|
3 | 3 | OCI systemd hook enables running systemd in docker and [OCI](https://github.com/opencontainers/specs) |
4 | 4 | compatible runtimes such as runc. |
5 | 5 |
|
| 6 | +oci-systemd-hook |
6 | 7 | It reads state over stdin and mounts a tmpfs at /run, /tmp, links in a journal directory from the host and |
7 | 8 | creates /etc/machine-id file for a container. |
8 | 9 |
|
9 | | -Installation |
10 | | ---------------- |
| 10 | +This project produces a C binary that can be used with runc and Docker (with minor code changes). |
| 11 | +If you clone this branch and build/install `oci-systemd-hook`, a binary will be placed in |
| 12 | +`/usr/libexec/oci/hooks.d` named `oci-systemd-hook`. You can change this location by |
| 13 | +editing `HOOKSDIR` in the Makefile. |
| 14 | + |
| 15 | +Running Docker or OCI runc containers with this executable, oci-systemd-hook is called just before a container is started and after it is provisioned. If the CMD to run inside of the container is init or systemd, this hook will configure |
| 16 | +the container image to run a systemd environment. |
| 17 | + |
| 18 | +oci-systemd-hook will do the following |
| 19 | + |
| 20 | +* Mount a tmpfs on /run and /tmp |
| 21 | +- If there is content in the container image's /run and /tmp that content will be compied onto the tmpfs. |
| 22 | +* Will create a /etc/machine-id based on the the containers UUID |
| 23 | +* Will mount the hosts /sys/fs/cgroups file systemd read-only into the container |
| 24 | +- /sys/fs/cgroup/systemd will be mounted read/write into the container. |
| 25 | + |
| 26 | +When the container stops, these file systems will be removed. |
| 27 | + |
| 28 | +systemd is expected to be able to run within the container without requiring |
| 29 | +the --privileged option. However you will still need to specify a special --stop signal. |
| 30 | + |
| 31 | +If you created a container image based on a dockerfile like the following: |
| 32 | +``` |
| 33 | +cat Dockerfile |
| 34 | +FROM RHEL7 |
| 35 | +ENV container docker |
| 36 | +RUN dnf -y install httpd; dnf clean all; systemctl enable httpd; systemctl disable dnf* dnf-makecache.timer |
| 37 | +CMD [ "/sbin/init" ] |
| 38 | +``` |
| 39 | + |
| 40 | +You should be able to execute the following command: |
| 41 | + |
| 42 | +``` |
| 43 | +docker run -ti --stop-signal=RTMIN+3 httpd |
| 44 | +``` |
| 45 | + |
| 46 | +If you run this hook along with oci-register-machine oci hook, you will be able |
| 47 | +to show the containers journal information on the host, using journalctl. |
| 48 | + |
| 49 | +``` |
| 50 | +journalctl -M CONTAINER_UUID |
| 51 | +``` |
| 52 | + |
| 53 | + |
| 54 | +To build, install, clean-up: |
| 55 | + |
| 56 | +First, **clone** this branch, then: |
| 57 | + |
11 | 58 | ``` |
12 | | -git clone https://github.com/mrunalp/hooks |
13 | | -cd hooks |
| 59 | +git clone https://github.com/projectatomic/oci-systemd-hook |
| 60 | +cd oci-systemd-hook |
14 | 61 | autoreconf -i |
15 | | -./configure --libexecdir=/usr/libexec/docker/hooks.d |
| 62 | +./configure --libexecdir=/usr/libexec/oci/hooks.d |
16 | 63 | make |
17 | 64 | make install |
18 | 65 | ``` |
0 commit comments