using this on debian 11 aka. bullseye is resulting in a non-systemd #4
Comments
|
Can you confirm your molecule config looks something like the following? https://github.com/geerlingguy/ansible-role-apache/blob/master/molecule/default/molecule.yml#L7-L12 |
|
Yes. Here the relevant part from a failing example: and a tasks that enables a service via systemd fails with: |
|
@zerwes - Can you try changing the command to match what I have set up in mine? |
|
Hello @geerlingguy @@ -71,6 +71,6 @@ platforms:
pre_build_image: yes
image: geerlingguy/docker-ubuntu2004-ansible:latest
privileged: true
- command: /lib/systemd/systemd
+ command: ${MOLECULE_DOCKER_COMMAND:-""}
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:robut on the invocation of |
|
/me watches this :) |
|
I run into the same problem as @zerwes |
|
@stefanDeveloper is something like the docker file mentioned in the description of the issue or like https://github.com/Rosa-Luxemburgstiftung-Berlin/ansible-role-unbound/blob/main/molecule/default/Dockerfile-debian-bullseye.j2 working for you? |
|
@zerwes you saved my week, thanks that works like a charm! |
|
@stefanDeveloper glad to hear it helped. |
|
I got a similar problem like @zerwes (Hi, by the way :-) ) in NETWAYS/ansible-role-elasticsearch#53 . As another change that might have an influence I had to remove the following lines because it made starting Elasticsearch in the containers impossible on CentOS: Since I removed that, CentOS tests succeed but Debian ones fail. I put some debugging code into my roles to put out what's wrong. What I'm seeing is: I suspect, both containers are built differently and what fixes problems for one breaks it for the other? |
|
Hello @widhalmt, is something like the docker file mentioned in the description of the issue or like https://github.com/Rosa-Luxemburgstiftung-Berlin/ansible-role-unbound/blob/main/molecule/default/Dockerfile-debian-bullseye.j2 working for you? |
|
@zerwes So you mean, disabling mounting I use several containers by @geerlingguy so I can't easily exchange the container I'm using. I could give it a try to exchange it temporarily, though. |
|
I'm seeing the same effect with Rocky Linux 8 now, too. After removing the mount for |
My intention is surely not to replace the widely< used docker images (therefore my docker foo is much to weak, as I consider myself in this topic just a average user), I just wanted to give @geerlingguy a hint and some help what works and what not ... |
|
What's weird is I'm using the same containers on a ton of my projects and not (seemingly) running into the same issues that are mentioned here. (Edit: Though I'm running them either from mac OS, or from ubuntu...) |
Sorry, that was just me being unclear in my reply. I understood that you did only suppose that for tests and not to replace them completely. What I forgot to mention is, that I'm using them in a matrix check with different OS'es and I can't easily replace a single one, because it wouldn't even start. I need time to change the whole CI configuration to use the container in a test. |
|
@geerlingguy I really don't get it either. I see the problems mostly when running them and start Elasticsearch in GitHub actions. For now it works flawlessly with CentOS 7 (when I remove mounting the |
|
I get a very similar error with |
|
@tbumke - On macOS, that has to do with the implementation of cgroups v2 in Docker for Mac. I believe there's a way to work around it... |
|
@widhalmt @zerwes apologies if I have overlooked this but which host system are you using? I ran into the same issues and decided to give up on this matter, just watching this issue. I am trying to run this in a WSL2 on either Windows 10 or 11 resulting in Debian based containers not starting with systemd or not starting at all. Concerning this all that I have found online is that for some reason WSL2 seems to be incompatible to handle this virtualization. If it's a Windows-Virtualization issue it would explain why it works fine on (most) MACs and Jeff's Ubuntu |
|
@Paul-Weisser my first touch with this was running a debian 11 container on debian 11 ... |
