USER CODE ISSUE: Molecule systemd-related tasks are failing on Fedora 33 host

geerlingguy / docker-fedora33-ansible

Fedora 33 Docker container for Ansible playbook and role testing.

https://hub.docker.com/repository/docker/geerlingguy/docker-fedora33-ansible

MIT License

10 stars 3 forks source link

USER CODE ISSUE: Molecule systemd-related tasks are failing on Fedora 33 host #1

Closed fourstepper closed 3 years ago

fourstepper commented 3 years ago

Not sure if this is the right channel for reporting this, but systemd in the container doesn't work for me on a Fedora 33 host

Host kernel: Linux 5.8.18-300.fc33.x86_64 #1 SMP Mon Nov 2 19:09:05 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux

Task failing:

TASK [ansible-role-logiops : Make sure the daemon is enabled and started] ******
fatal: [instance]: FAILED! => {"changed": false, "msg": "Service is in unknown state", "status": {}}

molecule login

[root@instance /]# systemctl start logid
System has not been booted with systemd as init system (PID 1). Can't operate.
Failed to connect to bus: Host is down

I am having the same problem with the docker-fedora32-ansible container as well - I am almost certain that this is not an issue with the containers but rather with the systemd interactions themselves, but perhaps you do have some insight that I don't have

geerlingguy commented 3 years ago

Are you running it with --privileged --volume=/sys/fs/cgroup:/sys/fs/cgroup:ro?

dowdle commented 3 years ago

Someone on the #fedora IRC channel on Freenode asked about this issue... and didn't hang around long enough for an answer. Also their send was too long for their Matrix client (use a real IRC client) and it sent a link to the channel instead of the actual message. Just curious if doing the following helps: setsebool -P container_manage_cgroup --> on

fourstepper commented 3 years ago

@geerlingguy Okay, my bad - I just got so used to putting those lines in there that I, I guess, didn't this time... Thanks...

fourstepper commented 3 years ago

Someone on the #fedora IRC channel on Freenode asked about this issue... and didn't hang around long enough for an answer. Also their send was too long for their Matrix client (use a real IRC client) and it sent a link to the channel instead of the actual message. Just curious if doing the following helps: setsebool -P container_manage_cgroup --> on

The behaviour works fine with this boolean off

This is the fixed code:

---
dependency:
  name: galaxy
driver:
  name: docker
platforms:
  - name: instance
    image: "geerlingguy/docker-${MOLECULE_DISTRO:-fedora32}-ansible:latest"
    command: ""
    volumes:
      - /sys/fs/cgroup:/sys/fs/cgroup:ro
    privileged: true
    pre_build_image: true
provisioner:
  name: ansible
verifier:
  name: ansible

geerlingguy commented 3 years ago

Thanks for following up!