Docker Community Forums

Share and learn in the Docker community.

How to run systemd in CentOS container for license daemon

Hello everyone,

I hope everyone is doing well. So I am trying to use docker to run commercial cfd program like ansys, starccm+, simulia xflow, etc. Because in theory I wanted to run a rolling release or newest release distro for all my dev tools and other opensource tools but still have a enviornment (like centos) that is supported by commercial programs. Now unfortunately they require license server daemon (flexlm for ansys fluent and rlm for xflow) and it can’t be run without systemd and dbus. Now I have gotten it to kind of work in fedora 33 using moby engine, but when I try to copy the container to opensuse or ubuntu and it throws more errors. Now I hear that using systemd isn’t really the docker way, but I am wondering if there is a cleaner way to only allow me to run specific systemd daemons and not all 200 daemons? Because I definitely feel that it only works on Fedora because fedora and centos use the same systemd.

Here is my setting files and my scripts.

My dockerfile (copied from the dockerhub):

FROM centos:centos7.8.2003
ENV container docker
RUN (cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i == \
systemd-tmpfiles-setup.service ] || rm -f $i; done); \
rm -f /lib/systemd/system/multi-user.target.wants/*;\
rm -f /etc/systemd/system/*.wants/*;\
rm -f /lib/systemd/system/local-fs.target.wants/*; \
rm -f /lib/systemd/system/sockets.target.wants/*udev*; \
rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \
rm -f /lib/systemd/system/basic.target.wants/*;\
rm -f /lib/systemd/system/anaconda.target.wants/*;
VOLUME [ "/sys/fs/cgroup" ]
CMD ["/usr/sbin/init"]

Then I launch into the container and install all pre-requisites and docker commit it.

Then when I want to use my program, I start the container using this script:

#!/bin/bash

xhost +local:root

docker network ls | grep hostonly > /dev/null 2>&1

if [ $? -ne 0 ]; then

echo Create host-only network for docker

docker network create -d bridge --internal hostonly

fi

#user should be a member of video and render to get full access to gpu

# export XAUTH_PROTO=$(xauth list | grep \hostname -s` | grep :0 |tail -1 |cut -d' ' -f3)`)

# export XAUTH_KEY=$(xauth list | grep \hostname -s` | grep :0 |tail -1 |cut -d' ' -f5)`)

#Do xauth list | grep unix:0

#inside docker shell xauth add :0 MIT-MAGIC... digest..

IMAGE=c7-coreplus:ver2

# --volume="/opt:/opt" \

GIDS=( $(id -G) ) #All of my groups

unset GIDS[0] #remove primary group

for g in "${GIDS[@]}"

do

G+=" --group-add=$g"

done



#RM=""

RM=" --rm "



U=""

#U=" --user $(id -u):$(id -g) $G"



VOLS=' --volume=/etc/group:/etc/group:ro '

VOLS+='--volume=/etc/passwd:/etc/passwd:ro '

VOLS+='--volume=/etc/shadow:/etc/shadow:ro '

VOLS+='--volume=/etc/sudoers.d:/etc/sudoers.d:ro '

VOLS+='--volume=/tmp/.X11-unix:/tmp/.X11-unix:rw '

VOLS+="--volume=/home:/home "

VOLS+='--volume=/opt:/opt '

VOLS+='--volume=/run/media/fedora-vm:/mnt '

VOLS+="--device=/dev/dri "

VOLS+="--device=/dev/vga_arbiter "

NVS=( $(ls /dev/nvidia* 2>/dev/null) )

for N in "${NVS[@]}"

do

VOLS+="--device=$N "

done

#SEC=' --security-opt=label=disable --security-opt=seccomp=unconfined '

SEC=''

NET='--network=host '

docker run $RM -it --cap-add=SYS_ADMIN -v /sys/fs/cgroup:/sys/fs/cgroup:ro $U --env="DISPLAY" $VOLS -w="/home/${USER}" --ipc="host" $NET -w="/home/$USER" --hostname="localhost" --name="CentOS7" ${IMAGE} /usr/sbin/init
# EOF

Then connect to shell using docker exec and then I just cd into my host opt directory and launch licensing and then the program and it launches on my host display with host resources and host hardware acceleration.

