/var/run/nologin prevents SSH login

[nqb]

Hello @geerlingguy,

Thanks for this container !

I notice that when running docker-centos7-ansible like this:

docker run --detach --privileged  geerlingguy/docker-centos7-ansible:latest

/var/run/nologin is present and prevents SSH login. Is it voluntary ?

[nqb]

I suppose I found the reason: https://github.com/CentOS/sig-cloud-instance-images/issues/60

[IceBear2k]

To my knowledge /var/run/nologin is not part of the official centos:7 Docker image, nor of geerlingguy/docker-centos7-ansible.

I played a bit with Dockerfiles and it seems to have to do with the official instructions to enable systemd, found here: https://hub.docker.com/_/centos/

This Dockerfile deletes a number of unit files which might cause issues.

Something with that change seems to create (and not clean up?) /var/run/nologin preventing SSH login for non-root users.

The problem with this is that it actually only gets created once systemd is getting called upon the Docker container start. So there is no way to remove /var/run/nologin within the Dockerfile, because it actually doesn't even exist.

[nqb]

Hello @IceBear2k,

I discover this unexpected behavior when using test-kitchen with this container. If I use centos:7 in place, I didn't got this behavior.

Easy reproductible with https://github.com/nqb/hello-doc-ng/blob/master/kitchen.yml

[IceBear2k]

Yes, @nqb, that is my use case as well. I've made the same observation. (https://github.com/KrautIT/ansible-role-base/blob/master/.kitchen.yml)

You can also see that it's working properly by creating a Docker image from https://github.com/geerlingguy/docker-centos7-ansible/blob/master/Dockerfile but remove the whole systemd block between lines 7 and 16. SSH will work fine.

[geerlingguy]

I don't plan on supporting SSH on my docker images (though you're free to fork/build on top of to do it)... haven't had any reason to use it.