moby: Regression error with docker 1.0.1
Here is the simplest possible Dockerfile to reproduce the issue - a simple tomcat service
FROM ubuntu:14.04
RUN apt-get -q -y update
RUN DEBIAN_FRONTEND=noninteractive apt-get -q -y install tomcat6
RUN service tomcat6 start
This fails at the last step, because the service fails to start. However, tomcat does in fact run. If we start a container such as this (starting tomcat6 as entrypoint), and inspect the running processes, we can see that tomcat is indeed up and running. Exposing the tomcat port would show us that tomcat is alive and well, and fully useable. The system thinks the service failed to start, for reasons unknown to me. This is a big problem since we need to be able to rely on service working properly.
This problem appeared in docker 1.0.1, and this same Dockerfile worked perfectly in docker 0.8. Unfortunately I cannot tell which is the last docker version where this did work.
Here is other relevant info:
$docker version
Client version: 1.0.1
Client API version: 1.12
Go version (client): go1.2.1
Git commit (client): 990021a
Server version: 1.0.1
Server API version: 1.12
Go version (server): go1.2.1
Git commit (server): 990021a
$docker -D info
Containers: 7
Images: 81
Storage Driver: aufs
Root Dir: /mnt/sda1/var/lib/docker/aufs
Dirs: 95
Execution Driver: native-0.2
Kernel Version: 3.14.1-tinycore64
Debug mode (server): true
Debug mode (client): true
Fds: 11
Goroutines: 10
EventsListeners: 0
Init Path: /usr/local/bin/docker
$uname -a
Linux boot2docker 3.14.1-tinycore64 #1 SMP Mon Jun 2 04:19:19 UTC 2014 x86_64 GNU/Linux
Although I’ve reproduced the same problem on:
$uname -a
Linux peach 3.14-0.bpo.1-amd64 #1 SMP Debian 3.14.5-1~bpo70+1 (2014-06-05) x86_64 GNU/Linux
About this issue
- Original URL
- State: closed
- Created 10 years ago
- Comments: 40 (17 by maintainers)
Commits related to this issue
- Update README.md otherwise service tomcat7 start oder restart fails (https://github.com/docker/docker/issues/6800) — committed to matthias-samwald/find-me-evidence by gpetz 9 years ago
- Updated readme for 10.0.1. — committed to alkacon/opencms-docker by aKandzior 8 years ago
- Added SYS_PTRACE support so tomcat would start correctly. See https://github.com/docker/docker/issues/6800 — committed to fintanmm/tomcat-formula by fintanmm 8 years ago
- Added SYS_PTRACE support so tomcat would start correctly. See https://github.com/docker/docker/issues/6800 — committed to fintanmm/tomcat-formula by fintanmm 8 years ago
I really think this lack of SYS_PTRACE by default breaks a substantial use case for docker: Pretty much everyone running an init script.
I urge the developers to give more thought to adding this as a capability.
This regression is bigger than just Tomcat, has the “pidof -c” error documented above which breaks sysvinit scripts been fixed?
This breaks sysvinitscripts in CentOS/RHEL as they call ‘pidof -c’ to check process status, which uses /proc/[pid]/root to detect chroots:
Whereas outside of Docker stat does not return error:
pidof -c failing in the container causes the __pids_pidof() function in /etc/init.d/functions to return no pids, even if the process is running. This breaks the status() function as well as the killproc() function. The latter may break stop functionality of an init script.
‘–cap-add SYS_PTRACE’ resolves this for me on 1.2.0.