version.
TasksMax=infinity
TimeoutStartSec=0
# set delegate yes so that systemd does not reset the cgroups of docker containers
Delegate=yes
# kill only the docker process, not all processes in the cgroup
KillMode=process
# restart the docker process if it exits prematurely
Restart=on-failure
StartLimitBurst=3
StartLimitInterval=60s
[Install]
WantedBy=multi-user.target
Redhat:
[Unit]
Description=Docker Application Container Engine
Documentation=http://docs.docker.com
After=network.target rhel-push-plugin.service registries.service
Wants=docker-storage-setup.service
Requires=rhel-push-plugin.service registries.service
Requires=docker-cleanup.timer
[Service]
Type=notify
NotifyAccess=main
EnvironmentFile=-/run/containers/registries.conf
EnvironmentFile=-/etc/sysconfig/docker
EnvironmentFile=-/etc/sysconfig/docker-storage
EnvironmentFile=-/etc/sysconfig/docker-network
Environment=GOTRACEBACK=crash
Environment=DOCKER_HTTP_HOST_COMPAT=1
Environment=PATH=/usr/libexec/docker:/usr/bin:/usr/sbin
ExecStart=/usr/bin/dockerd-current \
--add-runtime docker-runc=/usr/libexec/docker/docker-runc-current \
--default-runtime=docker-runc \
--authorization-plugin=rhel-push-plugin \
--exec-opt native.cgroupdriver=systemd \
--userland-proxy-path=/usr/libexec/docker/docker-proxy-current \
--init-path=/usr/libexec/docker/docker-init-current \
--seccomp-profile=/etc/docker/seccomp.json \
$OPTIONS \
$DOCKER_STORAGE_OPTIONS \
$DOCKER_NETWORK_OPTIONS \
$ADD_REGISTRY \
$BLOCK_REGISTRY \
$INSECURE_REGISTRY \
$REGISTRIES
ExecReload=/bin/kill -s HUP $MAINPID
LimitNOFILE=1048576
LimitNPROC=1048576
LimitCORE=infinity
TimeoutStartSec=0
Restart=on-abnormal
KillMode=process
[Install]
WantedBy=multi-user.target
UPDATE:
In ubuntu, I can successfully run a docker engine api command from within one of the app containers using curl --unix-socket /run/docker.sock http://docker/images/json. Doing the same in redhat returns curl: (7) Couldn't connect to server.
Any further guidance here ? The redhat authorization plugin looks suspicious...

At the end... my problem was that in my Redhat installation, as opposed to my Ubuntu, we had SELinux enabled.
Disabling it finally had curl --unix-socket /run/docker.sock http://docker/images/json working from within my composer containers.
To disable Selinux: edit (you may need to impersonate as root using sudo su root) file /etc/selinux/config - replace SELINUX=enforcing with SELINUX=disabled.
Restart the linux server and that's it.
Remark: This may obviously not be an acceptable solution in a production environment. If this is your case, you will need to properly configure SELinux permissions settings. I was simply assigned a task to identify why this problem was happening in one of our dev machines, so disabling it suffices my needs for now.
Update: The ideal solution is following the instructions here and here

How do i expose the Docker Remote API on Centos 7?

On ubuntu i can go into /etc/init/docker.conf and put in DOCKER_OPTS='-H tcp://0.0.0.0:4243 -H unix:///var/run/docker.sock' to get the json data to display on my browser but how can i do it for Centos?
I have tried creating a file in /etc/sysconfig/docker and placing other_args="-H tcp://0.0.0.0:4243 -H unix:///var/run/docker.sock" inside the file and restarting docker but it doesn't do anything.

The systemd unit installed by the Docker corp package hardcodes the command line used to start the docker daemon:
[Service]
Type=notify
ExecStart=/usr/bin/dockerd
ExecReload=/bin/kill -s HUP $MAINPID
[...]
There is no support for reading a file from /etc/sysconfig or elsewhere to modify the command line. Fortunately, systemd gives us the tools we need to change this behavior.
The simplest solution is probably to create the file /etc/systemd/system/docker.service.d/docker-external.conf (the exact filename doesn't matter; it just needs to end with .conf) with the following contents:
[Service]
ExecStart=
ExecStart=/usr/bin/dockerd -H tcp://0.0.0.0:4243 -H unix:///var/run/docker.sock
And then:
systemctl daemon-reload
systemctl restart docker
This is actually documented on the Docker website in this document, which includes instructions for a more flexible solution that will allow you to use files in /etc/sysconfig to control the daemon.

Yes, you can do the configuration thing. But how about a docker solution to a docker problem?
docker run -d \
--name sherpa \
-v /var/run/docker.sock:/tmp/docker.sock \
-p 2375:4550 \
djenriquez/sherpa --allow
Proxies access to the socket through port 2375 on localhost.

1、edit /usr/lib/systemd/system/docker.service to add two params in the service section:
# vim /usr/lib/systemd/system/docker.service
[Service]
ExecStart=
ExecStart=/usr/bin/dockerd -H tcp://0.0.0.0:2375 -H unix://var/run/docker.sock
2、reload the configuration, and then restart docker。
# systemctl daemon-reload
# systemctl restart docker
3、to check for success, see if the return the following response。
# ps -ef|grep docker
root 26208 1 0 23:51 ? 00:00:00 /usr/bin/dockerd -H tcp://0.0.0.0:2375 -H unix://var/run/docker.sock
reference from Expose the Docker Remote API on Centos 7?

