Docker 容器 yum 安装软件,systemd 程序无法启动

当我们创建容器后,使用yum 安装一个 httpd 服务,在启动时会报错没有权限

  • 创建容器
[root@localhost ~]# docker run -itd --name httpd centos /bin/bash
fd71b36db40e91b88b7d55998def0a09cc3cc6ce1709f210ce42406f2124b0f7

  • 进入容器并安装 httpd
[root@localhost ~]# docker exec -it httpd /bin/bash
[root@fd71b36db40e /]# yum -y install httpd

  • 启动 http的
    • 当我们使用 systemctl 启动httpd 服务
    • 警告我们权限不足
[root@fd71b36db40e /]# systemctl start httpd
Failed to get D-Bus connection: Operation not permitted

1. 通过 --privileged 进行提权

  • 可以在创建容器的进行提权
    • 通过 --privileged 参数进行提权
    • --privileged 运行于/sbin/init 环境当中
[root@localhost ~]# docker run -itd --name http --privileged centos /sbin/init 
26fd217eab9ea04219f3ea1043fbae6f046d9b7b6ffb2ad7f52a2a0714395f4a
[root@localhost ~]# docker exec -it http /bin/bash
[root@26fd217eab9e /]# yum -y install httod

  • 启动 httpd
[root@26fd217eab9e /]# systemctl start httpd
[root@26fd217eab9e /]# netstat -anpt | grep 80
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      188/httpd      
  • 删除 容器 http
    • 如果不及时退出容器,且删除,会长时间占用权限
[root@localhost ~]# docker rm -f http
http

2. 第二种

  • 通过查看/usr/lib/systemd/system/ 目录下 服务启动文件,来找到 ExecStart 启动方法
/usr/lib/systemd/system/
  • 创建容器
    • 且安装httpd
[root@localhost ~]# docker run -itd --name http centos /bin/bash
772e06c9f4d4b94f1b8b1c9c303de0f1124eae67f162999b43a0fea25c3863c7
[root@localhost ~]# docker exec -it http /bin/bash
[root@772e06c9f4d4 /]# yum -y install httpd

  • 查看 httpd 服务的启动方法
[root@772e06c9f4d4 /]# cat /usr/lib/systemd/system/httpd.service 
[Unit]
Description=The Apache HTTP Server
After=network.target remote-fs.target nss-lookup.target
Documentation=man:httpd(8)
Documentation=man:apachectl(8)

[Service]
Type=notify
EnvironmentFile=/etc/sysconfig/httpd
ExecStart=/usr/sbin/httpd $OPTIONS -DFOREGROUND			//  启动方法
ExecReload=/usr/sbin/httpd $OPTIONS -k graceful			//  重载方法
ExecStop=/bin/kill -WINCH ${MAINPID}					//  关闭方法
# We want systemd to give httpd some time to finish gracefully, but still want
# it to kill httpd after TimeoutStopSec if something went wrong during the
# graceful stop. Normally, Systemd sends SIGTERM signal right after the
# ExecStop, which would kill httpd. We are sending useless SIGCONT here to give
# httpd time to finish.
KillSignal=SIGCONT
PrivateTmp=true

[Install]
WantedBy=multi-user.target

  • 启动httpd 服务
[root@772e06c9f4d4 /]# /usr/sbin/httpd 
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 172.17.0.2. Set the 'ServerName' directive globally to suppress this message

[root@772e06c9f4d4 /]# netstat -anpt | grep 80
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      98/httpd   
发布了68 篇原创文章 · 获赞 10 · 访问量 2650
展开阅读全文

没有更多推荐了,返回首页

©️2019 CSDN 皮肤主题: 书香水墨 设计师: CSDN官方博客

分享到微信朋友圈

×

扫一扫,手机浏览