Systemd processes on Centos

[mjmjelde]

🗣️ Foreword

Thank for taking the time to fill this bug report fully. Without it we may not be able to fix the bug, and the issue may be closed without resolution.

👻 Brief Description

Using the service package on Chef with dokken results in a failure shown below when using systemd.

Version

Chef Workstation version: 21.7.524
Test Kitchen: 3.0.0

Environment

Fedora 33
Docker 20.10.7

Scenario

Trying to using any of the service (systemd on the images) commands fail with the actual results below. I have tried many combinations of kitchen.yml files to try and get it to work, but nothing seems to fix the issue. Even following the advise on the README.md page doesn't help

Steps to Reproduce

1. Create new cookbook (I use Berks instead of Policyfiles)
2. Add the following code to the default.rb recipe file

package 'firewalld' do
  action :install
end

service 'firewalld' do
  action [:start, :enable]
end

3. Try to run Test Kitchen with dokken and it fails. Here is my kitchen.yml file for example:

---
driver:
  name: dokken

provisioner:
  name: dokken
  product_name: chef
  product_version: 16

transport:
  name: dokken

verifier:
  name: inspec

platforms:
  - name: ubuntu-20.04
    driver:
      image: dokken/ubuntu-20.04
      privileged: true
      pid_one_command: /bin/systemd
      volumes:
      - /sys/fs/cgroup:/sys/fs/cgroup:ro # required by systemd
  - name: centos-7
    driver:
      image: dokken/centos-7
      pid_one_command: /usr/lib/systemd/systemd
      volumes:
      - /sys/fs/cgroup:/sys/fs/cgroup:ro # required by systemd

suites:
  - name: default
    run_list:
      - recipe[coe-security::default]
    verifier:
      inspec_tests:
        - test/integration/default
    attributes:

Expected Result

A successful Chef run in Test Kitchen

Actual Result

This is the error I receive

  * service[firewalld] action start
    
    ================================================================================
    Error executing action `start` on resource 'service[firewalld]'
    ================================================================================
    
    Mixlib::ShellOut::ShellCommandFailed
    ------------------------------------
    Expected process to exit with [0], but received '1'
    ---- Begin output of ["/usr/bin/systemctl", "--system", "start", "firewalld"] ----
    STDOUT: 
    STDERR: Failed to connect to bus: No such file or directory
    ---- End output of ["/usr/bin/systemctl", "--system", "start", "firewalld"] ----
    Ran ["/usr/bin/systemctl", "--system", "start", "firewalld"] returned 1
    
    Resource Declaration:
    ---------------------
    # In /opt/kitchen/cache/cookbooks/coe-firewall/recipes/default.rb
    
     10: service 'firewalld' do
     11:   action [:start, :enable]
     12: end
     13:

[tas50]

You probably just need to set this: https://github.com/chef-cookbooks/chef-client/blob/master/kitchen.dokken.yml#L4

[mjmjelde]

I just tried setting that, but same error occurred.

I had been setting that in the platforms area before, as in my example it can be seen in the Ubuntu platform, is there any difference between setting it there verses the overall driver config?

[mjmjelde]

So after a bit more debugging, I have discovered what was causing my error message. Fedora uses cgroup v2, but everything else still defaults to cgroup v1. Because of this, the docker images were expecting files to exist that do not exist in the volumes.

Switching Fedora to use cgroup v1 fixes the issue.