2015-06-07 23:07:20 -04:00
|
|
|
<!--[metadata]>
|
|
|
|
+++
|
2016-02-05 10:18:26 -05:00
|
|
|
aliases = ["/engine/articles/systemd/"]
|
2015-06-07 23:07:20 -04:00
|
|
|
title = "Control and configure Docker with systemd"
|
|
|
|
description = "Controlling and configuring Docker using systemd"
|
|
|
|
keywords = ["docker, daemon, systemd, configuration"]
|
|
|
|
[menu.main]
|
2016-01-23 23:36:40 -05:00
|
|
|
parent = "engine_admin"
|
2016-07-19 00:40:07 -04:00
|
|
|
weight="7"
|
2015-06-07 23:07:20 -04:00
|
|
|
+++
|
|
|
|
<![end-metadata]-->
|
|
|
|
|
|
|
|
# Control and configure Docker with systemd
|
2014-11-25 23:09:52 -05:00
|
|
|
|
|
|
|
Many Linux distributions use systemd to start the Docker daemon. This document
|
2015-12-13 11:00:39 -05:00
|
|
|
shows a few examples of how to customize Docker's settings.
|
2014-11-25 23:09:52 -05:00
|
|
|
|
|
|
|
## Starting the Docker daemon
|
|
|
|
|
|
|
|
Once Docker is installed, you will need to start the Docker daemon.
|
|
|
|
|
|
|
|
$ sudo systemctl start docker
|
|
|
|
# or on older distributions, you may need to use
|
|
|
|
$ sudo service docker start
|
|
|
|
|
|
|
|
If you want Docker to start at boot, you should also:
|
|
|
|
|
|
|
|
$ sudo systemctl enable docker
|
|
|
|
# or on older distributions, you may need to use
|
|
|
|
$ sudo chkconfig docker on
|
|
|
|
|
|
|
|
## Custom Docker daemon options
|
|
|
|
|
|
|
|
There are a number of ways to configure the daemon flags and environment variables
|
2015-06-08 00:28:45 -04:00
|
|
|
for your Docker daemon.
|
2014-11-25 23:09:52 -05:00
|
|
|
|
2016-05-06 15:52:42 -04:00
|
|
|
The recommended way is to use a systemd drop-in file (as described in
|
|
|
|
the <a target="_blank"
|
|
|
|
href="https://www.freedesktop.org/software/systemd/man/systemd.unit.html">systemd.unit</a>
|
|
|
|
documentation). These are local files named `<something>.conf` in the
|
|
|
|
`/etc/systemd/system/docker.service.d` directory. This could also be
|
|
|
|
`/etc/systemd/system/docker.service`, which also works for overriding
|
|
|
|
the defaults from `/lib/systemd/system/docker.service`.
|
|
|
|
|
|
|
|
However, if you had previously used a package which had an
|
|
|
|
`EnvironmentFile` (often pointing to `/etc/sysconfig/docker`) then for
|
|
|
|
backwards compatibility, you drop a file with a `.conf` extension into
|
|
|
|
the `/etc/systemd/system/docker.service.d` directory including the
|
|
|
|
following:
|
2015-08-04 12:47:48 -04:00
|
|
|
|
|
|
|
[Service]
|
|
|
|
EnvironmentFile=-/etc/sysconfig/docker
|
|
|
|
EnvironmentFile=-/etc/sysconfig/docker-storage
|
|
|
|
EnvironmentFile=-/etc/sysconfig/docker-network
|
|
|
|
ExecStart=
|
2016-09-01 16:13:44 -04:00
|
|
|
ExecStart=/usr/bin/dockerd $OPTIONS \
|
2015-08-04 12:47:48 -04:00
|
|
|
$DOCKER_STORAGE_OPTIONS \
|
|
|
|
$DOCKER_NETWORK_OPTIONS \
|
|
|
|
$BLOCK_REGISTRY \
|
|
|
|
$INSECURE_REGISTRY
|
|
|
|
|
|
|
|
To check if the `docker.service` uses an `EnvironmentFile`:
|
2015-06-08 00:28:45 -04:00
|
|
|
|
2016-03-28 07:06:12 -04:00
|
|
|
$ systemctl show docker | grep EnvironmentFile
|
2015-06-08 00:28:45 -04:00
|
|
|
EnvironmentFile=-/etc/sysconfig/docker (ignore_errors=yes)
|
|
|
|
|
2015-08-04 12:47:48 -04:00
|
|
|
Alternatively, find out where the service file is located:
|
2015-06-08 00:28:45 -04:00
|
|
|
|
2016-03-28 07:06:12 -04:00
|
|
|
$ systemctl show --property=FragmentPath docker
|
|
|
|
FragmentPath=/usr/lib/systemd/system/docker.service
|
|
|
|
$ grep EnvironmentFile /usr/lib/systemd/system/docker.service
|
2015-06-08 00:28:45 -04:00
|
|
|
EnvironmentFile=-/etc/sysconfig/docker
|
|
|
|
|
|
|
|
You can customize the Docker daemon options using override files as explained in the
|
2015-07-10 17:29:07 -04:00
|
|
|
[HTTP Proxy example](#http-proxy) below. The files located in `/usr/lib/systemd/system`
|
2015-06-08 00:28:45 -04:00
|
|
|
or `/lib/systemd/system` contain the default options and should not be edited.
|
2014-11-25 23:09:52 -05:00
|
|
|
|
|
|
|
### Runtime directory and storage driver
|
|
|
|
|
|
|
|
You may want to control the disk space used for Docker images, containers
|
|
|
|
and volumes by moving it to a separate partition.
|
|
|
|
|
2014-12-07 21:35:37 -05:00
|
|
|
In this example, we'll assume that your `docker.service` file looks something like:
|
2014-11-25 23:09:52 -05:00
|
|
|
|
|
|
|
[Unit]
|
|
|
|
Description=Docker Application Container Engine
|
2015-06-08 00:28:45 -04:00
|
|
|
Documentation=https://docs.docker.com
|
2016-09-01 16:13:44 -04:00
|
|
|
After=network.target
|
2014-12-07 21:40:12 -05:00
|
|
|
|
2014-11-25 23:09:52 -05:00
|
|
|
[Service]
|
|
|
|
Type=notify
|
2016-09-01 16:13:44 -04:00
|
|
|
# the default is not to use systemd for cgroups because the delegate issues still
|
|
|
|
# exists and systemd currently does not support the cgroup feature set required
|
|
|
|
# for containers run by docker
|
|
|
|
ExecStart=/usr/bin/dockerd
|
|
|
|
ExecReload=/bin/kill -s HUP $MAINPID
|
|
|
|
# Having non-zero Limit*s causes performance problems due to accounting overhead
|
|
|
|
# in the kernel. We recommend using cgroups to do container-local accounting.
|
|
|
|
LimitNOFILE=infinity
|
|
|
|
LimitNPROC=infinity
|
|
|
|
LimitCORE=infinity
|
|
|
|
# Uncomment TasksMax if your systemd version supports it.
|
|
|
|
# Only systemd 226 and above support this version.
|
|
|
|
#TasksMax=infinity
|
|
|
|
TimeoutStartSec=0
|
|
|
|
# set delegate yes so that systemd does not reset the cgroups of docker containers
|
|
|
|
Delegate=yes
|
|
|
|
# kill only the docker process, not all processes in the cgroup
|
|
|
|
KillMode=process
|
2014-12-07 21:40:12 -05:00
|
|
|
|
2014-11-25 23:09:52 -05:00
|
|
|
[Install]
|
2016-09-01 16:13:44 -04:00
|
|
|
WantedBy=multi-user.target
|
2014-11-25 23:09:52 -05:00
|
|
|
|
2015-08-04 12:47:48 -04:00
|
|
|
This will allow us to add extra flags via a drop-in file (mentioned above) by
|
|
|
|
placing a file containing the following in the `/etc/systemd/system/docker.service.d`
|
|
|
|
directory:
|
2014-11-25 23:09:52 -05:00
|
|
|
|
2015-08-04 12:47:48 -04:00
|
|
|
[Service]
|
|
|
|
ExecStart=
|
2016-09-01 16:13:44 -04:00
|
|
|
ExecStart=/usr/bin/dockerd --graph="/mnt/docker-data" --storage-driver=overlay
|
2014-11-25 23:09:52 -05:00
|
|
|
|
|
|
|
You can also set other environment variables in this file, for example, the
|
|
|
|
`HTTP_PROXY` environment variables described below.
|
|
|
|
|
2015-07-10 17:29:07 -04:00
|
|
|
To modify the ExecStart configuration, specify an empty configuration followed
|
|
|
|
by a new configuration as follows:
|
|
|
|
|
|
|
|
[Service]
|
|
|
|
ExecStart=
|
2016-09-01 16:13:44 -04:00
|
|
|
ExecStart=/usr/bin/dockerd --bip=172.17.42.1/16
|
2015-07-10 17:29:07 -04:00
|
|
|
|
|
|
|
If you fail to specify an empty configuration, Docker reports an error such as:
|
|
|
|
|
|
|
|
docker.service has more than one ExecStart= setting, which is only allowed for Type=oneshot services. Refusing.
|
|
|
|
|
2015-04-21 11:50:09 -04:00
|
|
|
### HTTP proxy
|
2014-11-25 23:09:52 -05:00
|
|
|
|
|
|
|
This example overrides the default `docker.service` file.
|
|
|
|
|
2016-05-07 21:36:10 -04:00
|
|
|
If you are behind an HTTP proxy server, for example in corporate settings,
|
2014-11-25 23:09:52 -05:00
|
|
|
you will need to add this configuration in the Docker systemd service file.
|
|
|
|
|
2014-12-07 21:44:07 -05:00
|
|
|
First, create a systemd drop-in directory for the docker service:
|
2014-11-25 23:09:52 -05:00
|
|
|
|
2014-12-07 21:44:07 -05:00
|
|
|
mkdir /etc/systemd/system/docker.service.d
|
2014-11-25 23:09:52 -05:00
|
|
|
|
2014-12-07 21:44:07 -05:00
|
|
|
Now create a file called `/etc/systemd/system/docker.service.d/http-proxy.conf`
|
|
|
|
that adds the `HTTP_PROXY` environment variable:
|
|
|
|
|
|
|
|
[Service]
|
2014-11-25 23:09:52 -05:00
|
|
|
Environment="HTTP_PROXY=http://proxy.example.com:80/"
|
|
|
|
|
|
|
|
If you have internal Docker registries that you need to contact without
|
|
|
|
proxying you can specify them via the `NO_PROXY` environment variable:
|
|
|
|
|
2015-11-15 03:11:27 -05:00
|
|
|
Environment="HTTP_PROXY=http://proxy.example.com:80/" "NO_PROXY=localhost,127.0.0.1,docker-registry.somecorporation.com"
|
2014-11-25 23:09:52 -05:00
|
|
|
|
|
|
|
Flush changes:
|
|
|
|
|
|
|
|
$ sudo systemctl daemon-reload
|
2014-12-07 21:40:12 -05:00
|
|
|
|
2015-06-08 00:28:45 -04:00
|
|
|
Verify that the configuration has been loaded:
|
|
|
|
|
2016-03-28 07:06:12 -04:00
|
|
|
$ systemctl show --property=Environment docker
|
2015-06-08 00:28:45 -04:00
|
|
|
Environment=HTTP_PROXY=http://proxy.example.com:80/
|
|
|
|
|
2014-11-25 23:09:52 -05:00
|
|
|
Restart Docker:
|
|
|
|
|
|
|
|
$ sudo systemctl restart docker
|
|
|
|
|
|
|
|
## Manually creating the systemd unit files
|
|
|
|
|
|
|
|
When installing the binary without a package, you may want
|
|
|
|
to integrate Docker with systemd. For this, simply install the two unit files
|
|
|
|
(service and socket) from [the github
|
|
|
|
repository](https://github.com/docker/docker/tree/master/contrib/init/systemd)
|
|
|
|
to `/etc/systemd/system`.
|