docker - 通过 packer 构建 docker 容器并通过 chef-solo 进行配置在启动服务时失败

Question

以下是构建 centos:7 docker 镜像的更大镜像工厂模板的摘录。一切都按预期工作，但是我在正在运行的容器上收到 dbus 错误。任何帮助表示赞赏!
相同的代码在以下情况下有效:

我用 vmware-iso或 virtualbox build 者。

我使用 centos:6图片

我尝试过的没有效果:

切换到 chef-client -z

添加了/sys/fs/cgroup:/sys/fs/cgroup:ro卷

已添加 privileged给 docker builder

模板:

{
  "builders": [{
    "type": "docker",
    "image": "centos:7",
    "privileged": true,
    "changes": [
      "ONBUILD RUN {{ isotime }}"
    ],
    "volumes": {
      "/sys/fs/cgroup": "/sys/fs/cgroup:ro"
    },
    "export_path": "~/tmp/party_parrot.tar"
  }],
  "provisioners": [{
    "cookbook_paths": [
      "chef"
    ],
    "prevent_sudo": true,
    "run_list": [
      "redhat_factory::default"
    ],
    "chef_license": "accept",
    "type": "chef-solo"
  }]
}

Chef Recipe :

package 'tuned'

service 'tuned' do
  action %i(start enable)
end

日志:

docker: output will be in this color.

==> docker: Creating a temporary directory for sharing data...
==> docker: Pulling Docker image: centos:7
    docker: 7: Pulling from library/centos
    docker: Digest: sha256:0f4ec88e21daf75124b8a9e5ca03c37a5e937e0e108a255d890492430789b60e
    docker: Status: Image is up to date for centos:7
    docker: docker.io/library/centos:7
==> docker: Starting docker container...
    docker: Run command: docker run --privileged -v /sys/fs/cgroup:/sys/fs/cgroup:ro -v /Users/cr2p/.packer.d/tmp727655581:/packer-files -d -i -t --entrypoint=/bin/sh -- centos:7
    docker: Container ID: f62d47e257a210442cce7f059a2be3dceb06fbce7673f16e04a52bdf5fa92891
==> docker: Using docker communicator to connect: 172.17.0.4
==> docker: Provisioning with chef-solo
    docker: Installing Chef...
==> docker:   % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
==> docker:                                  Dload  Upload   Total   Spent    Left  Speed
    docker: el 7 x86_64
    docker: Getting information for chef stable  for el...
    docker: downloading https://omnitruck.chef.io/stable/chef/metadata?v=&p=el&pv=7&m=x86_64
    docker:   to file /tmp/install.sh.17/metadata.txt
    docker: trying curl...
==> docker: 100 23409  100 23409    0     0  34412      0 --:--:-- --:--:-- --:--:-- 34374
    docker: sha1    dffee30e640f443cf1fbf8db17f319db09c1e21e
    docker: sha256  b855820c1697dad395d3798f265e8c431b54a3bd29bbbd9ef87995cceaad3f17
    docker: url https://packages.chef.io/files/stable/chef/17.2.29/el/7/chef-17.2.29-1.el7.x86_64.rpm
    docker: version 17.2.29
    docker: downloaded metadata file looks valid...
    docker: downloading https://packages.chef.io/files/stable/chef/17.2.29/el/7/chef-17.2.29-1.el7.x86_64.rpm
    docker:   to file /tmp/install.sh.17/chef-17.2.29-1.el7.x86_64.rpm
    docker: trying curl...
    docker: Comparing checksum with sha256sum...
    docker:
    docker: WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
    docker:
    docker: You are installing a package without a version pin.  If you are installing
    docker: on production servers via an automated process this is DANGEROUS and you will
    docker: be upgraded without warning on new releases, even to new major releases.
    docker: Letting the version float is only appropriate in desktop, test, development or
    docker: CI/CD environments.
    docker:
    docker: WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
    docker:
    docker: Installing chef
    docker: installing with rpm...
==> docker: warning: /tmp/install.sh.17/chef-17.2.29-1.el7.x86_64.rpm: Header V4 DSA/SHA1 Signature, key ID 83ef826a: NOKEY
    docker: Preparing...                          ########################################
    docker: Updating / installing...
    docker: chef-17.2.29-1.el7                    ########################################
    docker: Thank you for installing Chef Infra Client! For help getting started visit https://learn.chef.io
    docker: Creating directory: /tmp/packer-chef-solo
    docker: Creating directory: /tmp/packer-chef-solo/cookbooks-0
    docker: Creating configuration file 'solo.rb'
    docker: Creating JSON attribute file
    docker: Executing Chef: chef-solo --no-color -c /tmp/packer-chef-solo/solo.rb -j /tmp/packer-chef-solo/node.json
    docker: +---------------------------------------------+
    docker: ✔ 2 product licenses accepted.
    docker: +---------------------------------------------+
    docker: Starting Chef Infra Client, version 17.2.29
    docker: Patents: https://www.chef.io/patents
    docker: [2021-06-17T15:02:07+00:00] WARN: Plugin Network: unable to detect ipaddress
    docker: [2021-06-17T15:02:07+00:00] ERROR: shard_seed: Failed to get dmi property serial_number: is dmidecode installed?
    docker: resolving cookbooks for run list: ["redhat_factory::default"]
    docker: Synchronizing Cookbooks:
    docker:   - redhat_factory (1.0.0)
    docker: Installing Cookbook Gems:
    docker: Compiling Cookbooks...
    docker: [2021-06-17T15:02:08+00:00] WARN: Resource yum_package built into Chef Infra Client is being overridden by the resource from a cookbook. Please upgrade your cookbook or remove the cookbook from your run_list.
    docker: [2021-06-17T15:02:08+00:00] WARN: Provider yum_package built into Chef Infra Client is being overridden by the provider from a cookbook. Please upgrade your cookbook or remove the cookbook from your run_list.
    docker: Converging 4 resources
    docker: Recipe: redhat_factory::default
    docker:   * entitler[entitler] action nothing (skipped due to action :nothing)
    docker: Recipe: redhat_factory::dummy
    docker:   * yum_package[tuned] action install
    docker:     - install version 0:2.11.0-11.el7_9.noarch of package tuned
    docker:   * service[tuned] action start
    docker:     * service[tuned]: No custom command for start specified and unable to locate the init.d script!
    docker:     ================================================================================
    docker:     Error executing action `start` on resource 'service[tuned]'
    docker:     ================================================================================
    docker:
    docker:     Chef::Exceptions::Service
    docker:     -------------------------
    docker:     service[tuned]: No custom command for start specified and unable to locate the init.d script!
    docker:
    docker:     Resource Declaration:
    docker:     ---------------------
    docker:     # In /tmp/packer-chef-solo/local-mode-cache/cache/cookbooks/redhat_factory/recipes/dummy.rb
    docker:
    docker:       3: service 'tuned' do
    docker:       4:   action %i(start enable)
    docker:       5: end
    docker:
    docker:     Compiled Resource:
    docker:     ------------------
    docker:     # Declared in /tmp/packer-chef-solo/local-mode-cache/cache/cookbooks/redhat_factory/recipes/dummy.rb:3:in `from_file'
    docker:
    docker:     service("tuned") do
    docker:       action [:start, :enable]
    docker:       default_guard_interpreter :default
    docker:       declared_type :service
    docker:       cookbook_name "redhat_factory"
    docker:       recipe_name "dummy"
    docker:       service_name "tuned"
    docker:       supports {:restart=>nil, :reload=>nil, :status=>nil}
    docker:     end
    docker:
    docker:     System Info:
    docker:     ------------
    docker:     chef_version=17.2.29
    docker:     platform=centos
    docker:     platform_version=7.9.2009
    docker:     ruby=ruby 3.0.1p64 (2021-04-05 revision 0fb782ee38) [x86_64-linux]
    docker:     program_name=/usr/bin/chef-solo
    docker:     executable=/opt/chef/bin/chef-solo
    docker:
    docker:
    docker: Running handlers:
    docker: [2021-06-17T15:02:37+00:00] ERROR: Running exception handlers
    docker: Running handlers complete
    docker: [2021-06-17T15:02:37+00:00] ERROR: Exception handlers complete
    docker: Chef Infra Client failed. 1 resources updated in 31 seconds
    docker: [2021-06-17T15:02:37+00:00] FATAL: Stacktrace dumped to /tmp/packer-chef-solo/local-mode-cache/cache/chef-stacktrace.out
    docker: [2021-06-17T15:02:37+00:00] FATAL: Please provide the contents of the stacktrace.out file if you file a bug report
    docker: [2021-06-17T15:02:37+00:00] FATAL: Chef::Exceptions::Service: service[tuned] (redhat_factory::dummy line 3) had an error: Chef::Exceptions::Service: service[tuned]: No custom command for start specified and unable to locate the init.d script!
==> docker: Provisioning step had errors: Running the cleanup provisioner, if present...
==> docker: Killing the container: f62d47e257a210442cce7f059a2be3dceb06fbce7673f16e04a52bdf5fa92891
Build 'docker' errored after 48 seconds 995 milliseconds: Error executing Chef: Non-zero exit status: 1

