-
Notifications
You must be signed in to change notification settings - Fork 121
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Unable to run systemd services on Docker Desktop 4.3.0 #6073
Comments
I don't think that this is an M1 issue. I see something similar on an Intel Macbook when trying to run the official Ubuntu:18.04 image on 4.3.0. From my docker compose log:
Dropping back to Docker Desktop 4.2.0 fixes the issue. I assume that it's related to the note in the 4.3.0 release notes:
If so, though, it's going to break a bunch of people on older images. |
Good catch @wpwood! I haven't done much testing, but I've downgraded my M1 MBP Docker Desktop to 4.2.0 and systemd services seem correct when using an The requirement of |
+1 to this. Is there any chance you'd consider an option which version of cgroups to use so you don't break backwards compatibility? I think some folks who are using systemd with centos7 will appreciate it although who runs systemd in docker containers?!? ✋ I do, lol. |
Thanks for the report. It looks like the release note recommending 247 is overly pessimistic (perhaps relevant changes were backported?) Here's a Dockerfile I tried (on Windows but I think Mac should be the same)
and here's what I ran:
I was able to open Could you try For reference I'm using
|
Looking more closely at your setup compared to mine, I think my command-line arguments are different:
vs
|
Many thanks for your input @djs55, but I'm afraid it's not working for me, either on my arm64 nor x86 laptops. I'm using the same
On the other hand, I've tested the same with the same Dockerfile but using Given that Centos 7 is still a supported and widely used platform, I would suggest to make the Cgroups V2 requirement in Docker for Mac optional. I don't have any data to back my assumption, but I would say that Centos 7 is still more prevalent than Centos 8 right now, specially with the the Centos license change which EOLs Centos 8 in a few weeks. I'll downgrade Docker Desktop to 4.2.0 for now... |
you can see docker desktop 4.3.0 release notes: https://docs.docker.com/desktop/mac/release-notes/ Docker Desktop now uses cgroupv2. If you need to run systemd in a container then:
|
If anybody interested how to run Ubuntu 22:04 Docker with |
Temporarily downgrading to 4.2.0 here too. Is there any chance for that option to decide which version of cgroups to use? |
I've shared a few notes in systemd/systemd#19760 (comment) that I think could be useful to other people landing in this case. |
Just to be clear before this regression I could run systemd in a centos:7 container without
While I know it's not good practice to run systemd in a container it's important for being able to simulate a "regular" environment using containers e.g. to run QA scripts that use systemctl. I believe podman advertises systemd compatibility, seems important to maintain parity. |
As an experiment, could you try using this development build: https://desktop-stage.docker.com/mac/main/arm64/72295/Docker.dmg You will need to edit
|
I managed to make it work with the build for amd64 and with the settings update. |
Would you mind providing such a dev snapshot build for x86_64 as well? Having the same problem now and only a downgrade to 4.2.0 solved my problem. |
@c-hoeger sorry I should have mentioned: you can replace |
@djs55: I've tried your development build for |
@djs55 thank you for the link. That version with |
And what about changing the issue summary to e.g. Unable to run systemd services with docker desktop 4.3.1 or later, since it isn't related to Apple M1? |
I can confirm that it's working for me as well using the tests described at #6073 (comment) with both arm64 and amd64 containers. Many thanks @djs55 ! I agree with you, @c-hoeger. I've been thinking the same as well. Will do shortly :) |
I can confirm the development build is working for me as well, thank you! We're using centos7. If you are going to roll out the option to choose, I'm curious what approach you'll take. Some of my questions/thoughts...
Thanks again for rolling out the option! |
@djs55 |
Great! I came across this issue and the additional setting as mentioned by @djs55 works for me too!
