Docker 容器 yum 安装软件，systemd 程序无法启动

最新推荐文章于 2024-07-11 16:57:31 发布

行走的猫儿

最新推荐文章于 2024-07-11 16:57:31 发布

阅读量1.2k

点赞数

分类专栏： docker

本文链接：https://blog.csdn.net/RunzIyy/article/details/105113711

版权

docker 专栏收录该内容

10 篇文章 0 订阅

订阅专栏

当我们创建容器后，使用yum 安装一个 httpd 服务，在启动时会报错没有权限

创建容器

[root@localhost ~]# docker run -itd --name httpd centos /bin/bash
fd71b36db40e91b88b7d55998def0a09cc3cc6ce1709f210ce42406f2124b0f7

进入容器并安装 httpd

[root@localhost ~]# docker exec -it httpd /bin/bash
[root@fd71b36db40e /]# yum -y install httpd

启动 http的
- 当我们使用 systemctl 启动httpd 服务
- 警告我们权限不足

[root@fd71b36db40e /]# systemctl start httpd
Failed to get D-Bus connection: Operation not permitted

1. 通过 `--privileged` 进行提权

可以在创建容器的进行提权
- 通过 --privileged 参数进行提权
- --privileged 运行于/sbin/init 环境当中

[root@localhost ~]# docker run -itd --name http --privileged centos /sbin/init 
26fd217eab9ea04219f3ea1043fbae6f046d9b7b6ffb2ad7f52a2a0714395f4a
[root@localhost ~]# docker exec -it http /bin/bash
[root@26fd217eab9e /]# yum -y install httod

启动 httpd

[root@26fd217eab9e /]# systemctl start httpd
[root@26fd217eab9e /]# netstat -anpt | grep 80
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      188/httpd

删除容器 http
- 如果不及时退出容器，且删除，会长时间占用权限

[root@localhost ~]# docker rm -f http
http

2. 第二种

通过查看/usr/lib/systemd/system/ 目录下服务启动文件，来找到 ExecStart 启动方法

/usr/lib/systemd/system/

创建容器
- 且安装httpd

[root@localhost ~]# docker run -itd --name http centos /bin/bash
772e06c9f4d4b94f1b8b1c9c303de0f1124eae67f162999b43a0fea25c3863c7
[root@localhost ~]# docker exec -it http /bin/bash
[root@772e06c9f4d4 /]# yum -y install httpd

查看 httpd 服务的启动方法

[root@772e06c9f4d4 /]# cat /usr/lib/systemd/system/httpd.service 
[Unit]
Description=The Apache HTTP Server
After=network.target remote-fs.target nss-lookup.target
Documentation=man:httpd(8)
Documentation=man:apachectl(8)

[Service]
Type=notify
EnvironmentFile=/etc/sysconfig/httpd
ExecStart=/usr/sbin/httpd $OPTIONS -DFOREGROUND			//  启动方法
ExecReload=/usr/sbin/httpd $OPTIONS -k graceful			//  重载方法
ExecStop=/bin/kill -WINCH ${MAINPID}					//  关闭方法
# We want systemd to give httpd some time to finish gracefully, but still want
# it to kill httpd after TimeoutStopSec if something went wrong during the
# graceful stop. Normally, Systemd sends SIGTERM signal right after the
# ExecStop, which would kill httpd. We are sending useless SIGCONT here to give
# httpd time to finish.
KillSignal=SIGCONT
PrivateTmp=true

[Install]
WantedBy=multi-user.target

启动httpd 服务

[root@772e06c9f4d4 /]# /usr/sbin/httpd 
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 172.17.0.2. Set the 'ServerName' directive globally to suppress this message

[root@772e06c9f4d4 /]# netstat -anpt | grep 80
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      98/httpd