So it seems even with the fuse and huge page errors, systemd runs partially and I can access it. Also learned that it fails because the locations for centos7 dev fuse and hugepages aren’t the same for opensuse or ubuntu, thats why it works fine with fedora. Also found out I can run the license server from on host as root and the docker can pick it up. Just make sure hostname matches.

Docker files for an unprivileged systemd container based on CentOS 7.

This image is intended to be a base for other images.

To build it simply execute ./build.sh

To run a container simply execute ./run.sh

Example:

[root@mwysocki docker-systemd-unpriv]# ./build.sh
Sending build context to Docker daemon 122.4 kB
Sending build context to Docker daemon
Step 0 : FROM centos:centos7
—> 7322fbe74aa5
Step 1 : MAINTAINER Marcel Wysocki “maci.stgn@gmail.com
—> Using cache
—> 00c8b93cf714
Step 2 : ENV container docker
—> Using cache
—> 9b8f4fb8200a
Step 3 : RUN yum -y update; yum clean all
—> Using cache
—> 3345a7b137ca
Step 4 : RUN yum -y swap – remove systemd-container systemd-container-libs – install systemd systemd-libs dbus
—> Using cache
—> b96655caefbc
Step 5 : RUN systemctl mask dev-mqueue.mount dev-hugepages.mount systemd-remount-fs.service sys-kernel-config.mount sys-kernel-debug.mount sys-fs-fuse-connections.mount display-manager.service graphical.target systemd-logind.service
—> Running in 15346731ae25
—> 1ee09b86a67b
Removing intermediate container 15346731ae25
Step 6 : ADD dbus.service /etc/systemd/system/dbus.service
—> 30046edacbd0
Removing intermediate container 84556db3d846
Step 7 : RUN systemctl enable dbus.service
—> Running in 151ced2a823e
—> fd86e74cf704
Removing intermediate container 151ced2a823e
Step 8 : VOLUME /sys/fs/cgroup
—> Running in bd81371550ca
—> 1c888d9613f8
Removing intermediate container bd81371550ca
Step 9 : VOLUME /run
—> Running in 1bcb2d277021
—> de4f43ca3837
Removing intermediate container 1bcb2d277021
Step 10 : CMD /usr/lib/systemd/systemd
—> Running in b660c5d8cba6
—> 1d7ff7bdbd64
Removing intermediate container b660c5d8cba6
Successfully built 1d7ff7bdbd64
[root@mwysocki docker-systemd-unpriv]# ./run.sh
Wed Jul 29 17:11:14 CEST 2015
1302a1dbd5ff09e720c566ea6b87f1233f0cc14370022a900bdc84e8d07a27f5
To enter docker container run:
docker exec -t -i 1302a1dbd5ff09e720c566ea6b87f1233f0cc14370022a900bdc84e8d07a27f5 /bin/bash
[root@mwysocki docker-systemd-unpriv]# docker exec -t -i 1302a1dbd5ff09e720c566ea6b87f1233f0cc14370022a900bdc84e8d07a27f5 /bin/bash
[root@1302a1dbd5ff /]# ps -ux
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.7 0.0 53584 3328 ? Ss 15:11 0:00 /usr/lib/systemd/systemd
root 14 0.1 0.0 43024 5232 ? Ss 15:11 0:00 /usr/lib/systemd/systemd-journald
root 24 0.4 0.0 11748 1940 ? Ss 15:11 0:00 /bin/bash
root 39 0.0 0.0 19772 1476 ? R+ 15:11 0:00 ps -ux
[root@1302a1dbd5ff /]#

What am I putting in build.sh and run.sh?