Building a docker container via packer and provisioning via chef-solo fails on starting a service - CentOS

jonypony3
June 17, 2021
213 views
0 votes
2 Answers

the following is an excerpt of a much bigger image factory template that builds a centos:7 docker image. everything works as expected however i get a dbus error on the running container. any help is appreciated!

this same code works if:

i use vmware-iso or virtualbox builders.
i use a centos:6 image

what i have tried with no effect:

switched to chef-client -z
added the /sys/fs/cgroup:/sys/fs/cgroup:ro volume
added privileged to the docker builder

template:

{
  "builders": [{
    "type": "docker",
    "image": "centos:7",
    "privileged": true,
    "changes": [
      "ONBUILD RUN {{ isotime }}"
    ],
    "volumes": {
      "/sys/fs/cgroup": "/sys/fs/cgroup:ro"
    },
    "export_path": "~/tmp/party_parrot.tar"
  }],
  "provisioners": [{
    "cookbook_paths": [
      "chef"
    ],
    "prevent_sudo": true,
    "run_list": [
      "redhat_factory::default"
    ],
    "chef_license": "accept",
    "type": "chef-solo"
  }]
}

chef cookbook:

package 'tuned'

service 'tuned' do
  action %i(start enable)
end

log:

docker: output will be in this color.

==> docker: Creating a temporary directory for sharing data...
==> docker: Pulling Docker image: centos:7
    docker: 7: Pulling from library/centos
    docker: Digest: sha256:0f4ec88e21daf75124b8a9e5ca03c37a5e937e0e108a255d890492430789b60e
    docker: Status: Image is up to date for centos:7
    docker: docker.io/library/centos:7
==> docker: Starting docker container...
    docker: Run command: docker run --privileged -v /sys/fs/cgroup:/sys/fs/cgroup:ro -v /Users/cr2p/.packer.d/tmp727655581:/packer-files -d -i -t --entrypoint=/bin/sh -- centos:7
    docker: Container ID: f62d47e257a210442cce7f059a2be3dceb06fbce7673f16e04a52bdf5fa92891
==> docker: Using docker communicator to connect: 172.17.0.4
==> docker: Provisioning with chef-solo
    docker: Installing Chef...
==> docker:   % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
==> docker:                                  Dload  Upload   Total   Spent    Left  Speed
    docker: el 7 x86_64
    docker: Getting information for chef stable  for el...
    docker: downloading https://omnitruck.chef.io/stable/chef/metadata?v=&p=el&pv=7&m=x86_64
    docker:   to file /tmp/install.sh.17/metadata.txt
    docker: trying curl...
==> docker: 100 23409  100 23409    0     0  34412      0 --:--:-- --:--:-- --:--:-- 34374
    docker: sha1    dffee30e640f443cf1fbf8db17f319db09c1e21e
    docker: sha256  b855820c1697dad395d3798f265e8c431b54a3bd29bbbd9ef87995cceaad3f17
    docker: url https://packages.chef.io/files/stable/chef/17.2.29/el/7/chef-17.2.29-1.el7.x86_64.rpm
    docker: version 17.2.29
    docker: downloaded metadata file looks valid...
    docker: downloading https://packages.chef.io/files/stable/chef/17.2.29/el/7/chef-17.2.29-1.el7.x86_64.rpm
    docker:   to file /tmp/install.sh.17/chef-17.2.29-1.el7.x86_64.rpm
    docker: trying curl...
    docker: Comparing checksum with sha256sum...
    docker:
    docker: WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
    docker:
    docker: You are installing a package without a version pin.  If you are installing
    docker: on production servers via an automated process this is DANGEROUS and you will
    docker: be upgraded without warning on new releases, even to new major releases.
    docker: Letting the version float is only appropriate in desktop, test, development or
    docker: CI/CD environments.
    docker:
    docker: WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
    docker:
    docker: Installing chef
    docker: installing with rpm...
==> docker: warning: /tmp/install.sh.17/chef-17.2.29-1.el7.x86_64.rpm: Header V4 DSA/SHA1 Signature, key ID 83ef826a: NOKEY
    docker: Preparing...                          ########################################
    docker: Updating / installing...
    docker: chef-17.2.29-1.el7                    ########################################
    docker: Thank you for installing Chef Infra Client! For help getting started visit https://learn.chef.io
    docker: Creating directory: /tmp/packer-chef-solo
    docker: Creating directory: /tmp/packer-chef-solo/cookbooks-0
    docker: Creating configuration file 'solo.rb'
    docker: Creating JSON attribute file
    docker: Executing Chef: chef-solo --no-color -c /tmp/packer-chef-solo/solo.rb -j /tmp/packer-chef-solo/node.json
    docker: +---------------------------------------------+
    docker: ✔ 2 product licenses accepted.
    docker: +---------------------------------------------+
    docker: Starting Chef Infra Client, version 17.2.29
    docker: Patents: https://www.chef.io/patents
    docker: [2021-06-17T15:02:07+00:00] WARN: Plugin Network: unable to detect ipaddress
    docker: [2021-06-17T15:02:07+00:00] ERROR: shard_seed: Failed to get dmi property serial_number: is dmidecode installed?
    docker: resolving cookbooks for run list: ["redhat_factory::default"]
    docker: Synchronizing Cookbooks:
    docker:   - redhat_factory (1.0.0)
    docker: Installing Cookbook Gems:
    docker: Compiling Cookbooks...
    docker: [2021-06-17T15:02:08+00:00] WARN: Resource yum_package built into Chef Infra Client is being overridden by the resource from a cookbook. Please upgrade your cookbook or remove the cookbook from your run_list.
    docker: [2021-06-17T15:02:08+00:00] WARN: Provider yum_package built into Chef Infra Client is being overridden by the provider from a cookbook. Please upgrade your cookbook or remove the cookbook from your run_list.
    docker: Converging 4 resources
    docker: Recipe: redhat_factory::default
    docker:   * entitler[entitler] action nothing (skipped due to action :nothing)
    docker: Recipe: redhat_factory::dummy
    docker:   * yum_package[tuned] action install
    docker:     - install version 0:2.11.0-11.el7_9.noarch of package tuned
    docker:   * service[tuned] action start
    docker:     * service[tuned]: No custom command for start specified and unable to locate the init.d script!
    docker:     ================================================================================
    docker:     Error executing action `start` on resource 'service[tuned]'
    docker:     ================================================================================
    docker:
    docker:     Chef::Exceptions::Service
    docker:     -------------------------
    docker:     service[tuned]: No custom command for start specified and unable to locate the init.d script!
    docker:
    docker:     Resource Declaration:
    docker:     ---------------------
    docker:     # In /tmp/packer-chef-solo/local-mode-cache/cache/cookbooks/redhat_factory/recipes/dummy.rb
    docker:
    docker:       3: service 'tuned' do
    docker:       4:   action %i(start enable)
    docker:       5: end
    docker:
    docker:     Compiled Resource:
    docker:     ------------------
    docker:     # Declared in /tmp/packer-chef-solo/local-mode-cache/cache/cookbooks/redhat_factory/recipes/dummy.rb:3:in `from_file'
    docker:
    docker:     service("tuned") do
    docker:       action [:start, :enable]
    docker:       default_guard_interpreter :default
    docker:       declared_type :service
    docker:       cookbook_name "redhat_factory"
    docker:       recipe_name "dummy"
    docker:       service_name "tuned"
    docker:       supports {:restart=>nil, :reload=>nil, :status=>nil}
    docker:     end
    docker:
    docker:     System Info:
    docker:     ------------
    docker:     chef_version=17.2.29
    docker:     platform=centos
    docker:     platform_version=7.9.2009
    docker:     ruby=ruby 3.0.1p64 (2021-04-05 revision 0fb782ee38) [x86_64-linux]
    docker:     program_name=/usr/bin/chef-solo
    docker:     executable=/opt/chef/bin/chef-solo
    docker:
    docker:
    docker: Running handlers:
    docker: [2021-06-17T15:02:37+00:00] ERROR: Running exception handlers
    docker: Running handlers complete
    docker: [2021-06-17T15:02:37+00:00] ERROR: Exception handlers complete
    docker: Chef Infra Client failed. 1 resources updated in 31 seconds
    docker: [2021-06-17T15:02:37+00:00] FATAL: Stacktrace dumped to /tmp/packer-chef-solo/local-mode-cache/cache/chef-stacktrace.out
    docker: [2021-06-17T15:02:37+00:00] FATAL: Please provide the contents of the stacktrace.out file if you file a bug report
    docker: [2021-06-17T15:02:37+00:00] FATAL: Chef::Exceptions::Service: service[tuned] (redhat_factory::dummy line 3) had an error: Chef::Exceptions::Service: service[tuned]: No custom command for start specified and unable to locate the init.d script!
==> docker: Provisioning step had errors: Running the cleanup provisioner, if present...
==> docker: Killing the container: f62d47e257a210442cce7f059a2be3dceb06fbce7673f16e04a52bdf5fa92891
Build 'docker' errored after 48 seconds 995 milliseconds: Error executing Chef: Non-zero exit status: 1

==> Wait completed after 48 seconds 996 milliseconds

==> Some builds didn't complete successfully and had errors:
--> docker: Error executing Chef: Non-zero exit status: 1

==> Builds finished but no artifacts were created.

connecting to the running container:

[root@a74a6b2cfa39 /]# systemctl --system status tuned
Failed to get D-Bus connection: Operation not permitted
[root@a74a6b2cfa39 /]# systemctl --system start tuned
Failed to get D-Bus connection: Operation not permitted

thanks in advance!

Answers

Chosen as BEST ANSWER

i've been able to solve this by modifying my work in the following ways:

modify the run_command specifically the entrypoint attribute
add the tmpfs array
finally modify the staging directory of the chef provisioner

packer template:

{
  "builders": [{
    "type": "docker",
    "image": "centos:7",
    "pull": false,
    "privileged": true,
    "changes": [
      "ONBUILD RUN {{ isotime }}"
    ],
    "volumes": {
      "/sys/fs/cgroup": "/sys/fs/cgroup:ro"
    },
    "export_path": "~/tmp/party_parrot.tar",
    "tmpfs": [
      "/tmp",
      "/run"
    ],
    "run_command": ["-d", "-i", "-t", "--entrypoint=/usr/sbin/init", "--", "{{.Image}}"]
  }],
  "provisioners": [{
    "cookbook_paths": [
      "chef"
    ],
    "prevent_sudo": true,
    "run_list": [
      "redhat_factory::default"
    ],
    "chef_license": "accept",
    "type": "chef-solo",
    "staging_directory": "/chef"
  }]
}

(Edit)

- GuidoUDraheim
- August 5, 2021 at 9:08 pm
- 0 votes
0
The "systemctl" script is small program that just communicates with the systemd dameon on PID 1 in a system. The communication channel is opened by asking d-bus which is also not started. The privledged/cgroup trick had been used for some time until docker containers were able to run the systemd daemon directly.

Personally I’d prefer to use the docker-systemctl-replacement/ in order to get an installer up and running that was not prepared for a docker environment. While it was developed with "ansible" in mind it may be interesting to see it working with "chef" instead.

Login or Signup to reply.

Please signup or login to give your own answer.

Click here to cancel reply.

Building a docker container via packer and provisioning via chef-solo fails on starting a service – CentOS

Answers