Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Puppet-Agent running in docker can't manage host systemd services #2467

Closed
seancharlton opened this issue Jan 19, 2024 · 4 comments
Closed
Labels
bug Something isn't working

Comments

@seancharlton
Copy link

Describe the Bug

The puppet-agent ( https://hub.docker.com/r/puppet/puppet-agent ), running in a docker-container, can't manage the hosts systemd services like a native puppet-agent can.

I'm running the puppet-agent like the Overview Page on Docker Hub
docker run --rm --privileged --hostname agent -v /tmp:/tmp -v /etc:/etc -v /var:/var -v /usr:/usr -v /lib64:/lib64 puppet/puppet-agent-ubuntu

Hope there is a way to get this working.

Expected Behavior

Puppet-Agent running in container behaves like the native running binary.

Steps to Reproduce

Steps to reproduce the behavior:

  1. Start the puppet-agent with the command from the hub.docker.com page
    docker run --rm --privileged --hostname agent -v /tmp:/tmp -v /etc:/etc -v /var:/var -v /usr:/usr -v /lib64:/lib64 puppet/puppet-agent-ubuntu
  2. Jump imto the container
    docker exec -ti <name_of_container> bash
  3. Create a small test .pp ( vi )
    service { 'chrony': ensure => 'stopped', enable => true, provider => 'systemd', }
  4. Apply the .pp file
    puppet apply ./init.pp ... Notice: Compiled catalog for agent in environment production in 0.01 seconds Error: /Stage[main]/Main/Service[chrony]: Provider systemd is not functional on this host

Environment

Additional Context

  • Docker Container systemctl output:
    System has not been booted with systemd as init system (PID 1). Can't operate. Failed to connect to bus: Host is down
  • Puppet-Agent Error Output:
    Error: /Stage[main]/Main/Service[chrony]: Provider systemd is not functional on this host
@seancharlton seancharlton added the bug Something isn't working label Jan 19, 2024
@joshcooper
Copy link
Contributor

@seancharlton can you provide more context about why you're running puppet agents in docker containers? Are you running puppet in a Dockerfile when building the image? Or are you managing the running docker container using puppet?

@seancharlton
Copy link
Author

@joshcooper It's a internal policy with a new batch of systems. Those Systems use Fedora CoreOS as their host system and every application on it has to be run in a Container.
Every container on the Fedora CoreOS System is managed via systemd service file. ( Example: https://docs.fedoraproject.org/en-US/fedora-coreos/running-containers/ )

The puppet-agent in the container is used to managed the Fedora CoreOS System itself and all the systemd services files.

Since there is a puppet-agent docker image and the documentation mentioned Fedora CoreOS, I believed that all puppet ressource type would work out of the box.

@joshcooper
Copy link
Contributor

Generally speaking trying to manage the host OS from inside a docker container is going to be an uphill battle and not something we recommend or support so I'm going to close this. You might be able to get something working, but ultimately you're going to have to work around all of the security layers that docker has to prevent a container from taking over the host OS.

@binford2k
Copy link
Contributor

the linked docs page describes how to start/stop containers with their service files, like systemctl start <container name>. It doesn't say that the containers themselves have systemd. You can use Puppet's service resource on the host to manage a containerized service.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

No branches or pull requests

3 participants