docker inside docker container

I want to install docker inside a running docker container.
docker run -it centos:centos7
My base container is using centos, I can login to running container using docker exec. But when I try to install docker inside it using yum install -y docker it installs.
But somehow I can't start the docker service with docker -d &, it gives me error as:
INFO[0000] Option DefaultNetwork: bridge
WARN[0000] Running modprobe bridge nf_nat br_netfilter failed with message: , error: exit status 1
FATA[0000] Error starting daemon: Error initializing network controller: Error initializing bridge driver: Setup IP forwarding failed: open /proc/sys/net/ipv4/ip_forward: read-only file system
Is there a way I can install docker inside docker container or build image already having running docker? I have already seen these examples but none works for me.
The output of uname -r on the host machine:
[fedora# ~]$ uname -r
4.2.6-200.fc22.x86_64
Any help would be appreciated.
Thanks in advance

Update
Thanks to https://stackoverflow.com/a/38016704/372019 I want to show another approach.
Instead of mounting the host's docker binary, you should copy or install a container specific release of the docker binary. Since you're only using it in a client mode, you won't need to install it as a system service. You still need to mount the Docker socket into the container so that you can easily communicate with the host's Docker engine.
Assuming that you got a base image with a working Docker binary (e.g. the official docker image), the example now looks like this:
docker run\
-v /var/run/docker.sock:/var/run/docker.sock\
docker:1.12 docker info
Without actually answering your question I'd suggest you to read Using Docker-in-Docker for your CI or testing environment? Think twice.
It explains why running docker-in-docker should be replaced with a setup where Docker containers run as siblings of the "outer" or "base" container. The article also links to the original https://github.com/jpetazzo/dind project where you can find working examples how to run Docker in Docker - in case you still want to have docker-in-docker.
An example how to enable a container to access the host's Docker daemon look like this:
docker run\
-v /var/run/docker.sock:/var/run/docker.sock\
-v /usr/bin/docker:/usr/bin/docker\
busybox:latest /usr/bin/docker info

If you are on Mac with Docker toolbox.
The below command WON’T WORK
docker run\
-v /var/run/docker.sock:/var/run/docker.sock\
-v /usr/bin/docker:/usr/bin/docker\
busybox:latest /usr/bin/docker info
Because /var/run/docker.sock will not be on your OSX filesystem
the Docker daemon is running inside the boot2docker VM - and that's where the unix socket is.
So you have to run the container from boot2docker VM
$ docker-machine ssh default
$ docker run\
-v /var/run/docker.sock:/var/run/docker.sock\
-v $(which docker):/usr/bin/docker\
busybox:latest /usr/bin/docker info
$ exit
This looks like Docker-in-Docker, feels like Docker-in-Docker, but it’s not Docker-in-Docker, when this container will create more containers, those containers will be created in the top-level Docker.

You need the --privileged parameter.
By default, Docker containers are “unprivileged” and cannot, for
example, run a Docker daemon inside a Docker container.
Source
Run your base image with the command docker run --privileged -it centos:centos7 bash. Then you may install and run another docker container inside that container.

I`ve a similar problems in my vms.
I`ve solve the problem with change the storage file system from image to vfs(in daemon.json file)
like the image bellow
For image works first create a base image, in my case with centos7
FROM centos:7
ENV container docker
RUN (cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i == \
systemd-tmpfiles-setup.service ] || rm -f $i; done); \
rm -f /lib/systemd/system/multi-user.target.wants/*;\
rm -f /etc/systemd/system/*.wants/*;\
rm -f /lib/systemd/system/local-fs.target.wants/*; \
rm -f /lib/systemd/system/sockets.target.wants/*udev*; \
rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \
rm -f /lib/systemd/system/basic.target.wants/*;\
rm -f /lib/systemd/system/anaconda.target.wants/*;
VOLUME [ "/sys/fs/cgroup" ]
CMD ["/usr/sbin/init"]
with this image builded (in my case i called local/c7-systemd) create a second image, installing docker and moving daemon.json to inside.
FROM local/c7-systemd
RUN yum install -y yum-utils
RUN yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
RUN yum install -y docker-ce docker-ce-cli containerd.io
RUN curl -L "https://github.com/docker/compose/releases/download/1.28.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
RUN chmod +x /usr/local/bin/docker-compose
RUN ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose
COPY daemon.json /etc/docker/daemon.json
RUN yum install -y nano
RUN systemctl enable docker
EXPOSE 80
EXPOSE 8080
EXPOSE 8161
EXPOSE 6379
EXPOSE 8761
CMD ["/usr/sbin/init"]
enjoy!

Cannot change Docker image directory

I am using Fedora 22 and I must change my Docker image directory from
/var/lib/docker
to
/home/my_user/docker
Following this
How to change the docker image installation directory? I edited the /etc/sysconfig/docker adding:
other_args="-g /home/rseixas/Programs/Docker/images"
I restarted the service but no change. In fact I restarted my machine and I am not able to see it changing.
Someone can help me?

Do you have a /lib/systemd/system/docker.service file?
If so, edit it so that the Docker service uses the usual /etc/default/docker as an environment file: EnvironmentFile=-/etc/default/docker.
In the /etc/default/docker file then add DOCKER_OPTS="-g /home/rseixas/Programs/Docker/images".
At the end just do a systemctl daemon-reload && systemctl restart docker.
For further information please also have a look at the documentation.

In docker 1.8+ the service file settings changed a little:
[Service]
EnvironmentFile=-/etc/default/docker
# in docker 1.7 use ExecStart:
ExecStart=/usr/bin/docker -d $DOCKER_OPTS -H fd://
# in docker 1.8 use ExecStart:
ExecStart=/usr/bin/docker daemon $DOCKER_OPTS -H fd://
MountFlags=slave
LimitNOFILE=1048576
LimitNPROC=1048576
LimitCORE=infinity
& some other notes for Debian / Fedora with the latest docker & a custom directory.