Thanks @geerlingguy , this pointed me in the right direction. Searching for cgroups v2 and Docker for Mac, I found this issue docker/for-mac#6073 which also describes a workaround. Configuring Running the container as follows and with cgroups v2 now also works in my setup: docker run -it --privileged --cgroupns=host -v /sys/fs/cgroup:/sys/fs/cgroup:rw \
--name instance -d geerlingguy/docker-debian11-ansibleNote also, that the sysfs volume permissions need to be changed to |
|
Thanks @tbumke !! Changing to did the trick! Now' I only have to find a way to get around a bug Elasticsearch ( elastic/elasticsearch#74158 ) that keeps instances on multiple instances from starting because the Java Option parser print to stdout insttead of a file. But that only hits when I fire up several containers in a single test and won't keep me from proceeding with the other roles. Thank you everyone, that kept me in a constant state of rage for weeks now. :-) |
|
Ok, guess now I'm completely lost. Now it works sometimes and sometimes it doesn't. I'll have to take a deeper look, sorry. |
|
+1 have the same running from debian11. I believe since this image mounts cgroups into the image as a volume, it will have different results if you have different versions of cgroups in your host system. Should it work only on cgroupsv1? |
|
also have this, anything I can provide of information to get this fixed @geerlingguy? |
|
As I've said before, I haven't had any issues running this with systemd (for example, see my Docker role: https://github.com/geerlingguy/ansible-role-docker/blob/master/.github/workflows/ci.yml#L48 / https://github.com/geerlingguy/ansible-role-docker/runs/5959693637?check_suite_focus=true) If someone can get a reproducible fault that works with the base image and the same kind of setup I'm using, that would be helpful. (Another note: it seems cgroups v2 might be the main culprit for some people...) |
|
I faced a problem similar to this issue but with little difference. I have root@test-debian:/# loginctl
Failed to create bus connection: No such file or directorymy host OS is ubuntu20.04. |
|
I faced a similar issue in MacOS with an M1 Mac. My work around was to add the following setting in the Docker Engine configuration: I then had to change the bind mount to be Edit: Thanks @tbumke for the hints that led to getting this working. |
|
@dataoscar but we can't configure Docker Engine of GithubActions to run molecule, or can we? |
|
I've never had any issues with whatever docker engine GitHub Actions uses and Molecule for Ansible using @geerlingguy's Molecule config as a template. I.e., with the platforms:
- name: instance
image: "geerlingguy/docker-${MOLECULE_DISTRO:-centos7}-ansible:latest"
command: ${MOLECULE_DOCKER_COMMAND:-""}
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:ro
privileged: true
pre_build_image: trueIn my setup, cgroups only caused issues on Docker Desktop for Mac. |
Fixed: * MD040/fenced-code-language Fenced code blocks should have a language specified [Context: "```"] * MD034/no-bare-urls Bare URL used [Context: "https://synpro.solutions"] * SC1091 (info): Not following: ./megacli.cfg: openBinaryFile: does not exist (No such file or directory) * SC2086 (info): Double quote to prevent globbing and word splitting. * SC2236 (style): Use -n instead of ! -z. Removed ansible molecule because I was not able to install checkmkagent in the docker enviroment. Mainly because the docker image has no systemd enabled, see: geerlingguy/docker-debian11-ansible#4 Also, there used to be public Checkmk demo instance: https://demo.checkmk.com/demo But it is not reachable anymore, so I have no way downloading the checkmkagent. Decided to not put any more efforts into it.
|
I have a Fedora36 host and an Ubuntu 22.04 host and I get the same issue testing with https://github.com/geerlingguy/molecule-playbook-testing The container is not actually running systemd completely. MOLECULE_DISTRO=debian11 molecule converge
...
...
MOLECULE_DISTRO=debian11 molecule login
root@instance:/# ps faxwww
PID TTY STAT TIME COMMAND
1421 pts/0 Ss 0:00 bash
1429 pts/0 R+ 0:00 \_ ps faxwww
1 ? Ss 0:00 /lib/systemd/systemd
root@instance:/# systemctl status
System has not been booted with systemd as init system (PID 1). Can't operate.
Failed to connect to bus: Host is downThis change/diff, taken from what @zerwes post at the top of this issue, is what fixes it for me. # Dockerfile
...
...
-COPY initctl_faker .
-RUN chmod +x initctl_faker && rm -fr /sbin/initctl && ln -s /initctl_faker /sbin/initctl
# Install Ansible inventory file.
RUN mkdir -p /etc/ansible
RUN echo "[local]\nlocalhost ansible_connection=local" > /etc/ansible/hosts
+RUN systemctl set-default multi-user.target
-VOLUME ["/sys/fs/cgroup"]
CMD ["/lib/systemd/systemd"]and # molecule/default/molecule.yml
...
...
ansible-lint
platforms:
- name: instance
image: geerlingguy/docker-${MOLECULE_DISTRO:-centos8}-ansible:latest
command: ""
- volumes:
- - /sys/fs/cgroup:/sys/fs/cgroup:ro
privileged: true
pre_build_image: true
provisioner:
name: ansibleRerunning with these changes results in MOLECULE_DISTRO=debian11 molecule converge
...
...
MOLECULE_DISTRO=debian11 molecule login
root@instance:/# ps -faxwww
PID TTY STAT TIME COMMAND
1796 pts/0 Ss 0:00 bash
1808 pts/0 R+ 0:00 \_ ps -faxwww
1 ? Ss 0:00 /lib/systemd/systemd
25 ? Ss 0:00 /lib/systemd/systemd-journald
1719 ? Ss 0:00 /usr/sbin/apache2 -k start
1720 ? Sl 0:00 \_ /usr/sbin/apache2 -k start
1721 ? Sl 0:00 \_ /usr/sbin/apache2 -k start
root@instance:/# systemctl status
● instance
State: running
Jobs: 0 queued
Failed: 0 units
Since: Sun 2022-08-21 06:10:29 UTC; 9min ago
CGroup: /
├─init.scope
│ ├─ 1 /lib/systemd/systemd
│ ├─1796 bash
│ ├─1809 systemctl status
│ └─1810 (pager)
└─system.slice
├─apache2.service
│ ├─1719 /usr/sbin/apache2 -k start
│ ├─1720 /usr/sbin/apache2 -k start
│ └─1721 /usr/sbin/apache2 -k start
└─systemd-journald.service
└─25 /lib/systemd/systemd-journald |
|
@aussielunix's solution works on my side. I've cloned cloned the repository, applied the edits that have been made and rebuilt a docker image I was able to use in molecule. The service I intend to test is started correctly and Installation information:
|
|
I have learnt some more since I posted above. This, from Lennart Poettering, says Notes:
This is my new ---
dependency:
name: galaxy
driver:
name: docker
lint: |
set -e
ansible-lint
platforms:
- name: instance
image: "registry.gitlab.com/aussielunix/ansible/molecule-containers/${MOLECULE_DISTRO:-debian:bullseye}"
privileged: true
pre_build_image: true
override_command: false
tmpfs:
- /run
- /tmp
provisioner:
name: ansible
log: ${MOLECULE_ANSIBLE_LOG:-true}
env:
ANSIBLE_VERBOSITY: ${MOLECULE_ANSIBLE_VERBOSITY:-0}
verifier:
name: ansibleExamples of using these: |
|
@aussielunix Thx for the investigation! The Debian/buster container works fine, but it seems like Debian/bullseye is missing in the gitlab registry: https://gitlab.com/aussielunix/ansible/molecule-containers/container_registry/3343441 |
Using geerlingguy/docker-debian10-ansible + geerlingguy/docker-debian11-ansible in Ansible molecule currently do not work with systemd, see: geerlingguy/docker-debian11-ansible#4. Instead, took Dockfiles from @aussielunix (Thx!) found here (but removed 'Australia/Sydney' timezone): * https://gitlab.com/aussielunix/ansible/molecule-containers/-/blob/main/debian/buster/Dockerfile * https://gitlab.com/aussielunix/ansible/molecule-containers/-/blob/main/debian/bullseye/Dockerfile Compare with @geerlingguy's current Dockerfiles: * https://github.com/geerlingguy/docker-debian10-ansible/blob/6f6a1650421afc953eb11439db9e5dabcc4d3afe/Dockerfile * https://github.com/geerlingguy/docker-debian11-ansible/blob/101602c7b9e7b3e100b7435eaa455b94189b2d47/Dockerfile Note, that when using `dockerfile`, `image` seems to be needed too. Used `docker.io/debian:$DISTRIBUTION-slim` for `image` as they are the base images for @aussielunix's Dockerfiles. I could have used @aussielinux gitlab container registry as `image`, but currently 'debian:bullseye' is missing: * https://gitlab.com/aussielunix/ansible/molecule-containers/container_registry/3343441 See: geerlingguy/docker-debian11-ansible#4 (comment)
