├── LICENSE ├── .dockerignore ├── README.md ├── .gitlab-ci.yml └── Dockerfile /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2018-2019 Alexander Haase 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /.dockerignore: -------------------------------------------------------------------------------- 1 | # This file is part of docker-debian-systemd. 2 | # 3 | # Copyright (c) 4 | # 2018-2019 Alexander Haase 5 | # 6 | # Permission is hereby granted, free of charge, to any person obtaining a copy 7 | # of this software and associated documentation files (the "Software"), to deal 8 | # in the Software without restriction, including without limitation the rights 9 | # to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 10 | # copies of the Software, and to permit persons to whom the Software is 11 | # furnished to do so, subject to the following conditions: 12 | # 13 | # The above copyright notice and this permission notice shall be included in all 14 | # copies or substantial portions of the Software. 15 | # 16 | # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 17 | # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 18 | # FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 19 | # AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 20 | # LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 21 | # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 22 | # SOFTWARE. 23 | 24 | /.git 25 | /LICENSE 26 | /README.md 27 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Systemd-enabled Debian image for Docker 2 | 3 | [![pipeline status](https://git.mksec.de/ahaase/docker-debian-systemd/badges/master/pipeline.svg?style=flat-square)](https://git.mksec.de/ahaase/docker-debian-systemd/pipelines) 4 | [![](https://img.shields.io/github/issues-raw/alehaa/docker-debian-systemd.svg?style=flat-square)](https://github.com/alehaa/docker-debian-systemd/issues) 5 | [![](https://img.shields.io/badge/license-MIT-blue.svg?style=flat-square)](LICENSE) 6 | [![Docker Pulls](https://img.shields.io/docker/pulls/alehaa/debian-systemd.svg?style=flat-square)](https://hub.docker.com/r/alehaa/debian-systemd/) 7 | 8 | 9 | ## About 10 | 11 | This Docker image enhances the [Debian image](https://hub.docker.com/_/debian) 12 | to be run like a VM or LXC container including systemd as init system and other 13 | utilities. 14 | 15 | In addition to systemd cron and anacron will be installed. However, in contrast 16 | to the official Debian CD, rsyslog will *NOT* be installed, as journald should 17 | fit most needs. 18 | 19 | The image is provided as multi arch image. At the moment the `i386`, `amd64`, 20 | `arm` and `arm64` architectures are enabled. 21 | 22 | 23 | ## Usage 24 | 25 | For Debian stretch run: 26 | ``` 27 | docker run -d -it \ 28 | -v /sys/fs/cgroup:/sys/fs/cgroup:ro \ 29 | --cap-add SYS_ADMIN \ 30 | alehaa/debian-systemd:stretch 31 | ``` 32 | 33 | #### Run at Docker for Mac 34 | 35 | As the image mounts the systemd cgroup into the container, the host needs to 36 | have it mounted already. However, boot2docker doesn't have systemd installed and 37 | therefore this cgroup isn't available. 38 | 39 | To get the cgroup mounted in the Docker VM, you can login into the VM by running 40 | `docker-machine ssh` and run the following code to apply the patch: 41 | 42 | ``` 43 | sudo -s 44 | cat >> /var/lib/boot2docker/bootsync.sh < 5 | # 6 | # Permission is hereby granted, free of charge, to any person obtaining a copy 7 | # of this software and associated documentation files (the "Software"), to deal 8 | # in the Software without restriction, including without limitation the rights 9 | # to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 10 | # copies of the Software, and to permit persons to whom the Software is 11 | # furnished to do so, subject to the following conditions: 12 | # 13 | # The above copyright notice and this permission notice shall be included in all 14 | # copies or substantial portions of the Software. 15 | # 16 | # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 17 | # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 18 | # FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 19 | # AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 20 | # LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 21 | # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 22 | # SOFTWARE. 23 | 24 | # Include the CI template. 25 | # 26 | # NOTE: This file / project is NOT publically available. 27 | include: 28 | - project: 'gitlab-ci/builder/docker' 29 | file: '/ci-template.yml' 30 | 31 | 32 | # Configure buildctl wrapper. 33 | # 34 | # The image should be build for all available platforms and be pushed to GitLab 35 | # and Docker hub. 36 | variables: 37 | BUILDCTL_IMAGE: "$CI_REGISTRY_IMAGE,alehaa/debian-systemd" 38 | BUILDCTL_PLATFORMS: "linux/i386,linux/amd64,linux/armhf,linux/arm64" 39 | 40 | 41 | stages: 42 | - build 43 | 44 | build stretch: 45 | extends: .build_docker 46 | stage: build 47 | script: 48 | - echo "$DOCKER_PASSWORD" | docker login -u $DOCKER_USER --password-stdin 49 | - ci-buildctl -t stretch -- --opt build-arg:TAG=stretch 50 | 51 | build buster: 52 | extends: .build_docker 53 | stage: build 54 | script: 55 | - echo "$DOCKER_PASSWORD" | docker login -u $DOCKER_USER --password-stdin 56 | - ci-buildctl -t buster -t latest -- --opt build-arg:TAG=buster 57 | 58 | build bullseye: 59 | extends: .build_docker 60 | stage: build 61 | script: 62 | - echo "$DOCKER_PASSWORD" | docker login -u $DOCKER_USER --password-stdin 63 | - ci-buildctl -t bullseye -- --opt build-arg:TAG=bullseye 64 | -------------------------------------------------------------------------------- /Dockerfile: -------------------------------------------------------------------------------- 1 | # This file is part of docker-debian-systemd. 2 | # 3 | # Copyright (c) 4 | # 2018-2019 Alexander Haase 5 | # 6 | # Permission is hereby granted, free of charge, to any person obtaining a copy 7 | # of this software and associated documentation files (the "Software"), to deal 8 | # in the Software without restriction, including without limitation the rights 9 | # to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 10 | # copies of the Software, and to permit persons to whom the Software is 11 | # furnished to do so, subject to the following conditions: 12 | # 13 | # The above copyright notice and this permission notice shall be included in all 14 | # copies or substantial portions of the Software. 15 | # 16 | # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 17 | # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 18 | # FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 19 | # AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 20 | # LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 21 | # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 22 | # SOFTWARE. 23 | 24 | # This image bases on the regular Debian image. By default the 'latest' tag 25 | # (pointing to the current stable release) of the parent image will be used. 26 | # However, an alternate parent tag may be set by defining the 'TAG' build 27 | # argument to a specific Debian release, e.g. 'stretch' or 'buster'. 28 | ARG TAG=latest 29 | FROM debian:${TAG} 30 | 31 | 32 | # Configure the debconf frontend. 33 | # 34 | # This image doesn't include whiptail, dialog, nor the readline perl module. 35 | # Therefore, the debconf frontend will be set to 'teletype' to avoid error 36 | # messages about no dialog frontend could be found. 37 | RUN echo 'debconf debconf/frontend select teletype' | debconf-set-selections 38 | 39 | 40 | # Install the necessary packages. 41 | # 42 | # In addition to the regular Debian base image, a BASIC set of packages from the 43 | # Debian minimal configuration will be installed. After all packages have been 44 | # installed, the apt caches and some log files will be removed to minimize the 45 | # image. 46 | # 47 | # NOTE: An upgrade will be performed to include updates and security fixes of 48 | # installed packages that received updates in the Debian repository after 49 | # the upstream image has been created. 50 | # 51 | # NOTE: No syslog daemon will be installed, as systemd's journald should fit 52 | # most needs. Please file an issue if you think this should be changed. 53 | RUN apt-get update 54 | RUN apt-get dist-upgrade -y 55 | RUN apt-get install -y --no-install-recommends \ 56 | systemd \ 57 | systemd-sysv \ 58 | cron \ 59 | anacron 60 | 61 | RUN apt-get clean 62 | RUN rm -rf \ 63 | /var/lib/apt/lists/* \ 64 | /var/log/alternatives.log \ 65 | /var/log/apt/history.log \ 66 | /var/log/apt/term.log \ 67 | /var/log/dpkg.log 68 | 69 | 70 | # Configure systemd. 71 | # 72 | # For running systemd inside a Docker container, some additional tweaks are 73 | # required. For a detailed list see: 74 | # 75 | # https://developers.redhat.com/blog/2016/09/13/ \ 76 | # running-systemd-in-a-non-privileged-container/ 77 | # 78 | # Additional tweaks will be applied in the final image below. 79 | 80 | # To avoid ugly warnings when running this image on a host running systemd, the 81 | # following units will be masked. 82 | # 83 | # NOTE: This will not remove ALL warnings in all Debian releases, but seems to 84 | # work for stretch. 85 | RUN systemctl mask -- \ 86 | dev-hugepages.mount \ 87 | sys-fs-fuse-connections.mount 88 | 89 | # The machine-id should be generated when creating the container. This will be 90 | # done automatically if the file is not present, so let's delete it. 91 | RUN rm -f \ 92 | /etc/machine-id \ 93 | /var/lib/dbus/machine-id 94 | 95 | 96 | 97 | 98 | # Build the final image. 99 | # 100 | # To get a minimal image without deleted files in intermediate layers, the 101 | # contents of the image previously built will be copied into a second version of 102 | # the parent image. 103 | # 104 | # NOTE: This method requires buildkit, as the differ of buildkit will copy 105 | # changed files only and we'll get a minimal image with just the changed 106 | # files in a single new layer. 107 | # 108 | # NOTE: All settings related to the image's environment (e.g. CMD, ENV and 109 | # VOLUME settings) need to be set in the following image definition to be 110 | # used by child images and containers. 111 | 112 | FROM debian:${TAG} 113 | COPY --from=0 / / 114 | 115 | 116 | # Configure systemd. 117 | # 118 | # For running systemd inside a Docker container, some additional tweaks are 119 | # required. Some of them have already been applied above. 120 | # 121 | # The 'container' environment variable tells systemd that it's running inside a 122 | # Docker container environment. 123 | ENV container docker 124 | 125 | # A different stop signal is required, so systemd will initiate a shutdown when 126 | # running 'docker stop '. 127 | STOPSIGNAL SIGRTMIN+3 128 | 129 | # The host's cgroup filesystem need's to be mounted (read-only) in the 130 | # container. '/run', '/run/lock' and '/tmp' need to be tmpfs filesystems when 131 | # running the container without 'CAP_SYS_ADMIN'. 132 | # 133 | # NOTE: For running Debian stretch, 'CAP_SYS_ADMIN' still needs to be added, as 134 | # stretch's version of systemd is not recent enough. Buster will run just 135 | # fine without 'CAP_SYS_ADMIN'. 136 | VOLUME [ "/sys/fs/cgroup", "/run", "/run/lock", "/tmp" ] 137 | 138 | # As this image should run systemd, the default command will be changed to start 139 | # the init system. CMD will be preferred in favor of ENTRYPOINT, so one may 140 | # override it when creating the container to e.g. to run a bash console instead. 141 | CMD [ "/sbin/init" ] 142 | --------------------------------------------------------------------------------