systemd-python docker images

The systemd-python enabled docker images defined here can be found on dockerhub.

Status

Directory structure

• aports-dev contains an image for Alpine Linux aports development.
• openrc and systemd contain init-enabled docker images in which services are able to run.

Run molecule tests

The example below uses ansible-datacenter molecule tests

$ git clone https://github.com/lj020326/ansible-datacenter.git
$ cd ansible-datacenter
$ ## NOTE: registry default is docker.io
$ export MOLECULE_IMAGE_REGISTRY=registry.example.int:5000
$ export MOLECULE_IMAGE_LABEL=redhat7-systemd-python
$ molecule login
$ molecule --debug test -s bootstrap-linux-package
$ molecule destroy
$ MOLECULE_IMAGE_LABEL=redhat8-systemd-python molecule --debug test -s bootstrap-linux-package
$ MOLECULE_IMAGE_LABEL=redhat8-systemd-python molecule login
$ molecule destroy
$ MOLECULE_IMAGE_LABEL=redhat8-systemd-python molecule converge
$ molecule destroy
$ MOLECULE_IMAGE_LABEL=centos8-systemd-python molecule --debug converge
$ molecule destroy
$ MOLECULE_IMAGE_LABEL=ubuntu2204-systemd-python molecule --debug converge

To log into container

$ MOLECULE_IMAGE_LABEL=redhat8-systemd-python molecule create
$ MOLECULE_IMAGE_LABEL=redhat8-systemd-python molecule login
$ molecule destroy

To log into pure public docker images:

docker exec -it lj020326/centos9-systemd:latest bash
docker exec -it lj020326/centos9-systemd-python:latest bash

To log into pure private docker image:

$ importsslcert media.johnson.int:5000
$ docker login media.johnson.int:5000
$ docker pull media.johnson.int:5000/centos9-systemd:latest
## Run the systemd container as a daemon
$ docker run -d --name centos9-systemd --privileged --tmpfs /tmp --tmpfs /run --tmpfs /run/lock -v /sys/fs/cgroup:/sys/fs/cgroup:ro media.johnson.int:5000/centos9-systemd
$ docker exec -it centos9-systemd bash
## run the python enabled systemd container image
$ docker run -d --name centos9-systemd-python --tmpfs /tmp --tmpfs /run --tmpfs /run/lock -v /sys/fs/cgroup:/sys/fs/cgroup:ro media.johnson.int:5000/centos9-systemd-python
$ docker exec -it centos9-systemd-python bash

To override entrypoint and run bash instead:

$ docker run -it --name centos9-systemd --entrypoint /bin/bash --privileged --tmpfs /tmp --tmpfs /run --tmpfs /run/lock -v /sys/fs/cgroup:/sys/fs/cgroup:ro media.johnson.int:5000/centos9-systemd

Building images

To build an image using centos9-systemd as an example:

$ cd systemd/centos/
$ docker build -t centos9-systemd --build-arg IMAGE_REGISTRY=media.johnson.int:5000 -f 9.Dockerfile .

To build image from project root:

$ docker build -t redhat9-systemd-python \
  --build-arg IMAGE_REGISTRY=media.johnson.int:5000 \
  -f systemd/redhat/9.python.Dockerfile \
  systemd/redhat/

If you want to start a debug session when a build fails, you can use --on=error to start a debug session when the build fails.

To build in debug mode:

$ export BUILDX_EXPERIMENTAL=1
$ docker buildx debug --on=error build -t redhat9-systemd-python \
  --build-arg IMAGE_REGISTRY=media.johnson.int:5000 \
  -f systemd/redhat/9.python.Dockerfile \
  systemd/redhat/

To build an image using centos9-systemd as an example:

$ cd centos/
$ docker build -t centos9-systemd --build-arg IMAGE_REGISTRY=media.johnson.int:5000 -f 9.Dockerfile .
$ docker build -t centos9-systemd-python --build-arg IMAGE_REGISTRY=media.johnson.int:5000 -f 9.python.Dockerfile .
$ cd ../debian
$ docker build -t debian8-systemd-python --build-arg IMAGE_REGISTRY=media.johnson.int:5000 -f 8.python.Dockerfile .

Running bash in image

To run bash in newly built image:

## if testing the locally built image
$ docker run --rm -it centos8-systemd bash -il
## if testing the image pushed to the registry
$ docker run --rm -it media.johnson.int:5000/centos8-systemd bash -il

Debugging failed build

When one of the Dockerfile build command fails, look for the id of the preceding layer and run a shell in a container created from that id:

$ docker run --rm -it centos8-systemd bash -il
$ docker run --rm -it centos8-systemd bash -il
$ docker run --rm -it <id_last_working_layer> bash -il

on flag

To start the debugger, first, ensure that BUILDX_EXPERIMENTAL=1 is set in your environment.