|
I have just updated to Docker Desktop 4.4.2 and saw similar issues with: setting
and restarting docker. But then I found it had somehow populated the following:
I feel that the file: Thanks! |
Disappointed to see the release notes saying:
I understand you're trying to push a (hopefully) better implementation but when breaking backwards compatibility for users I think it would be appreciated if you would communicate a) a very specific deadline for the breaking change b) and support backwards compatibility for as long as possible within reason (in a very used software like Docker I would think at least a year is reasonable but I can be persuaded) Forcing a quick cgroup change will impact work our org has done. Our org are paid docker users but even if not, I feel like when releasing new stuff we should try to give users as much flexibility as possible. Would you consider pushing the final deadline to a year from now or later and publishing an actual date/release when that would happen please? Thank you! |
Agreed, considering one of the options required
|
Agree with the sentiment above. This communication and mitigation for this change have been handled poorly so far. |
Since Docker 4.4.2 has been solved the current issue I will proceed to close it. That said, I wholeheartedly agree about the above comments as well. Given the impact this issue has on the Docker community, I'd vouch to keep this capability to be available while the major distributions (eg Centos 7) that needs this functionality are still supported. |
@madrover I think there is a typo. The setting is actually
|
Figured I'd share since I took the time to write this. Here's a fix for MacOS you can paste into your terminal: # Stop running Docker
test -z "$(docker ps -q 2>/dev/null)" && osascript -e 'quit app "Docker"'
# Install jq and moreutils so we can merge into the existing json file
brew install jq moreutils
# Add the needed cgroup config to docker settings.json
echo '{"deprecatedCgroupv1": true}' | \
jq -s '.[0] * .[1]' ~/Library/Group\ Containers/group.com.docker/settings.json - | \
sponge ~/Library/Group\ Containers/group.com.docker/settings.json
# Restart docker desktop
open --background -a Docker |
I can't get the setting Ok thanks @RulerOf that script seems to work, I don't know why. Anyone know what's going on with settings.json? It doesn't seem like all that should be necessary every time you restart Docker for Mac. |
I expect that v1 will continue to work, but that v2 is preferred (since it is where all the development is happening in the upstream Linux kernel) See discussion here: docker/for-mac#6073 Signed-off-by: David Scott <dave.scott@docker.com>
@elishagreenwald @aem12f @quacktacular and all: sorry for the typo in the release notes -- I've made a PR to correct it here: docker/docs#14166 I've also softened the language around upgrading containers to v2. I expect the downgrade of Docker to v1 will continue working (since the Docker engine itself is well-tested there), with 2 caveats:
I hope that sounds more reasonable! @jamshid are you still seeing the |
Thanks @djs55 correct I could not get the setting to stick. There's definitely something buggy there since @RulerOf had to make a script. I just tried adding And when I Quit docker and Reopen it, the setting is removed from settings.json. Hopefully you see that? Running the script above does add Btw I'm trying to switch to cgroup V1 because I'm hoping it allows systemd in a container to work without |
This whole thread turned out to be the key to concourse CI no longer working locally on a Mac. There are updates in the offing for concourse, but given that the next layer is possibly DinD stuff containers, and those may still not be on groups v2 yet, then using the script to set it is the best fix until these other projects release updated containers. |
I'm not sure who needs to hear this, whether it's here or on docker/compose#8167, but I was able to successfully get systemd processes working on ubuntu 22.04 image which comes standard with systemd 249 using docker-compose on the latest version of docker desktop (4.5.0 as i'm on a mac). Ensure cgroup vol is rw and priv is true. the sentiment has been that we needed
|
This may help, just upgrade the systemd to the latest version. I added these extra lines in my Dockerfile. No need to downgrade Docker desktop. Works well in my MacOS.
then run container,
|
When cgroup v2 is required by default by docker or the OS we need to use the --cgroupns=host to allow the mullvad app to startup correctly. However, the cgroupns switch is not implemented in the docker compose spec, so we have to wait for its implementation. To get around this problem, the main mullvad container is taken out of the docker compose file and we run it on its own in the setup.sh script using docker run with the --cgroupns=host switch. After the container is setup, we then use the docker compose file to setup the rest of the containers. Reference: docker/for-mac#6073 compose-spec/compose-spec#148 docker/compose#8167
Closed issues are locked after 30 days of inactivity. If you have found a problem that seems similar to this, please open a new issue. Send feedback to Docker Community Slack channels #docker-for-mac or #docker-for-windows. |
Expected behavior
Systemd based services in containers should start, as they have always been doing in x86 computers
Actual behavior
Systemd based services in containers do not start on M1 / Silicon computers.
Information
Hi
I've recently been given a new M1 MBP laptop where I'm trying to run a docker image with systemd that we use as part of our CI build, but I'm not able to start it successfully. We have been building and running these containers in x86 MBP for years with success, so this seems to a platform specific issue with the new M1.
Steps to reproduce the behavior
Following the instructions at https://hub.docker.com/_/centos I've created a Centos Systemd ready container with the following Dockerfile:
However, when running it I get the following error:
I've tried to use the
DOCKER_DEFAULT_PLATFORM=linux/amd64
environment variable as well, but the output and behavior is mostly the same.Some unsuccessful attempts I've done:
privileged
setting and/sys/fs/cgroup
mounts"exec-opts": ["native.cgroupdriver=systemd"], "cgroup-parent": "docker.slice"
, as suggested at https://serverfault.com/questions/1053187/systemd-fails-to-run-in-a-docker-container-when-using-cgroupv2-cgroupns-privaIs there anything that can be done to overcome this issue?
Thanks!
The text was updated successfully, but these errors were encountered: