Closed nqb closed 5 years ago
I suppose I found the reason: https://github.com/CentOS/sig-cloud-instance-images/issues/60
To my knowledge /var/run/nologin
is not part of the official centos:7
Docker image, nor of geerlingguy/docker-centos7-ansible
.
I played a bit with Dockerfiles and it seems to have to do with the official instructions to enable systemd, found here: https://hub.docker.com/_/centos/
This Dockerfile deletes a number of unit files which might cause issues.
Something with that change seems to create (and not clean up?) /var/run/nologin
preventing SSH login for non-root users.
The problem with this is that it actually only gets created once systemd is getting called upon the Docker container start. So there is no way to remove /var/run/nologin
within the Dockerfile, because it actually doesn't even exist.
Hello @IceBear2k,
I discover this unexpected behavior when using test-kitchen with this container. If I use centos:7 in place, I didn't got this behavior.
Easy reproductible with https://github.com/nqb/hello-doc-ng/blob/master/kitchen.yml
Yes, @nqb, that is my use case as well. I've made the same observation. (https://github.com/KrautIT/ansible-role-base/blob/master/.kitchen.yml)
You can also see that it's working properly by creating a Docker image from https://github.com/geerlingguy/docker-centos7-ansible/blob/master/Dockerfile but remove the whole systemd block between lines 7 and 16. SSH will work fine.
I don't plan on supporting SSH on my docker images (though you're free to fork/build on top of to do it)... haven't had any reason to use it.
Hello @geerlingguy,
Thanks for this container !
I notice that when running
docker-centos7-ansible
like this:/var/run/nologin
is present and prevents SSH login. Is it voluntary ?