RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1215667 - Cannot start httpd in container because of missing /run/httpd
Summary: Cannot start httpd in container because of missing /run/httpd
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: docker
Version: 7.1
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: smahajan@redhat.com
QA Contact: Luwen Su
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2015-04-27 12:18 UTC by Martin Frodl
Modified: 2019-03-06 02:02 UTC (History)
8 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2015-06-23 09:29:25 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2015:1167 0 normal SHIPPED_LIVE docker bug fix update 2015-06-23 13:29:05 UTC

Description Martin Frodl 2015-04-27 12:18:45 UTC 
Description of problem:

httpd fails to start in a container created from the 'rhel' image to which the httpd package has been installed. The reason is missing /run/httpd directory, which is provided by httpd RPM but gets deleted from the container for some reason. After creating the directory manually, httpd starts normally.

Version-Release number of selected component (if applicable):
docker-1.5.0-28.el7.x86_64
httpd-2.4.6-31.el7.x86_64

How reproducible:
100%

Steps to Reproduce:
1. systemctl start docker
2. docker pull rhel
3. docker run rhel yum -y install httpd
4. docker commit <container_id> rhel_httpd
5. docker run rhel_httpd /usr/sbin/httpd -DFOREGROUND

Actual results:
The Apache HTTP server fails to start. Here are the relevant lines from /var/log/httpd/error_log:

[Mon Apr 27 08:17:14.862920 2015] [auth_digest:notice] [pid 6] AH01757: generating secret for digest authentication ...
[Mon Apr 27 08:17:14.862970 2015] [auth_digest:error] [pid 6] (2)No such file or directory: AH01762: Failed to create shared memory segment on file /run/httpd/authdigest_shm.6
[Mon Apr 27 08:17:14.862998 2015] [auth_digest:error] [pid 6] (2)No such file or directory: AH01760: failed to initialize shm - all nonce-count checking, one-time nonces, and MD5-sess algorithm disabled
[Mon Apr 27 08:17:14.863005 2015] [:emerg] [pid 6] AH00020: Configuration Failed, exiting

Expected results:
The Apache HTTP server starts successfully.

Additional info:
The server can be started if the directory /run/httpd is created first:

# docker run rhel_httpd bash -c 'mkdir /run/httpd; /usr/sbin/httpd -DFOREGROUND'

That is just another ugly workaround, though. What is important is that this bug makes it complicated to follow the Docker Quick Start provided on Red Hat Customer Portal, in particular the part dealing with running httpd in a container [0].

[0] https://access.redhat.com/articles/881893#createimage
Comment 2 Daniel Walsh 2015-04-27 13:05:46 UTC 
If you build the image with docker build, does the container work.

We are using a tmpfs /run inside of containers now, and we currently are not handling docker commit properly.  

In docker build case we are writing /run/httpd to the container.  When the container starts /run/httpd is tar'd off of the container image and added to the tmpfs.

The fix to this bug is to get docker commit to save the contents of /run on a tmpfs to /run on the image.
Comment 3 Daniel Walsh 2015-06-02 17:24:38 UTC 
Should be fixed by docker-1.6.2.
Comment 5 Luwen Su 2015-06-15 06:28:42 UTC 
In docker-1.6.2-10.el7.x86_64, it works
# docker commit 4c0463020e2f httpd
a0badf78e204925565504f5363c4c38ed71c7b63c153c72d8168e0d36ffbcbd5
# docker run httpd /usr/sbin/httpd -DFOREGROUND
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 172.17.0.9. Set the 'ServerName' directive globally to suppress this message
.....
Comment 7 errata-xmlrpc 2015-06-23 09:29:25 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2015-1167.html
Comment 8 Trevor Jay 2015-12-01 05:56:17 UTC 
Looks like this may have regressed:

    http://post-office.corp.redhat.com/archives/tech-list/2015-November/msg00489.html

Even when I add:

    RUN mkdir -p /run/httpd

or

   RUN mkdir -p /var/run/httpd

To a Dockerfile directly, the container is missing them.
Comment 9 Daniel Walsh 2015-12-01 13:13:58 UTC 
Is the /run in the base image on the base image or in a volume?
Comment 10 Ranjith Rajaram 2015-12-02 12:46:37 UTC 
Problem can be reproduced on RHEL7.2 Atomic host

To add

Using RHEL7.1 base image, httpd starts properly

comparing rhel7.1 and rhel7:latest(rhel72) base image, we notice this difference

-bash-4.2# docker inspect --format='{{.Config.Volumes}}' c4f590bbcbe3
map[]
-bash-4.2# docker inspect --format='{{.Config.Volumes}}' 6883d5422f4e
map[/run:{}]

When container is started using RHEL7.2 base image, docker inspect on the container reveals 

  "Mounts": [
        {
            "Name": "2d3c6090e26e626ad5bd24c10cfc8b2f3cb895eab710d736b886a75fb5a633dd",
            "Source": "/var/lib/docker/volumes/2d3c6090e26e626ad5bd24c10cfc8b2f3cb895eab710d736b886a75fb5a633dd/_data",
            "Destination": "/run",
            "Driver": "local",
            "Mode": "",
            "RW": true


We should file a new BZ if you agree
Comment 11 Kenny Woodson 2015-12-03 14:30:12 UTC 
I am seeing this issue inside of a container we are running on openshift.

docker-selinux-1.7.1-108.el7.x86_64
docker-1.7.1-108.el7.x86_64

[CTR][user@05033e01cedb ~]$ cat /etc/redhat-release 
Red Hat Enterprise Linux Server release 7.2 (Maipo)

Here is the error:

[CTR][user@05033e01cedb ~]$ LANG=C /usr/sbin/httpd -DFOREGROUND
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 10.1.0.8. Set the 'ServerName' directive globally to suppress this message
[CTR][user@05033e01cedb ~]$ cat /var/log/httpd/error_log 
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 10.1.0.8. Set the 'ServerName' directive globally to suppress this message
[Thu Dec 03 09:16:42.152256 2015] [auth_digest:notice] [pid 11182] AH01757: generating secret for digest authentication ...
[Thu Dec 03 09:16:42.152378 2015] [auth_digest:error] [pid 11182] (2)No such file or directory: AH01762: Failed to create shared memory segment on file /run/httpd/authdigest_shm.11182
[Thu Dec 03 09:16:42.152402 2015] [auth_digest:error] [pid 11182] (2)No such file or directory: AH01760: failed to initialize shm - all nonce-count checking, one-time nonces, and MD5-sess algorithm disabled
[Thu Dec 03 09:16:42.152407 2015] [:emerg] [pid 11182] AH00020: Configuration Failed, exiting

The work around that I have currently is to disable this module here /etc/httpd/conf.modules.d/00-base.conf by commenting it out.
#LoadModule auth_digest_module modules/mod_auth_digest.so

Or somehow change the path to where the authdigest_shm.<PID> gets written.  I'm unsure how to do this part.  Any suggestions would help.
Comment 12 Daniel Walsh 2015-12-03 14:45:53 UTC 
I still believe this is a base image problem.  /run as a volume is causing the problem.
Comment 13 mar.ian 2015-12-08 18:45:23 UTC 
I have updated to the latest Red Hat version (Atomic Host 7.2.1) in hope that is going to be fixed, but the problem still exists.

My work around was to create on the host a custom script, runHttpd.sh, and copy it to the image.

1. Create the script (shebang must be first line because docker interprets the type of file based on it; it can be a existing shell of your choice)
   # vi runHttpd.sh 

   #!/usr/bin/env bash
   mkdir -p /run/httpd
   /usr/sbin/httpd $1 $2

2. Give exec permissions (or more)

   # chmod 755 runHttpd.sh

3. Add the COPY line to Dockerfile
   
   COPY ./runHttpd.sh /runHttpd.sh

4. Replace the ENTRYPOINT with runHttpd.sh
   
   ENTRYPOINT ["/runHttpd.sh"]

5. Rebuild the image and run the docker.
Comment 14 Ranjith Rajaram 2015-12-09 08:58:14 UTC 
Updated RHEL 7 platform images has been released
https://rhn.redhat.com/errata/RHEA-2015-2575.html

/run is no longer a volume. This will resolve the problem
Note You need to log in before you can comment on or make changes to this bug.