Why don't toolbox containers include sytemd?

Hi! I wanted to setup a php dev environment in a toolbox container and failed because there is no systemd available. I stumbled upon this thread, where someone tried the same, but ended up using raw podman containers.

So my question is: Why is there no systemd available in toolbox containers? Are there plans to add it?

Best regards!

Hello @florianlackner, and welcome to the discussion. Off the top of my head I would guess it would relate to the fact that toolbox is run via Podman and therefore rootless. Plus the container is not “booted” like a normal workstation startup would be. Perhaps @rishi could elaborate more on that topic. There is very likely a work around for you to explore.

Thank you for your answer. I did some research and found this article: How to run systemd in a container | Red Hat Developer It suggests, that running systemd inside a podman container should work.

This would be a wasted opportunity if I didn’t plug myself: :grin: nsbox has built-in support for creating Fedora pet containers that run their own systemd instances, while also having host integration to e.g. you can export desktop files from the container to the host.

Do note that it’s still in the early development stages, so there are only bleeding-edge builds available, but I’m hoping to get the first “stable” version out by the end of next month at the absolute latest.

3 Likes

Slightly off topic, but could nsbox run an Android container like how Anbox uses LXC?

I mean, yeah in theory, since it’s mostly just a fancy nspawn wrapper. In practice, right now, nsbox requires all containers that run their own init to run systemd, as it injects its own overrides and targets in order for auto-login to work.

I’m a Silverblue and container n00b, and just had a similar experience setting up Rails. (Rails is slightly easier than LAMP since it uses a local webserver that doesn’t need to run as a service or daemon, but the issue with running a db service is similar.)

After banging my head against the wall repeatedly with both podman pods and Rails Dockerfile solutions (with a complex setup script), I went for a simpler and more flexible hybrid podman/toolbox solution where I use podman for everything that would need systemd (in my case only postgresql) and toolbox for everything else. It works beautifully. Since I use rbenv, my Ruby and gems are installed in my home directory, so I don’t even have to use the toolbox to run rails server, I run it only when I’m compiling gems.

I’m going to do some work on a WordPress project soon, and then I’ll try the same approach: httpd and Mariadb in podman containers, PHP in either my home directory or in a toolbox.

I’m really happy with this workflow. I’m considering writing ansible playbooks for setting up the toolboxes so I remember what packages are in them. They can get messy fast.

do you use vscode for develop with rails too?

Yes. I alternate between neovim (as layered package) and vscode (installed in the project’s toolbox). I found this the easiest way since I already have a full Ruby environment (with Solargraph and Rubocop) installed through rbenv in my home directory. (I have a similar setup with node (with nvm) and yarn.)

Because of this I can run nvim or toolbox run -c containername zsh -ic code and access all the same tools, even though one is a container and isn’t. This makes development setup so much easier for me.

cool i switch from ubuntu for fedora sb and i set the same setup than you for develop with rails.

I struggled a little with getting my PHP stack (Wordpress) working like the Rails setup. Running Rails inside Toolbox is trivial because Puma is already installed there as a gem and you don’t need a systemd service for it. However, running httpd as a container and PHP inside a toolbox just turned into more trouble than it was worth. I don’t need to build extensions inside the PHP container either, so running a LAMP stack could be done with podman only. I’m posting it here because it may be helpful to the original poster since he was setting up PHP specifically.

First I setup up a container for PHP with Apache and connect it to a new pod to simplify db setup. I found webdevops/php-apache to be a sensible Docker image (it uses /app as httpd root), but I’m sure there are others. I run this from my Wordpress root directory:

podman run --security-opt label=disable -it --name wp_apache --pod=new:wp -p 8080:80 -v $PWD":/app/ -d webdevops/php-apache:latest

Then I download and run a podman container for MariaDB and connect it to the newly created wp pod:

podman run --security-opt label=disable -it --name wp_maria --pod=wp -e MARIADB_ROOT_PASSWORD=strongpassword -e MARIADB_DATABASE=wp -e MARIADB_USER=username -e MARIADB_PASSWORD=password -d mariadb/server:latest

I then had to use choose the db inside the mariadb container (maybe this step could be skipped somehow):

podman exec -it wp_maria bash -lc mysql
# Then inside the container:
USE wp;
exit

Then I could connect and use my development environment provided I put wp (i.e. the name of the pod) instead of localhost in my wp-config. I have never used Laravel or other PHP frameworks and I rarely use composer, but I imagine you could modify this to make it work.

I’m sure there are better ways you could do this, so feel free to suggest improvements.

2 Likes

thank you for sharing!

I still don’t know why toolbox containers don’t include systemd by default.

@refi64 Can you check your issues regarding nsbox?

@florianlackner,
This blog post has an interesting discussion around systemd and containers. https://www.redhat.com/sysadmin/podman-shareable-systemd-services
I don’t know if that will help you.

Oof, I just did, sorry for the delay. (Have been super busy the past few weeks.)

@refi64 Ora comments aren’t working, at least i can’t reply (i have account created there). See here: Captura-de-ecra-2020-07-28-a-s-19-00-23 hosted at ImgBB — ImgBB

just for the record, I’ll reply in DMs, don’t want to fill this thread with an unrelated topic :sweat_smile:

I guess you want to use systemctl to control the systemd units for the various daemons?

Currently, Toolbox containers don’t have a separate PID namespace, and systemd doesn’t support having a system-wide instance that isn’t PID 1. Hence the current status quo.

Thank you for your responses :slight_smile:

I think I didn’t quite get containers when I started this thread. My mental model was like “an operating system in an operating system, with all the bells and whistles”. I guess the more correct model is: “A single process in an isolated environment, that may spawn more processes”.

I guess my confusion stemmed from this wrong mental model.

thank you for this interesting read. As far as I’ve understood it, this blog post is about using systemd to manage containers from the outside, not the inside. This approach is interesting, but not what I tried to achieve :slight_smile: