> systemd in a container? I'll assume you know what you're doing, but it
> looks to me like a weird thing to do.
I don't use it for production, but mainly to test things on my laptop.
It's a lot more lightweight than virtual machines.
> At any rate it would help if you could reduce this to just the parts relevant
> for the actual problem.
This is what I did. Only the two "disable" lines are not necessary any
more in latest debian releases.
> docker doesn't care. this policy comes from the debian:buster container,
> which (IMO rightly) assumes that you will run your daemon directly and
> not via the service manager.
Sorry for my incorrect wording. This is what I meant and I agree that
this is a good default. In my case, I have to overwrite this default
though.
> >Running the following code (within container):
> >```sh
> >cat <<EOF >/tmp/slapd
> >Name: slapd/domain
> >Template: slapd/domain
> >Value: thisbox
> >Owners: slapd
> >
> >EOF
> >DEBIAN_FRONTEND=noninteractive DEBCONF_DB_OVERRIDE=/tmp/slapd
> >dpkg-reconfigure slapd
> >```
>
> I'd recommend preseeding the config before installing slapd, instead of
> trying to make dpkg-reconfigure work in the container.
>
> example of a Dockerfile for that:
>
> FROM debian:buster
>
> ENV DEBIAN_FRONTEND=noninteractive
>
> RUN echo slapd slapd/domain string thisbox | debconf-set-selections && \
> apt-get update && \
> apt-get -y install ldap-utils slapd && \
> apt-get clean
>
> ENTRYPOINT ["/usr/sbin/slapd", "-h", "ldap:/// ldapi:///", "-u", "openldap",
> "-d", "0"]
>
> Pre-configuring 'slapd/domain' to 'thisbox' will initialize it with the
> suffix set to 'dc=thisbox'. The slapd package offers a few other debconf
> settings for things like the admin password, too.
Thanks a lot! This allows me to run without "--privileged" now!
Nevertheless, I think it is worth investigating what actually causes
the issue. Other systemd services can be restarted without
"--privileged" as well.
Minimum example:
```
FROM debian:buster
ENV container docker
ENV DEBIAN_FRONTEND noninteractive
RUN apt-get update
# systemd
RUN apt-get install -y systemd
STOPSIGNAL SIGRTMIN+3
CMD [ "/sbin/init" ]
# slapd
RUN echo slapd slapd/domain string thisbox | debconf-set-selections && \
apt-get install -y ldap-utils slapd
RUN systemctl enable slapd.service
```
Build:
docker build -t slapd .
Run:
docker run \
--name slapd \
--rm -d \
--tmpfs /run --tmpfs /run/lock --tmpfs /tmp -v
/sys/fs/cgroup:/sys/fs/cgroup:ro
slapd
Shell:
docker exec -it slapd bash
Test restart:
systemctl status slapd
systemctl restart slapd
systemctl status slapd
Error messages:
Jun 19 14:56:35 66bc7f3dac74 slapd[75]: daemon: bind(8) failed
errno=98 (Address already in use)
Jun 19 14:56:35 66bc7f3dac74 slapd[75]: daemon: bind(8) failed
errno=98 (Address already in use)