$ export BUILDX_EXPERIMENTAL=1

To view intermediate container hashes:

$ export DOCKER_BUILDKIT=0

If you want to start a debug session when a build fails, you can use --on=error to start a debug session when the build fails.

$ export BUILDX_EXPERIMENTAL=1
$ docker buildx debug --on=error build .
$ docker buildx debug --on=error build -t debian8-systemd-python --build-arg IMAGE_REGISTRY=media.johnson.int:5000 -f 8.python.Dockerfile .

UPDATE Intermediate container hashes are not supported as of Docker version 20.10. To view intermediate container hashes:

$ DOCKER_BUILDKIT=0 docker build -t debian8-systemd-python --build-arg IMAGE_REGISTRY=media.johnson.int:5000 -f 8.python.Dockerfile .
DEPRECATED: The legacy builder is deprecated and will be removed in a future release.
            BuildKit is currently disabled; enable it by removing the DOCKER_BUILDKIT=0
            environment-variable.

Sending build context to Docker daemon  62.46kB
Step 1/25 : ARG IMAGE_REGISTRY=lj020326
Step 2/25 : FROM $IMAGE_REGISTRY/debian8-systemd:latest
 ---> e073c8665ceb
...
Step 20/25 : ENV PATH="$PYENV_ROOT/shims:$PYENV_ROOT/bin:$PATH"
 ---> Running in 51ebbfe0c1eb
 ---> Removed intermediate container 51ebbfe0c1eb
 ---> b1c595d36fc4
Step 21/25 : RUN CPPFLAGS="-I/usr/local/openssl/include -I/usr/local/openssl/include/openssl"     LDFLAGS="-L/usr/local/openssl/lib -L/usr/local/openssl/lib64"     pyenv install $PYTHON_VERSION
 ---> Running in 4253d5ef2e94
Downloading Python-3.11.7.tar.xz...
-> https://www.python.org/ftp/python/3.11.7/Python-3.11.7.tar.xz
Installing Python-3.11.7...
Traceback (most recent call last):
  File "<string>", line 1, in <module>
  File "/pyenv/versions/3.11.7/lib/python3.11/ssl.py", line 100, in <module>
    import _ssl             # if we can't import it, let the error propagate
    ^^^^^^^^^^^
ModuleNotFoundError: No module named '_ssl'
ERROR: The Python ssl extension was not compiled. Missing the OpenSSL lib?

Please consult to the Wiki page to fix the problem.
https://github.com/pyenv/pyenv/wiki/Common-build-problems


BUILD FAILED (Debian GNU/Linux 8 using python-build 20180424)

Inspect or clean up the working tree at /tmp/python-build.20240416133411.74
Results logged to /tmp/python-build.20240416133411.74.log

Last 10 log lines:
		$ensurepip --root=/ ; \
fi
Looking in links: /tmp/tmpo4sotjqo
Processing /tmp/tmpo4sotjqo/setuptools-65.5.0-py3-none-any.whl
Processing /tmp/tmpo4sotjqo/pip-23.2.1-py3-none-any.whl
Installing collected packages: setuptools, pip
  WARNING: The scripts pip3 and pip3.11 are installed in '/pyenv/versions/3.11.7/bin' which is not on PATH.
  Consider adding this directory to PATH or, if you prefer to suppress this warning, use --no-warn-script-location.
Successfully installed pip-23.2.1 setuptools-65.5.0
WARNING: Running pip as the 'root' user can result in broken permissions and conflicting behaviour with the system package manager. It is recommended to use a virtual environment instead: https://pip.pypa.io/warnings/venv
The command '/bin/sh -c CPPFLAGS="-I/usr/local/openssl/include -I/usr/local/openssl/include/openssl"     LDFLAGS="-L/usr/local/openssl/lib -L/usr/local/openssl/lib64"     pyenv install $PYTHON_VERSION' returned a non-zero code: 1
$ 
$ docker run --rm -it b1c595d36fc4 bash -il

Once in the container:

• try the command that failed, and reproduce the issue
• then fix the command and test it
• finally update your Dockerfile with the fixed command

Reference

• https://github.com/docker-library/docker/blob/master/dockerd-entrypoint.sh
• https://github.com/docker-library/docker/blob/master/docker-entrypoint.sh
• https://github.com/docker-library/docker/blob/master/Dockerfile-dind-rootless.template

Contact