View Issue Details

IDProjectCategoryView StatusLast Update
0016540SCLo[All Projects] generalpublic2019-10-15 14:25
Status newResolutionopen 
Platformx86_64OSCentOSOS Version7.7
Summary0016540: Cannot run rh-mongodb34-mongodb-server inside systemd-container
DescriptionWhen CentOS 7.7 was released MongoDB could no longer start inside my systemd-container. It worked before 7.7 was released.

Seems like this is due to a security fix in the latest systemd about pid files.
Steps To Reproduce$ cat Dockerfile
FROM centos/systemd
RUN yum -y update && \
    yum -y install centos-release-scl && \
    yum -y install rh-mongodb34-mongodb-server && \
    systemctl enable rh-mongodb34-mongod.service

$ sudo podman build -t test .

... snip ...

$ sudo podman run --systemd=true --name test -d --privileged test

$ sudo podman exec -it test systemctl status rh-mongodb34-mongod
● rh-mongodb34-mongod.service - High-performance, schema-free document-oriented database
   Loaded: loaded (/usr/lib/systemd/system/rh-mongodb34-mongod.service; enabled; vendor preset: disabled)
   Active: activating (start) since Fri 2019-10-04 11:03:03 UTC; 1min 28s ago
  Process: 75 ExecStart=/opt/rh/rh-mongodb34/root/usr/libexec/mongodb-scl-helper enable $RH_MONGODB34_SCLS_ENABLED -- /opt/rh/rh-mongodb34/root/usr/bin/mongod $OPTIONS run (code=exited, status=0/SUCCESS)
   CGroup: /machine.slice/libpod-19ae5a643b6b71223068c329b167f9135f3603e32e0e8d5fb920df562c389034.scope/system.slice/rh-mongodb34-mongod.service
           └─193 /opt/rh/rh-mongodb34/root/usr/bin/mongod -f /etc/opt/rh/rh-mongodb34/mongod.conf run

Oct 04 11:03:03 19ae5a643b6b systemd[1]: Starting High-performance, schema-free document-oriented database...
Oct 04 11:03:03 19ae5a643b6b mongodb-scl-helper[75]: about to fork child process, waiting until server is ready for connections.
Oct 04 11:03:03 19ae5a643b6b mongodb-scl-helper[75]: forked process: 193
Oct 04 11:03:04 19ae5a643b6b mongodb-scl-helper[75]: child process started successfully, parent exiting
Oct 04 11:03:04 19ae5a643b6b systemd[1]: New main PID 193 does not belong to service, and PID file is not owned by root. Refusing.
Oct 04 11:03:04 19ae5a643b6b systemd[1]: New main PID 193 does not belong to service, and PID file is not owned by root. Refusing.
Additional InformationI have confirmed that this happens on the following host OS:
- CentOS 7.6
- CentOS 7.7
- RHEL 7.7
- RHEL 8.0

I have also tried the following Dockerfile on a RHEL machine:

FROM ubi7-init
RUN yum -y update && \
    yum-config-manager --enable rhel-server-rhscl-7-rpms && \
    yum -y install rh-mongodb34-mongodb-server && \
    systemctl enable rh-mongodb34-mongod.service

In this case it works just fine. So it is only the CentOS SCL that crashes. Running rpm -q shows the same versions for both rh-mongodb34-mongodb-server and systemd.
TagsNo tags attached.




2019-10-15 14:23

manager   ~0035485

Hm, in that case, I'd be suspicious about the centos image then, because we don't have any changes in rh-mongodb34-mongodb-server from the RHEL build.

Issue History

Date Modified Username Field Change
2019-10-04 12:47 ephracis New Issue
2019-10-15 14:23 hhorak Note Added: 0035485