Bug 1215667
| Summary: | Cannot start httpd in container because of missing /run/httpd | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Martin Frodl <mfrodl> |
| Component: | docker | Assignee: | smahajan <smahajan> |
| Status: | CLOSED ERRATA | QA Contact: | Luwen Su <lsu> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 7.1 | CC: | dwalsh, kwoodson, lsm5, mar.ian, miabbott, rrajaram, sghosh, tjay |
| Target Milestone: | rc | Keywords: | Extras |
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2015-06-23 09:29:25 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Martin Frodl
2015-04-27 12:18:45 UTC
If you build the image with docker build, does the container work. We are using a tmpfs /run inside of containers now, and we currently are not handling docker commit properly. In docker build case we are writing /run/httpd to the container. When the container starts /run/httpd is tar'd off of the container image and added to the tmpfs. The fix to this bug is to get docker commit to save the contents of /run on a tmpfs to /run on the image. Should be fixed by docker-1.6.2. In docker-1.6.2-10.el7.x86_64, it works # docker commit 4c0463020e2f httpd a0badf78e204925565504f5363c4c38ed71c7b63c153c72d8168e0d36ffbcbd5 # docker run httpd /usr/sbin/httpd -DFOREGROUND AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 172.17.0.9. Set the 'ServerName' directive globally to suppress this message ..... Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2015-1167.html Looks like this may have regressed:
http://post-office.corp.redhat.com/archives/tech-list/2015-November/msg00489.html
Even when I add:
RUN mkdir -p /run/httpd
or
RUN mkdir -p /var/run/httpd
To a Dockerfile directly, the container is missing them.
Is the /run in the base image on the base image or in a volume? Problem can be reproduced on RHEL7.2 Atomic host
To add
Using RHEL7.1 base image, httpd starts properly
comparing rhel7.1 and rhel7:latest(rhel72) base image, we notice this difference
-bash-4.2# docker inspect --format='{{.Config.Volumes}}' c4f590bbcbe3
map[]
-bash-4.2# docker inspect --format='{{.Config.Volumes}}' 6883d5422f4e
map[/run:{}]
When container is started using RHEL7.2 base image, docker inspect on the container reveals
"Mounts": [
{
"Name": "2d3c6090e26e626ad5bd24c10cfc8b2f3cb895eab710d736b886a75fb5a633dd",
"Source": "/var/lib/docker/volumes/2d3c6090e26e626ad5bd24c10cfc8b2f3cb895eab710d736b886a75fb5a633dd/_data",
"Destination": "/run",
"Driver": "local",
"Mode": "",
"RW": true
We should file a new BZ if you agree
I am seeing this issue inside of a container we are running on openshift. docker-selinux-1.7.1-108.el7.x86_64 docker-1.7.1-108.el7.x86_64 [CTR][user@05033e01cedb ~]$ cat /etc/redhat-release Red Hat Enterprise Linux Server release 7.2 (Maipo) Here is the error: [CTR][user@05033e01cedb ~]$ LANG=C /usr/sbin/httpd -DFOREGROUND AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 10.1.0.8. Set the 'ServerName' directive globally to suppress this message [CTR][user@05033e01cedb ~]$ cat /var/log/httpd/error_log AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 10.1.0.8. Set the 'ServerName' directive globally to suppress this message [Thu Dec 03 09:16:42.152256 2015] [auth_digest:notice] [pid 11182] AH01757: generating secret for digest authentication ... [Thu Dec 03 09:16:42.152378 2015] [auth_digest:error] [pid 11182] (2)No such file or directory: AH01762: Failed to create shared memory segment on file /run/httpd/authdigest_shm.11182 [Thu Dec 03 09:16:42.152402 2015] [auth_digest:error] [pid 11182] (2)No such file or directory: AH01760: failed to initialize shm - all nonce-count checking, one-time nonces, and MD5-sess algorithm disabled [Thu Dec 03 09:16:42.152407 2015] [:emerg] [pid 11182] AH00020: Configuration Failed, exiting The work around that I have currently is to disable this module here /etc/httpd/conf.modules.d/00-base.conf by commenting it out. #LoadModule auth_digest_module modules/mod_auth_digest.so Or somehow change the path to where the authdigest_shm.<PID> gets written. I'm unsure how to do this part. Any suggestions would help. I still believe this is a base image problem. /run as a volume is causing the problem. I have updated to the latest Red Hat version (Atomic Host 7.2.1) in hope that is going to be fixed, but the problem still exists. My work around was to create on the host a custom script, runHttpd.sh, and copy it to the image. 1. Create the script (shebang must be first line because docker interprets the type of file based on it; it can be a existing shell of your choice) # vi runHttpd.sh #!/usr/bin/env bash mkdir -p /run/httpd /usr/sbin/httpd $1 $2 2. Give exec permissions (or more) # chmod 755 runHttpd.sh 3. Add the COPY line to Dockerfile COPY ./runHttpd.sh /runHttpd.sh 4. Replace the ENTRYPOINT with runHttpd.sh ENTRYPOINT ["/runHttpd.sh"] 5. Rebuild the image and run the docker. Updated RHEL 7 platform images has been released https://rhn.redhat.com/errata/RHEA-2015-2575.html /run is no longer a volume. This will resolve the problem |