Podman container w/ systemd for molecule doesn't run init?

I’m working on a collection for gitea that will include both a server role and a role to set up act_runner instances for Gitea Actions.

In order to properly test this, I would like to use molecule and podman. I’m trying to set up an instance that runs Gitea server, and I am failing miserably to make systemd work in the podman container.

Can someone help me figure out what I’m doing wrong here? Using molecule 6.0.3 with Ansible 2.15.5.

My molecule.yml looks like this:

---
dependency:
  name: galaxy
  options:
    requirements-file: requirements.yml
platforms:
  - name: instance
    image: ubi8/ubi-init
    volumes:
      - /sys/fs/cgroup:/sys/fs/cgroup:ro
    tmpfs:
      - /run
      - /tmp
    privileged: true
    command: "/sbin/init"
provisioner:
  name: ansible
verifier:
  name: ansible
driver:
  options:
    managed: False
    login_cmd_template: "podman exec -ti {instance} bash"
    ansible_connection_options:
      ansible_connection: podman

I’ve tried various alternatives, like using cap_sys_admin instead of privileged, various different images (ubi8, ubi9 and centos:stream8), I messed with the command (adding --system doesn’t help), and ran this on both MacOS w/ Podman Desktop, in a Fedora VM on MacOS and on a bare metal x86_64 Fedora host. All give the same result: container is created, but doesn’t run systemd a pid 1. In its place is a coreutils sleep process.

Surely, I am doing something wrong, but it’s unclear to me what it is :slight_smile:

This might not help but I managed to get systemd running in Docker containers via GitLab CI (for example see the molecule directory and the .gitlab-ci.yml file for this PHP role), see this post on the GitLab forum for the details and for the containers the Docker file the two scripts here, this approach might work for Fedora / Podman as well as for Debian / Docker? :person_shrugging:

Running Docker here instead of Podman, but recently I had to change the cgroups line to READ/WRITE instead of READ-ONLY to get systemd to run in it. I don’t know why, but assume the same might apply to Podman. So that line would look like this

/sys/fs/cgroup:/sys/fs/cgroup:rw

Hope that helps.

1 Like

I’m sorry folks, this turns out to have been a PEBKAC situation. Mistake in my create.yml :smiley:

Thanks for your answers