==> Wait completed after 48 seconds 996 milliseconds

==> Some builds didn't complete successfully and had errors:
--> docker: Error executing Chef: Non-zero exit status: 1

==> Builds finished but no artifacts were created.

连接到正在运行的容器:

[root@a74a6b2cfa39 /]# systemctl --system status tuned
Failed to get D-Bus connection: Operation not permitted
[root@a74a6b2cfa39 /]# systemctl --system start tuned
Failed to get D-Bus connection: Operation not permitted

提前致谢!

Answer 1

我已经能够通过以下方式修改我的工作来解决这个问题:

修改run_command特别是 entrypoint属性

添加 tmpfs数组

最后修改chef provisioner的暂存目录

打包机模板:

{
  "builders": [{
    "type": "docker",
    "image": "centos:7",
    "pull": false,
    "privileged": true,
    "changes": [
      "ONBUILD RUN {{ isotime }}"
    ],
    "volumes": {
      "/sys/fs/cgroup": "/sys/fs/cgroup:ro"
    },
    "export_path": "~/tmp/party_parrot.tar",
    "tmpfs": [
      "/tmp",
      "/run"
    ],
    "run_command": ["-d", "-i", "-t", "--entrypoint=/usr/sbin/init", "--", "{{.Image}}"]
  }],
  "provisioners": [{
    "cookbook_paths": [
      "chef"
    ],
    "prevent_sudo": true,
    "run_list": [
      "redhat_factory::default"
    ],
    "chef_license": "accept",
    "type": "chef-solo",
    "staging_directory": "/chef"
  }]
}