Failed to get D-Bus connection: No connection to service manager - CentOS 7

[ostechnix]

Hello All, I really need some help. I have CentOS 7 64bit OS on my testing Laptop. I installed Docker in centos 7, and I am able to create centos 7 container inside docker. But, I could not use "systemct" command inside docker. It throws the error: "Failed to get D-Bus connection: No connection to service manager." I can't start any services like sshd, httpd etc.

When run the systemct commands inside the docker containers I got the above error. I really have no idea about this. Is it a bug or am i missing something?

Example:

bash-4.2# systemctl start sshd
Failed to get D-Bus connection: No connection to service manager.

I have already referred the following threads, but none of them helps. I got the same error.

https://bugzilla.redhat.com/show_bug.cgi?id=1033604
https://lists.fedoraproject.org/pipermail/golang/2013-November/000187.html
https://bbs.archlinux.org/viewtopic.php?id=153738

What to do now? Please help me. Sorry for my poor English.

[unclejack]

@ostechnix You need to use your own process manager in the container. Using systemctl start sshd to start sshd won't work.

A docker container is mostly meant to be used like an *NIX process, not like a full blown VM. Due to this, you should set up supervisor, runit or something else to monitor your processes and start them explicitly (without calling start scripts and systemd tools).

As an alternative to running a process supervisor, you could run unprivileged systemd in your container and that would let you us systemctl start sshd to start sshd.

I hope this answers your question. Please feel free to comment.

[paimpozhil]

@unclejack We used to run /sbin/init as the the command and everything is working well in centos6 .

This for example works on https://github.com/paimpozhil/WhatPanel/blob/master/Dockerfile

[paimpozhil]

This post also claims it is possible to run systemd service within docker http://developerblog.redhat.com/2014/05/05/running-systemd-within-docker-container/

[elvisyzhao]

mark

[trinitronx]

I was able to get SystemD working inside an image built FROM centos:centos7 with:

docker run --privileged  -ti -e "container=docker"  -v /sys/fs/cgroup:/sys/fs/cgroup  trinitronx/ansible-base:stable-centos7  /usr/sbin/init

For some undocumented reason the variable container=docker is apparently required. /sys/fs/cgroup is also required, as SystemD needs cgroups to work properly according to RedHat Bug 1033604.

I was using docker-machine with:

Boot2Docker version 1.7.0, build master : 7960f90 - Thu Jun 18 18:31:45 UTC 2015
Docker version 1.7.0, build 0baf609

Output to verify it was working:

$ docker run --privileged -d -ti -e "container=docker"  -v /sys/fs/cgroup:/sys/fs/cgroup  trinitronx/ansible-base:stable-centos7  /usr/sbin/init
af830281205bc4627fc7635015c59fe4d5d07317dd09ed74ab5dbd667d90da3f
$ docker logs af830281205bc4627fc7635015c59fe4d5d07317dd09ed74ab5dbd667d90da3f
systemd 208 running in system mode. (+PAM -LIBWRAP -AUDIT +SELINUX -IMA +SYSVINIT -LIBCRYPTSETUP -GCRYPT -ACL -XZ)
Detected virtualization 'docker'.

Welcome to CentOS Linux 7 (Core)!

Initializing machine ID from random generator.
[  OK  ] Created slice Root Slice.
[  OK  ] Created slice System Slice.
[  OK  ] Reached target Slices.
[  OK  ] Reached target Paths.
[  OK  ] Reached target Timers.
[  OK  ] Listening on /dev/initctl Compatibility Named Pipe.
[  OK  ] Listening on Delayed Shutdown Socket.
[  OK  ] Listening on Journal Socket.
[  OK  ] Reached target Sockets.
         Starting Journal Service...
[  OK  ] Started Journal Service.
[  OK  ] Reached target Swap.
[  OK  ] Reached target Local File Systems.
         Starting Trigger Flushing of Journal to Persistent Storage...
         Starting Create Volatile Files and Directories...
[  OK  ] Started Trigger Flushing of Journal to Persistent Storage.
[  OK  ] Started Create Volatile Files and Directories.
[  OK  ] Reached target System Initialization.
[  OK  ] Reached target Basic System.
[  OK  ] Reached target Multi-User System.

However, when I built & ran the same image on a Ubuntu host (via Travis-CI), starting SystemD yields a warning:

Failed to install release agent, ignoring: File exists

The container does indeed keep running, and commands can be run inside it via docker exec afterwards. systemctl status --all and journalctl logs show that SystemD is indeed running and working with the CentOS 7 image on an Ubuntu 14.04 host.

[madi]

Hi. I have a similar problem running centos 7 in docker. For what it's worth, my case is the following. Three days ago I have pulled a fresh centos 7 image [latest], installed postgresql and was able to run systemctl start postgresql.service. I haven't done much more on it, closed it and committed. When I resumed the work [docker run -t -i myuser/myimage /bin/bash], it returned:
systemctl start postgresql.service
Failed to get D-Bus connection: No connection to service manager.

[jamshid]

FWIW I'm seeing this on latest centos:centos7 with docker 1.10.2 when starting a custom service.
Failed to get D-Bus connection: Operation not permitted
Fortunately the error (now?) seems to be harmless -- my service starts and $? is 0. I think I had to add this to my Dockerfile to avoid some build hangs, at least for this docker server:

Server Version: 1.10.2
Storage Driver: aufs
Kernel Version: 3.16.0-4-amd64
Operating System: Debian GNU/Linux 8 (jessie)

FROM centos:centos7
VOLUME /sys/fs/cgroup /run /tmp
ENV container=docker

[rbjorklin]

@jamshid Is that still working for you? I pulled the latest centos:7 image today and it seems broken.

Server Version: 1.11.0
Storage Driver: overlay
Backing Filesystem: extfs
Kernel Version: 4.4.6-301.fc23.x86_64
Operating System: Fedora 23 (Workstation Edition)

[jamshid]

It's weird, not sure all services need all the workarounds (a service I was testing did not, but nginx did).
And I saw some strange behavior where "service foo start" would work if I docker exec'd into the container, but not if I tried to start it in a CMD script. Anyway looks like @rbjorklin got it working in the referenced issue.

I added a working Dockerfile and docker-compose.yml here of starting a centos7 /systemd nginx service:

https://forums.docker.com/t/any-simple-and-safe-way-to-start-services-on-centos7-systemd/5695/8

[JoyceBabu]

I am also getting the permission denied error when I try to run systemd in docker container. I have tried @jamshid's example and also the example in https://hub.docker.com/r/centos/systemd/

Both are giving the same error

Failed to get D-Bus connection: Operation not permitted

I am using the latest Docker for Mac beta.

[jamshid]

@JoyceBabu, I also get this error on Docker for Mac.

Failed to get D-Bus connection: Operation not permitted
I am using the latest Docker for Mac beta.

FWIW it does seem to work fine on 1.12.0-rc4 running on a debian jessie aufs system.

$ docker version
Client:
 Version:      1.12.0-rc4
 API version:  1.24
 Go version:   go1.6.2
 Git commit:   e4a0dbc
 Built:        Wed Jul 13 03:28:51 2016
 OS/Arch:      darwin/amd64
 Experimental: true

Server:
 Version:      1.12.0-rc4
 API version:  1.24
 Go version:   go1.6.2
 Git commit:   e4a0dbc
 Built:        Wed Jul 13 03:35:40 2016
 OS/Arch:      linux/amd64

$ docker-compose exec test systemctl status nginx
● nginx.service - The nginx HTTP and reverse proxy server
   Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; vendor preset: disabled)
   Active: active (running) since Tue 2016-07-26 06:24:09 UTC; 5min ago
  Process: 104 ExecStart=/usr/sbin/nginx (code=exited, status=0/SUCCESS)
  Process: 103 ExecStartPre=/usr/sbin/nginx -t (code=exited, status=0/SUCCESS)
  Process: 88 ExecStartPre=/usr/bin/rm -f /run/nginx.pid (code=exited, status=0/SUCCESS)
 Main PID: 105 (nginx)
   CGroup: /docker/c704c7d0b8ccd101cc2242e8ec279d09553143e6a4b5ae184df0640d7d410209/system.slice/nginx.service
           ├─105 nginx: master process /usr/sbin/nginx
...

[satyajitbm]

I was able to get SystemD working inside an image built FROM centos:centos7 with:

docker run --privileged -ti -e "container=docker" -v /sys/fs/cgroup:/sys/fs/cgroup trinitronx/ansible-base:stable-centos7 /usr/sbin/init

--privileged flag gives access to your host devices and can cause problems in some cases. A more restrained way to run systemd is with the --cap-add=SYS_ADMIN flag.

docker run --cap-add=SYS_ADMIN -ti -e "container=docker" -v /sys/fs/cgroup:/sys/fs/cgroup trinitronx/ansible-base:stable-centos7 /usr/sbin/init

[biocyberman]

@satyajitbm Using your approach I got this error:

!!!!!!] Failed to mount API filesystems, freezing.

What is your next suggestion?

[satyajitbm]

@biocyberman Which image is your container based of? Are you trying to run this command?

docker run --cap-add=SYS_ADMIN -ti -e "container=docker" -v /sys/fs/cgroup:/sys/fs/cgroup trinitronx/ansible-base:stable-centos7 /usr/sbin/init

I have tried using the cap-add flag with a centos:7 container with systemd enabled and it works fine for me.

[JoyceBabu]

I am also getting the same message when running the above docker run command. I am using Docker for Mac.

It is working when I used the --privileged flag.

[thaJeztah]

It works when seccomp is disabled; --security-opt seccomp=unconfined

ping @justincormack I think in a recent discussion you mentioned that was no longer required, but looks like it's still blocking something that's needed

[dounine]

centos 7 is running success,but need login ;append to code for dockerfile RUN echo 'root:root' | chpasswd and use u root and p root login.

[justincormack]

It works for me with this PR #25567 with just --cap-add SYS_ADMIN.

[anthony-o]

I still have the Failed to get D-Bus connection: Operation not permitted message while running a centos:7 container (IMAGE ID = 67591570dd29 | CREATED = 9 weeks ago) when I try --cap-add SYS_ADMIN -e "container=docker" -v /sys/fs/cgroup:/sys/fs/cgroup arguments to docker run.
I'm running Docker version 1.11.2, build b9f10c9 on RHEL 7 with direct-lvm mode.

[kaorukobo]

@anthony-o #20082 mentions --cap-add SYS_ADMIN is not enough to solve this issue from Docker 1.10.

[anthony-o]

I have finally managed to fix this by launching /usr/sbin/init as first process in the container and adding the volume /run. I didn't even needed to use any --cap-add directive.
As I said in that stackoverflow answer, I followed the guide of CentOS for SystemD integration and used docker run with at least those arguments: -v /run -v /sys/fs/cgroup:/sys/fs/cgroup:ro

[qiaohaijun]

mark

[abrastog]

satyajitbm asking for username and password,what we need to pass it?

[Compufreak345]

Any ideas how to solve this issue with Docker for Windows? I can't use the workaround with adding /sys/fs/cgroup as volume as I don't have this on Windows...

[Bharathkumarraju]

I am facing weird error like when i run the service script inside container using adhoc ansible command it is working fine. samething if i use inside playook to run a service script inside container it is getting failed :( :(

[loretoparisi]

@anthony-o Thanks for your solution. I have followed your suggestions, but I still get an error:

Failed to get D-Bus connection: Operation not permitted
Couldn't find an alternative telinit implementation to spawn.

My Dockerfile is:

#
# SKIL Community Edition (SKIL CE) 
# gives developers an easy way to train and deploy powerful deep learning models to production quickly and easily.
# Currently the SKIL Community Edition only supports Centos 7 and Redhat 7 operating systems.
# @see https://skymind.ai/quickstart
#
# Copyright (c) 2017 Loreto Parisi - https://github.com/loretoparisi/docker
#

FROM centos:7

MAINTAINER Loreto Parisi <loretoparisi@gmail.com>

ENV HOME /root
WORKDIR $HOME

# install dependecies
RUN \
    yum install -y sudo \
    sudo yum clean all \
    sudo yum install -y skil-server \
    sudo yum install -y policycoreutils

# yum repo config
COPY skymind.repo /etc/yum.repos.d/

# install skil server
RUN \
    sudo yum install -y skil-server

# disable SELinux
#RUN \
    # disable SELinux temporarily
    # setenforce Permissive && \
    # disable SELinux permanently
    #sudo sed -i 's/SELinux=enforcing/SELinux=disabled/' /etc/sysconfig/selinux
    
# SELinux check
RUN sestatus

VOLUME /run /tmp

ADD cmd.sh /usr/local/bin/
RUN chmod +x /usr/local/bin/cmd.sh

CMD ["/usr/local/bin/cmd.sh"]

I run with docker run --rm -it -p 9008:9008 -p 8080:8080 -v /run -v /sys/fs/cgroup:/sys/fs/cgroup:ro skil bash

I would expect the cmd.sh to run but it seems not, so I run and then

$ ./run.sh 
[root@94e1e60ac8cb ~]# /usr/local/bin/cmd.sh
Failed to get D-Bus connection: Operation not permitted
Couldn't find an alternative telinit implementation to spawn.

While if I try to run like
docker run --rm -it -p 9008:9008 -p 8080:8080 -v /run -v /sys/fs/cgroup:/sys/fs/cgroup:ro skil bash -c "/usr/local/bin/cmd.sh"

I get a

Failed to get D-Bus connection: Operation not permitted
[!!!!!!] Failed to mount API filesystems, freezing.

My cmd.sh script that you were suggesting was like:

#!/bin/bash
sudo systemctl start skil
exec /usr/sbin/init # To correctly start D-Bus thanks to https://forums.docker.com/t/any-simple-and-safe-way-to-start-services-on-centos7-systemd/5695/8

[kuncao]

solution:with -rm optiion such as

docker run -ti -v /sys/fs/cgroup:/sys/fs/cgroup:ro --privileged -d -p 18002:18002 -p 1127:1127 -p 2222:22 --rm --ip 172.20.0.3 --net smbridge -h SmServer --shm-size=36G --name secom secom:v1

[root@SmServer packagessm]# pwd
/root/packagessm
[root@SmServer packagessm]# ls
PreInstall_CentOS7.1.zip SecoManager_5.1.0.B010_ALL_install_config.zip
[root@SmServer packagessm]# systemctl
UNIT LOAD ACTIVE SUB DESCRIPTION
dev-xvda1.device loaded activating tentative /dev/xvda1
-.mount loaded active mounted /
dev-mqueue.mount loaded active mounted POSIX Message Queue File System
etc-hostname.mount loaded active mounted /etc/hostname
etc-hosts.mount loaded active mounted /etc/hosts
etc-resolv.conf.mount loaded active mounted /etc/resolv.conf
sshd-keygen.service loaded active exited OpenSSH Server Key Generation
sshd.service loaded active running OpenSSH server daemon
systemd-journald.service loaded active running Journal Service
systemd-tmpfiles-setup.service loaded active exited Create Volatile Files and Directories
-.slice loaded active active Root Slice
system.slice loaded active active System Slice
dbus.socket loaded active listening D-Bus System Message Bus Socket
systemd-journald.socket loaded active running Journal Socket
systemd-shutdownd.socket loaded active listening Delayed Shutdown Socket
basic.target loaded active active Basic System
local-fs.target loaded active active Local File Systems
multi-user.target loaded active active Multi-User System
paths.target loaded active active Paths
slices.target loaded active active Slices
sockets.target loaded active active Sockets
swap.target loaded active active Swap
sysinit.target loaded active active System Initialization
timers.target loaded active active Timers
systemd-tmpfiles-clean.timer loaded active waiting Daily Cleanup of Temporary Directories
LOAD = Reflects whether the unit definition was properly loaded.
ACTIVE = The high-level unit activation state, i.e. generalization of SUB.
SUB = The low-level unit activation state, values depend on unit type.
25 loaded units listed. Pass --all to see loaded but inactive units, too.
To show all installed unit files use 'systemctl list-unit-files'.
-------------other information----------------

--------------base image dockerfile----------

FROM centos:7
ENV container docker
RUN (cd /lib/systemd/system/sysinit.target.wants/; for i in ; do [ $i == 
systemd-tmpfiles-setup.service ] || rm -f $i; done); 
rm -f /lib/systemd/system/multi-user.target.wants/;
rm -f /etc/systemd/system/.wants/;
rm -f /lib/systemd/system/local-fs.target.wants/; 
rm -f /lib/systemd/system/sockets.target.wants/udev; 
rm -f /lib/systemd/system/sockets.target.wants/initctl; 
rm -f /lib/systemd/system/basic.target.wants/;
rm -f /lib/systemd/system/anaconda.target.wants/*;
VOLUME [ "/sys/fs/cgroup" ]
#######added 20180322
ADD cmd.sh /usr/local/bin/
RUN chmod +x /usr/local/bin/cmd.sh
CMD ["/usr/local/bin/cmd.sh"]
#######added 20180322
#######changed 20180322
#CMD ["/usr/sbin/init"]
#######changed 20180322

cmd.sh file when compile base image

#!/bin/bash
exec /usr/sbin/init # To correctly start D-Bus thanks to https://forums.docker.com/t/any-simple-and-safe-way-to-start-services-on-centos7-systemd/5695/8

-----------------------business dockerfile------------------------------------------

########################## build secomanager dockerfile ###########################
FROM local/c7-systemd
MAINTAINER caokun caokun.nj@huawei.com
ENV container docker
ENV TZ Asia/Shanghai
ENV http_proxy c00286473:password@proxyus3.huawei.com:8080/
ENV https_proxy c00286473:password@proxyus3.huawei.com:8080/
ENV all_proxy c00286473:password@proxyus3.huawei.com:8080/
ENV no_proxy=127.0.0.1,.huawei.com,localhost,local,.local,10.120.165.217,*.huawei.com
RUN yum install -y openssh-server vim telnet sudo wget unzip tar gcc openssl lsof service compat-libstdc++-33 systemctl strace
RUN ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key
RUN ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key
RUN useradd guest
RUN echo "guest:guest!@#" | chpasswd
RUN echo "guest ALL=(ALL) ALL" >> /etc/sudoers
RUN echo "root:Mylinux1" | chpasswd
RUN sed -i '1s/^/set encoding=utf-8\n/' /etc/vimrc 
&& echo "set hls" >> /etc/vimrc 
&& echo "set expandtab" >> /etc/vimrc 
&& echo "set sw=4" >> /etc/vimrc 
&& echo "set tabstop=4" >> /etc/vimrc
RUN sudo mkdir /root/packagessm
ADD files/PreInstall_CentOS7.1.zip /root/packagessm/
ADD files/SecoManager_5.1.0.B010_ALL_install_config.zip /root/packagessm/
WORKDIR /root/packagessm
#WORKDIR /root
RUN sudo mkdir /var/run/sshd
#############for ssh
#EXPOSE 22
#ENTRYPOINT /usr/sbin/sshd -D
#############for ssh
CMD ["/usr/sbin/init"]

command to build base image

docker build --rm -t local/c7-systemd .
command bo build business image
docker build --rm -t secom:v1 .

other information

[root@szvphicpra31005 Sm_Docker]# docker --version
Docker version 17.03.0-ce, build 3a232c8
docker 内的os
[root@SmServer packagessm]# cat /etc/redhat-release
CentOS Linux release 7.4.1708 (Core)

[KristianWindsor]

ENV container=docker fixed it for me