|
@jkirk ahh the auto-pruning was set too aggressive. |
|
I was finally able to verify this issue go away. Ref: ansible/molecule#3632
Example: ansible/molecule#3665 (comment) |
|
Indeed, I just noticed the update, tested it, and wrote this blog post: Docker and systemd, getting rid of dreaded 'Failed to connect to bus' error. |
|
Hi. |
|
I believe y'all are getting it working, but molecule v4.0.3 doesn't seem to be enough for me - I am getting an error that
I have the following setup:
dependency:
name: galaxy
driver:
name: docker
platforms:
- name: instance
image: ${MOLECULE_DISTRO:-geerlingguy/docker-debian11-ansible:latest}
command: ${MOLECULE_DOCKER_COMMAND:-"/lib/systemd/systemd"}
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:rw
cgroupns_mode: host
privileged: true
pre_build_image: true
Poetry with pyproject.toml file: [tool.poetry.dependencies]
python = "^3.10"
ansible = "^7.0.0"
[tool.poetry.group.dev.dependencies]
pre-commit = "^2.20.0"
ansible-lint = "^6.8.0"
molecule = {extras = ["docker"], version = "^4.0.3"}I see |
|
@artis3n in my case it was also necessary to install the current |
|
Ahhhh yup. but inside my Poetry env, I'm using the older version. Gotta see how to appropriately update.. |
|
The |
|
Ok, I'm officially confused and ready to drop the towel in favor of testing directly inside Github Runners. The fix everybody likes only works for me for - name: instance
image: "geerlingguy/docker-${MOLECULE_DISTRO:-centos7}-ansible:latest"
command: ${MOLECULE_DOCKER_COMMAND:-""}
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:rw
cgroupns_mode: host
privileged: true
pre_build_image: trueIt fails inside On the other hand @aussielunix fix looking like this: platforms:
- name: instance
image: "geerlingguy/docker-${MOLECULE_DISTRO:-centos7}-ansible:latest"
command: ${MOLECULE_DOCKER_COMMAND:-""}
override_command: false
tmpfs:
- /run
- /tmp
cgroupns_mode: host
privileged: true
pre_build_image: trueworks for Running locally on Ubuntu 22.04 latest versions of ansible, molecule, community.general, community.docker. |
…ntainers See geerlingguy/docker-debian11-ansible#4 (comment) for more information about the problem.
…ntainers See geerlingguy/docker-debian11-ansible#4 (comment) for more information about the problem.
|
Thank to @artis3n |
|
Yeah, if it is helpful to others here are all the distros I was testing and what command I had to use for everything to work smoothly: Default if not provided is |
System
Debian 11 aka. bullseye with the debian docker.io packages. (more details later)
Description
While trying to use the image directly in
dockeror viamolecule, the image starts, but it seems it is not systemd enabled, resulting in failed test runs.A self-brewn docker immage based on the official
debian:bullseyeworks instead as expected.But to be honest, docker is really not my area of expertise...
The issue seems to occur not only on the debian11 image, others like
geerlingguy/docker-centos8-ansible,geerlingguy/docker-ubuntu2004-ansibleetc. seem affected too.Steps to reproduce
Test with own dilettantic build
Distro and Packages:
check-config
The text was updated successfully, but these errors were encountered: