Hide Forgot
+++ This bug was initially created as a clone of Bug #1201663 +++ Description of problem: Create minimal image which runs systemd(-container) based on rhel7.1, using Dockerfile FROM rhel7.1 RUN yum install -y /usr/bin/ps ENV container docker CMD [ "/usr/sbin/init" ] Run a container and inspect running processes -- /usr/bin/rhsmcertd will be there. It's because rhsmcertd.service service is enabled in /etc/systemd/system/multi-user.target.wants/rhsmcertd.service The man rhsmcertd(1) says Periodically scans and updates the entitlement certificates on a registered system. but in a container, entitlement certificates are inherited from the host. It seems this service should be removed from the target. Version-Release number of selected component (if applicable): Image rhel7.1 docker-1.5.0-16.el7.x86_64 How reproducible: Deterministic. Steps to Reproduce: 1. Have Dockerfile as shown above. 2. Build, run a container. 3. Check the processes running in the container using docker exec <the-container-id> ps axuwwf Actual results: USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND root 70 0.0 0.0 19760 1132 ? R 04:39 0:00 ps axuwwf root 1 0.5 0.0 44752 2800 ? Ss 04:39 0:00 /usr/sbin/init root 63 0.0 0.0 32144 2640 ? Ss 04:39 0:00 /usr/lib/systemd/systemd-journald root 68 0.0 0.0 9740 668 ? Ss 04:39 0:00 /usr/bin/rhsmcertd root 69 0.0 0.0 6424 840 ? Ss 04:39 0:00 /sbin/agetty --noclear --keep-baud console 115200 38400 9600 Expected results: USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND root 70 0.0 0.0 19760 1132 ? R 04:39 0:00 ps axuwwf root 1 0.5 0.0 44752 2800 ? Ss 04:39 0:00 /usr/sbin/init root 63 0.0 0.0 32144 2640 ? Ss 04:39 0:00 /usr/lib/systemd/systemd-journald root 69 0.0 0.0 6424 840 ? Ss 04:39 0:00 /sbin/agetty --noclear --keep-baud console 115200 38400 9600 Additional info: This clone will track temporary workaround `rm -f /etc/systemd/system/multi-user.target.wants/rhsmcertd.service` while the original bug report will wait for a proper solution with systemd preset.
How is this bugzilla different from bug 1201663, in purpose and such?
The same bug. One bugzilla is for a short-term not-so-nice solution. Second bugzilla for later when a clean desired solution becomes possible, waiting for https://bugzilla.redhat.com/show_bug.cgi?id=1209382 It is awkward. Could you give me a hint how to properly solve such situations? We want both changes tested by QA.
Verified /etc/systemd/system/multi-user.target.wants/rhsmcertd.service no longer exists in test image built on registry.access.stage.redhat.com/rhel7.2:7.2-43 From within the built test container I can confirm [root@6cd7fa38e3e3 /]# systemctl is-enabled rhsmcertd.service disabled
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHEA-2016-0223.html