Docker: systemctl – Failed to get D-Bus connection: Operation not permitted


The Problem

Attempts at running a service from within a CentOS 7 container fail with “Failed to get D-Bus connection: Operation not permitted”

The Solution

The first pass would probably be to get the centos/systemd base container and build on that, but this was not an option for me (for bureaucratic reasons that aren’t very exciting or worth getting into).

Fortunately, the official centos image has some documentation on how to get systemd enabled in a Docker container, which didn’t work for me (I got an error ​​​​​[!!!!!!] Failed to mount API filesystems, freezing when trying to run it as-is), but that was useful as a baseline for figuring out how to get the various bits I needed into an existing Dockerfile with some docker-compose yaml for extra flavour.

The big “ah-ha” moment for me was when I finally understood that  you have to enable your service before calling /usr/sbin/init since this program was the magic sauce that started the service in question.

I created a demo repo, the Dockerfile there looks like this:

You can build this image and run a container by executing the following commands manually (from within the dir that contains the Dockerfile):

docker build --rm -t centos7-systemd-docker-demo .

docker run -tid -v /sys/fs/cgroup:/sys/fs/cgroup:ro --cap-add SYS_ADMIN -p 80:80 --name centosdemo centos7-systemd-docker-demo

Note the --cap-add option passed to the run command!

Once your container is running, confirm that the httpd service is live by logging into the container:

docker exec -it centosdemo /bin/bash

and checking the status:

[root@bd3bfb7520b6 /]# systemctl status httpd
● httpd.service – The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
Active: active (running) since Thu 2018-03-01 01:34:59 UTC; 48s ago
Docs: man:httpd(8)
man:apachectl(8)
Main PID: 18 (httpd)
Status: “Total requests: 0; Current requests/sec: 0; Current traffic: 0 B/sec”
CGroup: /docker/bd3bfb7520b65cbdf6d3b0c3e442acbb5e4148d8fc8413afb250a24a3b2f945b/system.slice/httpd.service
├─18 /usr/sbin/httpd -DFOREGROUND
├─20 /usr/sbin/httpd -DFOREGROUND
├─21 /usr/sbin/httpd -DFOREGROUND
├─22 /usr/sbin/httpd -DFOREGROUND
├─23 /usr/sbin/httpd -DFOREGROUND
└─24 /usr/sbin/httpd -DFOREGROUND

Mar 01 01:34:59 bd3bfb7520b6 systemd[1]: Starting The Apache HTTP Server…
Mar 01 01:34:59 bd3bfb7520b6 httpd[18]: AH00558: httpd: Could not reliably d…e
Mar 01 01:34:59 bd3bfb7520b6 systemd[1]: Started The Apache HTTP Server.
Hint: Some lines were ellipsized, use -l to show in full.

docker-compose

If you are more inclined to using docker-compose, here are the above run commands nicely wrapped up:

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s