How to run systemctl command inside docker container?
Solution 1
After some investigation I was able to run a docker container with the ability to run systemctl
command.
The following worked when running on an ubuntu:16.04 host:
-
sudo docker run --privileged -v /run/systemd/system:/run/systemd/system -v /bin/systemctl:/bin/systemctl -v /var/run/dbus/system_bus_socket:/var/run/dbus/system_bus_socket -it ubuntu:16.04 systemctl
-
sudo docker run --privileged -v /run/systemd/system:/run/systemd/system -v /var/run/dbus/system_bus_socket:/var/run/dbus/system_bus_socket -it ubuntu:16.04 systemctl
-
And on ubuntu:18.04 host:
sudo docker run --privileged -v /run/systemd/system:/run/systemd/system -v /var/run/dbus/system_bus_socket:/var/run/dbus/system_bus_socket -it ubuntu:18.04 systemctl
Since
systemctl
doesn't come with this image
Solution 2
Thanks ofirule
Tried your solution on debian:10, your solution effectively allows to run the systemctl
but it won't allow it to see/control the host's systemd processes. For this to work the /sys/fs/cgroup
directory must also be mounted as a volume:
docker run -it --rm -v /bin/systemctl:/bin/systemctl -v /run/systemd/system:/run/systemd/system -v /var/run/dbus/system_bus_socket:/var/run/dbus/system_bus_socket -v /sys/fs/cgroup:/sys/fs/cgroup debian:10 systemctl --no-pager status
With this i can control the host's systemd services and even do a shutdown/reboot through systemd.
This seems specific to Debian 10 and not needed for Ubuntu 18.04. Other Debian/Ubuntu versions might or might not need it.
Related videos on Youtube
ofirule
Updated on September 18, 2022Comments
-
ofirule over 1 year
I would like to run a docker container which will have the ability to run
systemctl
commands on its host.Following this question I didn't find a solution that would work for me.
I have no hard limits on the docker base image, so using ubuntu-16.04 docker image for an ubuntu-16.04 host and ubuntu-18.04 docker image for an ubuntu-18.04 host is totally acceptable.
-
Dan over 3 yearsA container needing systemd in it doesn't make much sense. If you need that, you might need to rethink the architecture. The purpose of a container is the run as a single service, if you have more than 1 service running in your container then you aren't using it properly. You can't use or think of containers as a normal OS or a virtual machine.
-
ofirule over 3 yearsI want my container to be able to talk with its host systemd, in order to monitor and start/stop/restart the services , I don't want the actual container to use systemd
-
ofirule over 3 yearsAdding the
--privileged
flag didn't solve it? I guess there are some differences between different OSes -
Martin over 3 yearsNo, the command runs fine but the host's services are not seen. Neither with
--privileged
nor with-u 0:0
. Seems at least on Debian/sys/fs/cgroup
is required. Will test it on an Ubuntu 18:04 -
Martin over 3 yearsTested it on ubuntu:18.04 on aarch64 (don't have access to a ubuntu pc right now) and you are correct, mapping
/sys/fs/cgroup
seems not necessary. For aarch64 a bunch of libs must also be mapped to allowsystemctl
to run, but that is probably aarch64 specific which seems to have a more stripped down docker image. I update my response to mention it is Debian10 specific. Thanks !