[SOLVED] Fail Create LDAP Instance AlmaLinux 9 389 Directory Server Container in Docker Desktop 4.17.0

Docker Desktop for Mac
1

[SOLVED]
The problem comes from ds_systemd_ask_password_acl. So I disable setfacl in dirsrv service. Reference link: Docker macOS (Apple Silicon): ds_systemd_ask_password_acl[494]: setfacl: /var/run/systemd/ask-password: Operation not supported · Issue #3 · kresnasatya/libreto · GitHub

Hi everyone. I create a AlmaLinux 9 389 Directory Server container to make me easier interact with LDAP server via Web UI (Cockpit). So far the container runs well in Windows WSL2 but it fails in macOS. I’m using Docker Desktop 4.17.0. Here’s my repo to reproduce the container: libreto/almalinux-389-ds at main · kresnasatya/libreto · GitHub

Here’s the result I get in terminal container with command systemctl status dirsrv@companytest in macOS.

× dirsrv@companytest.service - 389 Directory Server companytest.
     Loaded: loaded (/usr/lib/systemd/system/dirsrv@.service; enabled; vendor preset: disabled)
    Drop-In: /usr/lib/systemd/system/dirsrv@.service.d
             └─custom.conf
     Active: failed (Result: exit-code) since Tue 2023-03-07 10:12:01 UTC; 4min 26s ago
    Process: 490 ExecStartPre=/usr/libexec/dirsrv/ds_systemd_ask_password_acl /etc/dirsrv/slapd-companytest/dse.ldif (code=exited, statu>
        CPU: 29ms

Mar 07 10:12:01 728da1863072 systemd[1]: Starting 389 Directory Server companytest....
Mar 07 10:12:01 728da1863072 ds_systemd_ask_password_acl[494]: setfacl: /var/run/systemd/ask-password: Operation not supported
Mar 07 10:12:01 728da1863072 systemd[1]: dirsrv@companytest.service: Control process exited, code=exited, status=1/FAILURE
Mar 07 10:12:01 728da1863072 systemd[1]: dirsrv@companytest.service: Failed with result 'exit-code'.
Mar 07 10:12:01 728da1863072 systemd[1]: Failed to start 389 Directory Server companytest..
lines 1-13/13 (END)

In Windows WSL2.

● dirsrv@companytest.service - 389 Directory Server companytest.
     Loaded: loaded (/usr/lib/systemd/system/dirsrv@.service; enabled; vendor preset: disabled)
    Drop-In: /usr/lib/systemd/system/dirsrv@.service.d
             └─custom.conf
     Active: active (running) since Tue 2023-03-07 09:48:48 UTC; 1min 51s ago
    Process: 129 ExecStartPre=/usr/libexec/dirsrv/ds_systemd_ask_password_acl /etc/dirsrv/slapd-companytest/dse.ldif (code=exited, status=0/SUCCESS)
    Process: 157 ExecStartPre=/usr/libexec/dirsrv/ds_selinux_restorecon.sh /etc/dirsrv/slapd-companytest/dse.ldif (code=exited, status=0/SUCCESS)
   Main PID: 167 (ns-slapd)
     Status: "slapd started: Ready to process requests"
     CGroup: /docker/215698f5dda87dc815076caa294ead35c8007942f832cb17a00b92f5c1fa1dcc/system.slice/system-dirsrv.slice/dirsrv@companytest.service
             └─167 /usr/sbin/ns-slapd -D /etc/dirsrv/slapd-companytest -i /run/dirsrv/slapd-companytest.pid

Mar 07 09:48:47 215698f5dda8 ns-slapd[167]: [07/Mar/2023:09:48:47.717684500 +0000] - NOTICE - bdb_start_autotune - cache autosizing: db cache: 251784k
Mar 07 09:48:47 215698f5dda8 ns-slapd[167]: [07/Mar/2023:09:48:47.728024400 +0000] - NOTICE - bdb_start_autotune - cache autosizing: companyldap entry cache (1 total): 720896k
Mar 07 09:48:47 215698f5dda8 ns-slapd[167]: [07/Mar/2023:09:48:47.739097500 +0000] - NOTICE - bdb_start_autotune - cache autosizing: companyldap dn cache (1 total): 131072k
Mar 07 09:48:47 215698f5dda8 ns-slapd[167]: [07/Mar/2023:09:48:47.749902700 +0000] - NOTICE - bdb_start_autotune - total cache size: 1212894617 B;
Mar 07 09:48:47 215698f5dda8 ns-slapd[167]: [07/Mar/2023:09:48:47.771539800 +0000] - NOTICE - bdb_start - Detected Disorderly Shutdown last time Directory Server was running, recovering database.
Mar 07 09:48:48 215698f5dda8 ns-slapd[167]: [07/Mar/2023:09:48:48.639641300 +0000] - INFO - slapd_daemon - slapd started.  Listening on All Interfaces port 389 for LDAP requests
Mar 07 09:48:48 215698f5dda8 ns-slapd[167]: [07/Mar/2023:09:48:48.648379300 +0000] - INFO - slapd_daemon - Listening on All Interfaces port 636 for LDAPS requests
Mar 07 09:48:48 215698f5dda8 ns-slapd[167]: [07/Mar/2023:09:48:48.657368000 +0000] - INFO - slapd_daemon - Listening on /run/slapd-companytest.socket for LDAPI requests
Mar 07 09:48:48 215698f5dda8 systemd[1]: Started 389 Directory Server companytest..
Mar 07 09:48:51 215698f5dda8 ns-slapd[167]: [07/Mar/2023:09:48:51.641680400 +0000] - INFO - vattr_check_thread - No role/cos definition in dc=company,dc=com

If you see result each other, in Windows it shows CGroup and macOS doesn’t. I was think that it’s the root cause. I check since Docker Desktop version 4.3.0 it change cgroup from v1 to v2.

Here’s the command I use to create that container in macOS.

docker run -itd -p 9090:9090/tcp -p 389:389/tcp -p 636:636/tcp --name=almalinux9-389-ds --privileged --cgroupns=host -v /sys/fs/cgroup:/sys/fs/cgroup:rw kresnasatya/almalinux-389ds:1.0 /usr/sbin/init

Do you have a solution how to solve it?