thewooster thewooster - 1 month ago 13
Linux Question

Docker Unbound DNS Server: How to launch as service

My host system is Arch Linux, and the Docker image is "base/arch" (archlinux) with my own modifications. Unbound is installed on a committed image, but I don't quite know how to launch the container with the service running since SystemD is not meant to run in Docker.

How do I actually launch the container with Unbound running as a service?

I've gone through some basic tutorials, but most of them cover launching pre-built containers:

Dockers basic course.

Arch Wiki.

Digital Ocean overview.

Thanks!

Answer

For this answer, I'm assuming that you've installed Unbound by simply installing the community/unbound package via pacman.

You can inspect the systemd unit files that are installed alongside the package to determine how to actually start the server. Have a look at /usr/lib/systemd/system/unbound.service:

[Unit]
Description=Unbound DNS Resolver
After=network.target

[Service]
ExecStartPre=/bin/cp -f /etc/trusted-key.key /etc/unbound/
PIDFile=/run/unbound.pid
ExecStart=/usr/bin/unbound -d
ExecReload=/bin/kill -HUP $MAINPID
Restart=always

[Install]
WantedBy=multi-user.target

Most important is the ExecStart line. This describes the command that systemd uses to actually start the service. According to unbound's help (unbound -h), the -d switch means do not fork into the background (which is a good thing because that's also exactly what you need to start Unbound in a Docker contaier).

The ExecStartPre command can be a simple RUN step when building the image.

In conclusion, you can translate this into a Dockerfile similar to this:

FROM base/arch

# <omitted>

RUN /bin/cp -f /etc/trusted-key.key /etc/unbound/
CMD ["/usr/bin/unbound", "-d"]
Comments