From 8fc569eafa0e7a6c9bd739b94f85a04b4a25c502 Mon Sep 17 00:00:00 2001 From: Nick Owens Date: Thu, 11 Aug 2016 15:08:11 -0700 Subject: [PATCH] app-emulation/docker: sync systemd services with upstream --- ....12.1-r1.ebuild => docker-1.12.1-r2.ebuild} | 0 .../app-emulation/docker/files/docker.service | 18 ++++++++++++++++-- .../docker/files/early-docker.service | 18 ++++++++++++++++-- 3 files changed, 32 insertions(+), 4 deletions(-) rename sdk_container/src/third_party/coreos-overlay/app-emulation/docker/{docker-1.12.1-r1.ebuild => docker-1.12.1-r2.ebuild} (100%) diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-1.12.1-r1.ebuild b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-1.12.1-r2.ebuild similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-1.12.1-r1.ebuild rename to sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-1.12.1-r2.ebuild diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/docker.service b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/docker.service index eda71c70bb..3b283f1205 100644 --- a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/docker.service +++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/docker.service @@ -5,11 +5,25 @@ After=docker.socket early-docker.target network.target Requires=docker.socket early-docker.target [Service] +Type=notify EnvironmentFile=-/run/flannel_docker_opts.env MountFlags=slave -LimitNOFILE=1048576 -LimitNPROC=1048576 +# the default is not to use systemd for cgroups because the delegate issues still +# exists and systemd currently does not support the cgroup feature set required +# for containers run by docker ExecStart=/usr/lib/coreos/dockerd --host=fd:// $DOCKER_OPTS $DOCKER_CGROUPS $DOCKER_OPT_BIP $DOCKER_OPT_MTU $DOCKER_OPT_IPMASQ +ExecReload=/bin/kill -s HUP $MAINPID +LimitNOFILE=1048576 +# Having non-zero Limit*s causes performance problems due to accounting overhead +# in the kernel. We recommend using cgroups to do container-local accounting. +LimitNPROC=infinity +LimitCORE=infinity +# Uncomment TasksMax if your systemd version supports it. +# Only systemd 226 and above support this version. +TasksMax=infinity +TimeoutStartSec=0 +# set delegate yes so that systemd does not reset the cgroups of docker containers +Delegate=yes [Install] WantedBy=multi-user.target diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/early-docker.service b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/early-docker.service index 8693a84a03..3ff77d4eeb 100644 --- a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/early-docker.service +++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/early-docker.service @@ -5,11 +5,25 @@ After=early-docker.socket Requires=early-docker.socket [Service] +Type=notify Environment=TMPDIR=/var/tmp MountFlags=slave -LimitNOFILE=1048576 -LimitNPROC=1048576 +# the default is not to use systemd for cgroups because the delegate issues still +# exists and systemd currently does not support the cgroup feature set required +# for containers run by docker ExecStart=/usr/lib/coreos/dockerd --host=fd:// --bridge=none --iptables=false --ip-masq=false --exec-root=/var/run/early-docker --graph=/var/lib/early-docker --pidfile=/var/run/early-docker.pid $DOCKER_OPTS $DOCKER_CGROUPS +ExecReload=/bin/kill -s HUP $MAINPID +LimitNOFILE=1048576 +# Having non-zero Limit*s causes performance problems due to accounting overhead +# in the kernel. We recommend using cgroups to do container-local accounting. +LimitNPROC=infinity +LimitCORE=infinity +# Uncomment TasksMax if your systemd version supports it. +# Only systemd 226 and above support this version. +TasksMax=infinity +TimeoutStartSec=0 +# set delegate yes so that systemd does not reset the cgroups of docker containers +Delegate=yes [Install] WantedBy=early-docker.target