systemd in a container? I'll assume you know what you're doing, but it looks to me like a weird thing to do.
I don't use it for production, but mainly to test things on my laptop. It's a lot more lightweight than virtual machines.
At any rate it would help if you could reduce this to just the parts relevant for the actual problem.
This is what I did. Only the two "disable" lines are not necessary any more in latest debian releases.
docker doesn't care. this policy comes from the debian:buster container, which (IMO rightly) assumes that you will run your daemon directly and not via the service manager.
Sorry for my incorrect wording. This is what I meant and I agree that this is a good default. In my case, I have to overwrite this default though.
Running the following code (within container):
cat <<EOF >/tmp/slapd Name: slapd/domain Template: slapd/domain Value: thisbox Owners: slapd EOF DEBIAN_FRONTEND=noninteractive DEBCONF_DB_OVERRIDE=/tmp/slapd dpkg-reconfigure slapdI'd recommend preseeding the config before installing slapd, instead of trying to make dpkg-reconfigure work in the container.
example of a Dockerfile for that:
FROM debian:buster
ENV DEBIAN_FRONTEND=noninteractive
RUN echo slapd slapd/domain string thisbox | debconf-set-selections && \ apt-get update && \ apt-get -y install ldap-utils slapd && \ apt-get clean
ENTRYPOINT ["/usr/sbin/slapd", "-h", "ldap:/// ldapi:///", "-u", "openldap", "-d", "0"]
Pre-configuring 'slapd/domain' to 'thisbox' will initialize it with the suffix set to 'dc=thisbox'. The slapd package offers a few other debconf settings for things like the admin password, too.
Thanks a lot! This allows me to run without "--privileged" now!
Nevertheless, I think it is worth investigating what actually causes the issue. Other systemd services can be restarted without "--privileged" as well.
Minimum example: ``` FROM debian:buster
ENV container docker ENV DEBIAN_FRONTEND noninteractive RUN apt-get update
# systemd RUN apt-get install -y systemd STOPSIGNAL SIGRTMIN+3 CMD [ "/sbin/init" ]
# slapd RUN echo slapd slapd/domain string thisbox | debconf-set-selections && \ apt-get install -y ldap-utils slapd RUN systemctl enable slapd.service ```
Build: docker build -t slapd .
Run: docker run \ --name slapd \ --rm -d \ --tmpfs /run --tmpfs /run/lock --tmpfs /tmp -v /sys/fs/cgroup:/sys/fs/cgroup:ro slapd
Shell: docker exec -it slapd bash
Test restart: systemctl status slapd systemctl restart slapd systemctl status slapd
Error messages: Jun 19 14:56:35 66bc7f3dac74 slapd[75]: daemon: bind(8) failed errno=98 (Address already in use) Jun 19 14:56:35 66bc7f3dac74 slapd[75]: daemon: bind(8) failed errno=98 (Address already in use)