Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Molecule: systemd in docker doesn't work with read-only mount #531

Closed
X4mp opened this issue Feb 27, 2023 · 2 comments
Closed

Molecule: systemd in docker doesn't work with read-only mount #531

X4mp opened this issue Feb 27, 2023 · 2 comments
Labels
bug

Comments

@X4mp
Copy link

X4mp commented Feb 27, 2023

using the recommended "geerlingguy/docker-${MOLECULE_DISTRO:-rockylinux8}-ansible:latest" image doesn't work with docker as it immediately fails with the following error:

Failed to create /init.scope control group: Read-only file system
Failed to allocate manager object: Read-only file system
[!!!!!!] Failed to allocate manager object.
Exiting PID 1...

I am running it on ubuntu 22.04 with molecule 4.0.4 and ansible 2.14.1

molecule 4.0.4 using python 3.10 
    ansible:2.14.1
    delegated:4.0.4 from molecule
    docker:2.1.0 from molecule_docker requiring collections: community.docker>=3.0.2 ansible.posix>=1.4.0
    podman:2.0.3 from molecule_podman requiring collections: containers.podman>=1.7.0 ansible.posix>=1.3.0
    vagrant:2.0.0 from molecule_vagrant

It can be verified with: docker run -t --privileged --volume=/sys/fs/cgroup:/sys/fs/cgroup:ro "geerlingguy/docker-ubuntu2204-ansible:latest"
@geerlingguy
Copy link
Owner

This is due to some recent changes affecting new versions of Ubuntu (and I'm guessing Debian 11 too)? Setting molecule's options to create a rw volume, and adding the cgroupns_mode to host fixes it.

This is a bug in the book currently, as it's mentioned a couple times the old way:

ansible-for-devops/molecule/molecule/default/molecule.yml

Line 15 in 814d4e9

- /sys/fs/cgroup:/sys/fs/cgroup:ro

ansible-for-devops/tests/orchestration.sh

Line 12 in 814d4e9

docker run -d --name app -p 80:80 --privileged -v /sys/fs/cgroup:/sys/fs/cgroup:ro geerlingguy/docker-rockylinux8-ansible

@X4mp
Copy link
Author

X4mp commented Mar 22, 2023

Thank you very much for the fast response. I finally got to test the recommended options and it seems to work.
The container now starts and stays alive, but I am running into a new problem with become: true combined with delegate_to. It didn't cause any problem with podman, but with docker it suddenly requires a password. But I guess that's another issue and not relevant here.

Anyway, I guess thanks for the help and I hope the bug will be fixed with the next iteration of the book.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@geerlingguy @X4mp