Coreos Systemd Unit File - keep the container running - coreos

I am running CoreOS Stable 776.4.0.
I want to keep a container running all the time. But I cannot get it to work. When I expect the container to restart when it is killed. But it does not. I got it working before. But I don't remember how I did it.
Please help me!
I kill it by docker stop proxy
Restart=always will continuously stop and start the container.
This is my systemd unit file.
[Unit]
Description=nginx reverse proxy
After=docker.service
Requires=docker.service
[Service]
TimeoutStartSec=0
Restart=on-failure
ExecStartPre=-/usr/bin/docker stop proxy
ExecStartPre=-/usr/bin/docker rm proxy
ExecStart=/usr/bin/docker run -d --name proxy -p 80:80 -v
/var/run/docker.sock:/tmp/docker.sock:ro zhex900/nginx-proxy
[Install]
WantedBy=multi-user.target

Your immediate problem is this:
ExecStart=/usr/bin/docker run -d --name proxy -p 80:80 -v
/var/run/docker.sock:/tmp/docker.sock:ro zhex900/nginx-proxy
You are passing the -d option to the docker client, which means "start the container in the background and return immediately". Because the client exits, systemd interprets this as a failure and will attempt to restart the service.
The simplest solution is to remove the -d from the command line.
Another option is to not use systemd, and to simply start the container with docker run --restart=always ..., which will cause Docker to ensure that the container is running, even after a reboot.

Sorry, I asked a stupid question. The problem was I was running the container as a daemon. Remove -d solved the problem.
ExecStart=/usr/bin/docker run --name proxy -p 80:80 \
-v /var/run/docker.sock:/tmp/docker.sock:ro zhex900/nginx-proxy

Related

Systemd not starting dependent service on slow device

I have an interesting problem that I have a reproducer for. Using a container to compartmentalize this system and make it reproducible, I can have it run successfully on my powerful laptop, but when running on a slow raspberry Pi it fails.
::::::::::::::
A.service
::::::::::::::
[Unit]
Description=Service A
After=B.service
BindsTo=B.service
[Service]
Type=simple
Restart=always
RestartSec=1
ExecStartPre=/bin/sleep 1
ExecStart=/bin/sleep 100
ExecStartPost=/bin/sleep 1
TimeoutStartSec=10s
[Install]
WantedBy=multi-user.target
::::::::::::::
B.service
::::::::::::::
[Unit]
Description=Service A
After=C.service
BindsTo=C.service
[Service]
Type=simple
Restart=always
RestartSec=1
ExecStartPre=/bin/sleep 1
ExecStart=/bin/sleep 100
ExecStartPost=/bin/sleep 1
TimeoutStartSec=10s
[Install]
WantedBy=multi-user.target
::::::::::::::
C.service
::::::::::::::
[Unit]
Description=Service A
[Service]
Type=simple
Restart=always
RestartSec=1
ExecStartPre=/bin/sleep 1
ExecStart=/bin/sleep 100
ExecStartPost=/bin/sleep 1
TimeoutStartSec=10s
[Install]
WantedBy=multi-user.target
::::::::::::::
Dockerfile
::::::::::::::
FROM ubuntu:18.04
RUN DEBIAN_FRONTEND=noninteractive apt update && apt install -y systemd init socat
COPY *.service /etc/systemd/system/
#RUN systemctl enable A.service
ENTRYPOINT ["/sbin/init"]
::::::::::::::
run.sh
::::::::::::::
docker build -t service .
docker stop -t 0 service && docker rm service
docker run -d --name service --privileged --cap-add SYS_ADMIN service
#docker run -d --cpus="0.3" --name service --privileged --cap-add SYS_ADMIN service
sleep 3
docker exec -it service service A start
sleep 1
docker exec -it service service A status
docker exec -it service service B status
docker exec -it service service C status
What the intent here is that there are 3 services: A, B, and C. The dependency is as follows: A->B->C. When starting service A, B should be started which then in turn starts C. The services are dummy services in this case and I've tried adding delays pre and post service, but the problem persists.
On my powerful laptop, I can somewhat reproduce the issue by adding "--cpus=0.3" to the 'docker run' line.
Any ideas on what could be the culprit?
I have discovered that service has an interesting "feature":
# avoid deadlocks during bootup and shutdown from units/hooks
# which call "invoke-rc.d service reload" and similar, since
# the synchronous wait plus systemd's normal behaviour of
# transactionally processing all dependencies first easily
# causes dependency loops
if ! systemctl --quiet is-active multi-user.target; then
sctl_args="--job-mode=ignore-dependencies"
fi
Obviously, if systemctl is launched with --job-mode=ignore-dependencies, it is less likely to work :-).
As expected, the following sequence works:
docker run -d --name service --privileged --cap-add SYS_ADMIN service
docker exec -ti service systemctl start multi-user.target
docker exec -it service service A start
Obviously, the best option is to replace service A start by systemctl start A. BTW, service is specific to Ubuntu while systemctl is common to nearly any Linux distribution.
I think that any service manually started in a docker container is impacted by this issue.
However, I still don't explain why it works on your powerful laptop.

