Using systemd to Start a Container

Function Description

The init process started in system containers differs from that in common containers. Common containers cannot start system services through systemd. However, system containers have this capability. You can enable the systemd service by specifying the –system-contianer parameter when starting a system container.

Parameter Description

Command

Parameter

Value Description

isula create/run

--system-container

  • The value is of a Boolean data type and can be true or false. The default value is true.
  • Specifies whether it is a system container. This function must be enabled.

Constraints

  • The systemd service needs to call some special system APIs, including mount, umount2, unshare, reboot, and name_to_handle_at. Therefore, permissions to call the preceding APIs are enabled for system containers when the privileged container tag is disabled.
  • All system containers are started by the init process. The init process does not respond to the SIGTERM signal which indicates normal exit. By default, the stop command forcibly kills the container 10 seconds later. If you need a quicker stop, you can manually specify the timeout duration of the stop command.
  • –system-container must be used together with –external-rootfs.
  • Various services can run in a system container. The systemctl command is used to manage the service starting and stopping. Services may depend on each other. As a result, when an exception occurs, some service processes are in the D or Z state so that the container cannot exit properly.
  • Some service processes in a system container may affect other operation results. For example, if the NetworkManager service is running in the container, adding NICs to the container may be affected (the NICs are successfully added but then stopped by the NetworkManger), resulting in unexpected results.
  • Currently, system containers and hosts cannot be isolated by using udev events. Therefore, the fstab file cannot be configured.
  • The systemd service may conflict with the cgconfig service provided by libcgroup. You are advised to delete the libcgroup-related packages from a container or set Delegate of the cgconfig service to no.

Example

  • Specify the –system-container and –external-rootfs parameters to start a system container.

    [root@localhost ~]# isula run -tid -n systest01 --system-container --external-rootfs /root/myrootfs none init
    
  • After the preceding commands are executed, the container is running properly. You can run the exec command to access the container and view the process information. The command output indicates that the systemd service has been started.

    [root@localhost ~]# isula exec -it systest01 bash
    [root@localhost /]# ps -ef
    UID        PID  PPID  C STIME TTY          TIME CMD
    root         1     0  2 06:49 ?        00:00:00 init
    root        14     1  2 06:49 ?        00:00:00 /usr/lib/systemd/systemd-journal
    root        16     1  0 06:49 ?        00:00:00 /usr/lib/systemd/systemd-network
    dbus        23     1  0 06:49 ?        00:00:00 /usr/bin/dbus-daemon --system --
    root        25     0  0 06:49 ?        00:00:00 bash
    root        59    25  0 06:49 ?        00:00:00 ps –ef
    
  • Run the systemctl command in the container to check the service status. The command output indicates that the service is managed by systemd.

    [root@localhost /]# systemctl status dbus
    ● dbus.service - D-Bus System Message Bus
       Loaded: loaded (/usr/lib/systemd/system/dbus.service; static; vendor preset:
    disabled)
       Active: active (running) since Mon 2019-07-22 06:49:38 UTC; 2min 5
    8s ago
         Docs: man:dbus-daemon(1)
     Main PID: 23 (dbus-daemon)
       CGroup: /system.slice/dbus.service
               └─23 /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidf
    ile --systemd-activation --syslog-only
    
    Jul 22 06:49:38 localhost systemd[1]: Started D-Bus System Message Bus.
    
  • Run the systemctl command in the container to stop or start the service. The command output indicates that the service is managed by systemd.

    [root@localhost /]# systemctl stop dbus
    Warning: Stopping dbus.service, but it can still be activated by:
      dbus.socket
    [root@localhost /]# systemctl start dbus
    

有奖捉虫

“有虫”文档片段

存在的问题

提交类型 issue
有点复杂...
找人问问吧。
PR
小问题,全程线上修改...
一键搞定!
问题类型
规范和低错类

● 错别字或拼写错误;标点符号使用错误;

● 链接错误、空单元格、格式错误;

● 英文中包含中文字符;

● 界面和描述不一致,但不影响操作;

● 表述不通顺,但不影响理解;

● 版本号不匹配:如软件包名称、界面版本号;

易用性

● 关键步骤错误或缺失,无法指导用户完成任务;

● 缺少必要的前提条件、注意事项等;

● 图形、表格、文字等晦涩难懂;

● 逻辑不清晰,该分类、分项、分步骤的没有给出;

正确性

● 技术原理、功能、规格等描述和软件不一致,存在错误;

● 原理图、架构图等存在错误;

● 命令、命令参数等错误;

● 代码片段错误;

● 命令无法完成对应功能;

● 界面错误,无法指导操作;

风险提示

● 对重要数据或系统存在风险的操作,缺少安全提示;

内容合规

● 违反法律法规,涉及政治、领土主权等敏感词;

● 内容侵权;

您对文档的总体满意度

非常不满意
非常满意
创Issue赢奖品
根据您的反馈,会自动生成issue模板。您只需点击按钮,创建issue即可。