From 0de4f04368c1bf45bce32b25e15723a94c91e186 Mon Sep 17 00:00:00 2001
From: Joe Bowers <joe@coreos.com>
Date: Thu, 29 Sep 2016 17:12:36 -0700
Subject: [PATCH] app-emulation/{containerd,docker}: separately managed
 containerd unit

---
 .../containerd/containerd-0.2.3-r1.ebuild     |  1 +
 ...rd-0.2.3.ebuild => containerd-9999.ebuild} |  4 +++-
 .../containerd/files/containerd.service       | 19 +++++++++++++++++++
 .../app-emulation/docker/files/docker.service |  8 ++++----
 .../docker/files/early-docker.service         |  8 ++++----
 5 files changed, 31 insertions(+), 9 deletions(-)
 create mode 120000 sdk_container/src/third_party/coreos-overlay/app-emulation/containerd/containerd-0.2.3-r1.ebuild
 rename sdk_container/src/third_party/coreos-overlay/app-emulation/containerd/{containerd-0.2.3.ebuild => containerd-9999.ebuild} (91%)
 create mode 100644 sdk_container/src/third_party/coreos-overlay/app-emulation/containerd/files/containerd.service

diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/containerd/containerd-0.2.3-r1.ebuild b/sdk_container/src/third_party/coreos-overlay/app-emulation/containerd/containerd-0.2.3-r1.ebuild
new file mode 120000
index 0000000000..c5606b90ce
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/containerd/containerd-0.2.3-r1.ebuild
@@ -0,0 +1 @@
+containerd-9999.ebuild
\ No newline at end of file
diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/containerd/containerd-0.2.3.ebuild b/sdk_container/src/third_party/coreos-overlay/app-emulation/containerd/containerd-9999.ebuild
similarity index 91%
rename from sdk_container/src/third_party/coreos-overlay/app-emulation/containerd/containerd-0.2.3.ebuild
rename to sdk_container/src/third_party/coreos-overlay/app-emulation/containerd/containerd-9999.ebuild
index 9d98182cea..0b8be2a330 100644
--- a/sdk_container/src/third_party/coreos-overlay/app-emulation/containerd/containerd-0.2.3.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/containerd/containerd-9999.ebuild
@@ -19,7 +19,7 @@ else
 	inherit vcs-snapshot
 fi
 
-inherit coreos-go
+inherit coreos-go systemd
 
 DESCRIPTION="A daemon to control runC"
 HOMEPAGE="https://containerd.tools"
@@ -39,4 +39,6 @@ src_compile() {
 
 src_install() {
 	dobin bin/containerd* bin/ctr
+
+	systemd_dounit "${FILESDIR}/containerd.service"
 }
diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/containerd/files/containerd.service b/sdk_container/src/third_party/coreos-overlay/app-emulation/containerd/files/containerd.service
new file mode 100644
index 0000000000..45889a7e6c
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/containerd/files/containerd.service
@@ -0,0 +1,19 @@
+[Unit]
+Description=Containerd Container Daemon
+Documentation=http://github.com/docker/containerd
+
+[Service]
+Type=simple
+ExecStart=/usr/bin/containerd --listen unix:///var/run/docker/libcontainerd/docker-containerd.sock --shim /usr/bin/containerd-shim --state-dir /var/run/docker/libcontainerd/containerd --runtime /usr/bin/runc
+
+# (lack of) limits from the upstream docker service unit
+LimitNOFILE=1048576
+LimitNPROC=infinity
+LimitCORE=infinity
+TasksMax=infinity
+
+# set delegate yes so that systemd does not reset the cgroups of containers
+Delegate=yes
+
+[Install]
+WantedBy=multi-user.target early-docker.target
diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/docker.service b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/docker.service
index 88b5eba55b..a68a1dfaff 100644
--- a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/docker.service
+++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/docker.service
@@ -1,17 +1,17 @@
 [Unit]
 Description=Docker Application Container Engine
 Documentation=http://docs.docker.com
-After=docker.socket early-docker.target network.target
-Requires=docker.socket early-docker.target
+After=containerd.service docker.socket early-docker.target network.target
+Requires=containerd.service docker.socket early-docker.target
 
 [Service]
 Type=notify
 EnvironmentFile=-/run/flannel/flannel_docker_opts.env
-MountFlags=slave
+
 # the default is not to use systemd for cgroups because the delegate issues still
 # exists and systemd currently does not support the cgroup feature set required
 # for containers run by docker
-ExecStart=/usr/lib/coreos/dockerd --host=fd:// $DOCKER_OPTS $DOCKER_CGROUPS $DOCKER_OPT_BIP $DOCKER_OPT_MTU $DOCKER_OPT_IPMASQ
+ExecStart=/usr/lib/coreos/dockerd --host=fd:// --containerd=/var/run/docker/libcontainerd/docker-containerd.sock $DOCKER_OPTS $DOCKER_CGROUPS $DOCKER_OPT_BIP $DOCKER_OPT_MTU $DOCKER_OPT_IPMASQ
 ExecReload=/bin/kill -s HUP $MAINPID
 LimitNOFILE=1048576
 # Having non-zero Limit*s causes performance problems due to accounting overhead
diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/early-docker.service b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/early-docker.service
index 3ff77d4eeb..69d9fe5a80 100644
--- a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/early-docker.service
+++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/early-docker.service
@@ -1,17 +1,17 @@
 [Unit]
 Description=Early Docker Application Container Engine
 Documentation=http://docs.docker.com
-After=early-docker.socket
-Requires=early-docker.socket
+After=containerd.service early-docker.socket
+Requires=containerd.service early-docker.socket
 
 [Service]
 Type=notify
 Environment=TMPDIR=/var/tmp
-MountFlags=slave
+
 # the default is not to use systemd for cgroups because the delegate issues still
 # exists and systemd currently does not support the cgroup feature set required
 # for containers run by docker
-ExecStart=/usr/lib/coreos/dockerd --host=fd:// --bridge=none --iptables=false --ip-masq=false --exec-root=/var/run/early-docker --graph=/var/lib/early-docker --pidfile=/var/run/early-docker.pid $DOCKER_OPTS $DOCKER_CGROUPS
+ExecStart=/usr/lib/coreos/dockerd --host=fd:// --bridge=none --iptables=false --ip-masq=false --exec-root=/var/run/early-docker --graph=/var/lib/early-docker --pidfile=/var/run/early-docker.pid --containerd=/var/run/docker/libcontainerd/docker-containerd.sock $DOCKER_OPTS $DOCKER_CGROUPS
 ExecReload=/bin/kill -s HUP $MAINPID
 LimitNOFILE=1048576
 # Having non-zero Limit*s causes performance problems due to accounting overhead