I am creating a docker image using strongswan, with the following inside the Dockerfile:
RUN apt-get update; \
apt-get install -y systemd strongswan libstrongswan strongswan-swanctl strongswan-charon charon-systemd; \
rm -rf /var/lib/apt-lists/*;
RUN ipsec start
(docker-compose does add the NET_ADMIN capability)
However after starting, the instance only has starter.charon.pid in /var/run instead of the charon.vici that i am expecting. If I then run ipsec start inside the container, I obtain
Starting strongSwan 5.9.8 IPsec [starter]...
removing pidfile '/var/run/starter.charon.pid', process not running
And then everything seems to be working.
How can I automatize the startup of ipsec from the Dockerfile? I need strongswan to be activated to then use it from a python script.
I tried to change the docker command to RUN ipsec stop && ipsec start and variants to no avail.
Finally found a solution.
As mentioned in comments a Dockerfile cannot run a background process. However, there is always a foreground process (through ENTRYPOINT), which in my case was already used to run a flask server.
However, replacing that line with ENTRYPOINT ['bash', 'run.sh'] and with the following bash file
ipsec start
echo 'waiting 2s for ipsec to start' && sleep 2 && chmod 777 /run/charon.vici && echo 'done'
flask --app app.py run -h 0.0.0.0 -p 5000 --debug
Then everything works as expected.
Using a supervisor such as mentioned in this answer is probably the next step to ensure services are automatically reloaded in case of a crash.