Start a Docker container at startup in Linux on Azure

I have a Linux Virtual Machine on Azure. On this machine I installed Docker. At the startup, I want to run a Docker container. For that, I created a startup_script.sh in the tmp folder with this content
sudo docker run -d -p 8787:8787 -e USER=rstudio
-e PASSWORD=mypassword myacr.azurecr.io/mycontainer
then I run this command
chmod u+x /tmp/startup_script.sh
Then, under etc/systemd/system I created a service
[Unit]
Description=Run script at startup after network becomes reachable
After=default.target
[Service]
Type=simple
RemainAfterExit=yes
ExecStart=/tmp/startup_script.sh
TimeoutStartSec=0
[Install]
WantedBy=default.target
Then, run
systemctl daemon-reload
systemctl enable run-at-startup.service
When I restart the machine, the Docker container is not running.
Docker recommends that you use its restart policies, and avoid using process managers like systemctl to start containers (https://docs.docker.com/config/containers/start-containers-automatically/).
First, you need to make sure that Docker Daemon (i.e. Docker service) start on boot.
On Debian and Ubuntu, the Docker service is configured to start on boot by default. To automatically start Docker and Containerd on boot for other distros, use the commands below:
sudo systemctl enable docker.service
sudo systemctl enable containerd.service
If you're on Windows, make sure that you ticked Start Docker Desktop when you log in in Docker Desktop settings.
Then, for each container you want to start on boot, you need to use the --restart flag when running the container, e.g.:
sudo docker run --restart always -d -p 8787:8787 -e USER=rstudio
-e PASSWORD=mypassword myacr.azurecr.io/mycontainer

Error while pulling image from docker registry

I am trying to pull registry image from docker.
docker run -d -p 5000:5000 --restart=always --name registry registry:2
But it gives an error like below:
docker: Error while pulling image: Get https://index.docker.io/v1/repositories/library/registry/images: dial tcp 52.73.159.23:443: getsockopt: no route to host.
I have set the proxy but it doesn't help. What could be the problem? I am running on Redhat linux 7.
If you are behind an HTTP proxy server, for example in corporate settings, you will need to add configure the Docker systemd service file.
First, create a systemd drop-in directory for the docker service:
mkdir /etc/systemd/system/docker.service.d
Now create a file called /etc/systemd/system/docker.service.d/http-proxy.conf that adds the HTTP_PROXY environment variable:
[Service]
Environment="HTTP_PROXY=http://proxy.example.com:80/"
Flush changes:systemctl daemon-reload
Restart Docker: systemctl restart docker
see https://docs.docker.com/engine/admin/systemd/#http-proxy for details.

how to mount a Host volume to node.js docker container

sudo docker run -p 3000:3000 -d --name mca-service myteam/reponame
this is the command i usually using to run the container. i have a folder in /var/log/appLog. i need to mount this directory with the contaner to store my app log file to make it persistent. i tried
sudo docker run -p 3000:3000 -d --name mca-service -v /var/log/appLog:/var/log/appLog:rw --entrypoint myteam/reponame
this command. but it raise some errors. can someone please help me to do this?
Under which user is your container (myteam/reponame) running? If it is not root, you have to change the user and group and the read/write permission of your folder on the host.
Your --entrypoint is empty. Either remove it or use --entrypoint []

How to run Nginx within a Docker container without halting?

I have Nginx installed on a Docker container, and am trying to run it like this:
docker run -i -t -p 80:80 mydockerimage /usr/sbin/nginx
The problem is that the way Nginx works, is that the initial process immediately spawns a master Nginx process and some workers, and then quits. Since Docker is only watching the PID of the original command, the container then halts.
How do I prevent the container from halting? I need to be able to tell it to bind to the first child process, or stop Nginx's initial process from exiting.
To expand on Charles Duffy's answer, Nginx uses the daemon off directive to run in the foreground. If it's inconvenient to put this in the configuration file, we can specify it directly on the command line. This makes it easy to run in debug mode (foreground) and directly switch to running in production mode (background) by changing command line args.
To run in foreground:
nginx -g 'daemon off;'
To run in background:
nginx
nginx, like all well-behaved programs, can be configured not to self-daemonize.
Use the daemon off configuration directive described in http://wiki.nginx.org/CoreModule.
To expand on John's answer you can also use the Dockerfile CMD command as following (in case you want it to self start without additional args)
CMD ["nginx", "-g", "daemon off;"]
Just FYI, as of today (22 October 2019) official Nginx docker images all have line:
CMD ["nginx", "-g", "daemon off;"]
e.g. https://github.com/nginxinc/docker-nginx/blob/23a990403d6dbe102bf2c72ab2f6a239e940e3c3/mainline/alpine/Dockerfile#L117
Adding this command to Dockerfile can disable it:
RUN echo "daemon off;" >> /etc/nginx/nginx.conf
To add Tomer and Charles answers,
Syntax to run nginx in forground in Docker container using Entrypoint:
ENTRYPOINT nginx -g 'daemon off;'
Not directly related but to run multiple commands with Entrypoint:
ENTRYPOINT /bin/bash -x /myscripts/myscript.sh && nginx -g 'daemon off;'
Here you have an example of a Dockerfile that runs nginx. As mentionned by Charles, it uses the daemon off configuration:
https://github.com/darron/docker-nginx-php5/blob/master/Dockerfile#L17
For all who come here trying to run a nginx image in a docker
container, that will run as a service
As there is no whole Dockerfile, here is my whole Dockerfile solving the issue.
Nice and working. Thanks to all answers here in order to solve the final nginx issue.
FROM ubuntu:18.04
MAINTAINER stackoverfloguy "stackoverfloguy#foo.com"
RUN apt-get update -y
RUN apt-get install net-tools nginx ufw sudo -y
RUN adduser --disabled-password --gecos '' docker
RUN adduser docker sudo
RUN echo '%sudo ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers
USER docker
RUN sudo ufw default allow incoming
RUN sudo rm /etc/nginx/nginx.conf
RUN sudo rm /etc/nginx/sites-available/default
RUN sudo rm /var/www/html/index.nginx-debian.html
VOLUME /var/log
VOLUME /usr/share/nginx/html
VOLUME /etc/nginx
VOLUME /var/run
COPY conf/nginx.conf /etc/nginx/nginx.conf
COPY content/* /var/www/html/
COPY Dockerfile /var/www/html
COPY start.sh /etc/nginx/start.sh
RUN sudo chmod +x /etc/nginx/start.sh
RUN sudo chmod -R 777 /var/www/html
EXPOSE 80
EXPOSE 443
ENTRYPOINT sudo nginx -c /etc/nginx/nginx.conf -g 'daemon off;'
And run it with:
docker run -p 80:80 -p 443:443 -dit
It is also good idea to use supervisord or runit[1] for service management.
[1] https://github.com/phusion/baseimage-docker
In the official notes for the official NGINX image on DockerHub it states:
If you add a custom CMD in the Dockerfile, be sure to include -g daemon off; in the CMD in order for nginx to stay in the foreground,
so that Docker can track the process properly (otherwise your
container will stop immediately after starting)!
This makes me thing removing the CMD [] might prevent this issue from occurring in the first place?

Resources