Docker Desktop 4.3.0+ breaks dokken images for CentOS 7

[ikari7789]

🗣️ Foreword

Thank for taking the time to fill this bug report fully. Without it we may not be able to fix the bug, and the issue may be closed without resolution.

👻 Brief Description

Docker Desktop 4.3.0 on macOS breaks the dokken image for (at least) centos-7 as it switches to using cgroupv2.

https://docs.docker.com/desktop/mac/release-notes/#bug-fixes-and-minor-changes

Version

Latest version of dokken/centos-7

Environment

macOS 11.6.1
Docker Desktop 4.3.1

Scenario

Attempting to use dokken/centos-7 for running a cookbook which creates a systemd service and fails verification due to systemd not running.

Steps to Reproduce

1. Install Docker Desktop 4.3.0+ on macOS
2. Attempt to provision an environment which utilizes systemd

Expected Result

Process should succeed and start systemd service.

Actual Result

           * service[php-fpm] action reload (up to date)

           ================================================================================
           Error executing action `install` on resource 'tg_php_fpm_pool[www]'
           ================================================================================

           Chef::Exceptions::MultipleFailures
           ----------------------------------
           Multiple failures occurred:
           * Chef::Exceptions::ValidationFailed occurred in chef run: systemd_unit[php-fpm.service] (/opt/kitchen/cache/cookbooks/tg_php/resources/fpm_pool.rb line 270) had an error: Chef::Exceptions::ValidationFailed: file[/etc/systemd/system/php-fpm.service] (dynamically defined) had an error: Chef::Exceptions::ValidationFailed: Proposed content for /etc/systemd/system/php-fpm.service failed verification :systemd_unit (Chef::Resource::File::Verification::SystemdUnit)
           * Mixlib::ShellOut::ShellCommandFailed occurred in delayed notification: service[php-fpm] (/opt/kitchen/cache/cookbooks/tg_php/resources/fpm_pool.rb line 323) had an error: Mixlib::ShellOut::ShellCommandFailed: Expected process to exit with [0], but received '1'
           ---- Begin output of /usr/bin/systemctl --system restart php-fpm ----
           STDOUT:
           STDERR: Failed to get D-Bus connection: No such file or directory
           ---- End output of /usr/bin/systemctl --system restart php-fpm ----
           Ran /usr/bin/systemctl --system restart php-fpm returned 1

➕ Additional context

Add any other context about the problem here. e.g. related issues or existing pull requests.

[koldrid]

Same issue confirmed here

[davidalpert]

same with MacOS 12.0.1 and Docker Desktop 4.3.2 (72729)

             ================================================================================
             Error executing action `enable` on resource 'service[firewalld]'
             ================================================================================

             Mixlib::ShellOut::ShellCommandFailed
             ------------------------------------
             Expected process to exit with [0], but received '1'
             ---- Begin output of /usr/bin/systemctl --system enable firewalld ----
             STDOUT:
             STDERR: Failed to get D-Bus connection: No such file or directory
             ---- End output of /usr/bin/systemctl --system enable firewalld ----
             Ran /usr/bin/systemctl --system enable firewalld returned 1

UPDATE: confirmed that down grading to Docker Desktop 4.2.0 was successful as a workaround. shut down docker desktop, installed 4.2.0 and started it up, destroyed my containers and reconverged successfully. installers are here

• https://docs.docker.com/desktop/mac/release-notes/#docker-desktop-420

[gardar]

Facebook has a backport of systemd for centos 7, which enables cgroupv2.
Perhaps the centos 7 image could be built with it?

• https://github.com/facebookarchive/rpm-backports
• https://maciej.lasyk.info/2016/Dec/16/systemd-231-latest-in-centos-7-thx-to-facebook/

[michaelklishin]

I ran into the same behavior with CentOS Stream 8 and Debian 10 images.

[gardar]

@michaelklishin do get the same behavior when running the containers as described here? systemd/systemd#19760 (comment) (--cgroupns=host -v /sys/fs/cgroup:/sys/fs/cgroup:rw --privileged)

[hrak]

@michaelklishin do get the same behavior when running the containers as described here? systemd/systemd#19760 (comment) (--cgroupns=host -v /sys/fs/cgroup:/sys/fs/cgroup:rw --privileged)

looks pretty similar:

docker run -it --cgroupns=host -v /sys/fs/cgroup:/sys/fs/cgroup:rw --privileged dokken/centos-7 /bin/sh
sh-4.2# systemctl list-units
Failed to get D-Bus connection: Operation not permitted
sh-4.2#

[gardar]

@hrak I'm sorry I meant when using centos stream 8 / debian 10. I believe you'll always need to update systemd on centos 7.

[masondixon]

dokken/oraclelinux-7 also broken:

masdixon-mac:conmon masdixon$ docker run -it --cgroupns=host -v /sys/fs/cgroup:/sys/fs/cgroup:rw --privileged dokken/oraclelinux-7 /bin/sh
sh-4.2# systemctl status squid
Failed to get D-Bus connection: Operation not permitted
sh-4.2#