2013-10-15 15:37:18 +00:00
|
|
|
[Unit]
|
2014-01-09 17:09:25 +00:00
|
|
|
Description=Docker Application Container Engine
|
2015-06-08 10:14:35 +00:00
|
|
|
Documentation=https://docs.docker.com
|
2020-12-10 14:04:00 +00:00
|
|
|
After=network-online.target docker.socket firewalld.service
|
2016-12-27 12:25:12 +00:00
|
|
|
Wants=network-online.target
|
2014-07-14 23:07:40 +00:00
|
|
|
Requires=docker.socket
|
2013-10-15 15:37:18 +00:00
|
|
|
|
|
|
|
|
[Service]
|
2015-07-29 12:59:36 +00:00
|
|
|
Type=notify
|
2016-02-23 22:21:29 +00:00
|
|
|
# the default is not to use systemd for cgroups because the delegate issues still
|
|
|
|
|
# exists and systemd currently does not support the cgroup feature set required
|
|
|
|
|
# for containers run by docker
|
2016-04-24 12:27:19 +00:00
|
|
|
ExecStart=/usr/bin/dockerd -H fd://
|
2016-05-02 08:27:07 +00:00
|
|
|
ExecReload=/bin/kill -s HUP $MAINPID
|
2016-07-12 20:54:56 +00:00
|
|
|
LimitNOFILE=1048576
|
2016-07-04 13:00:28 +00:00
|
|
|
# Having non-zero Limit*s causes performance problems due to accounting overhead
|
|
|
|
|
# in the kernel. We recommend using cgroups to do container-local accounting.
|
|
|
|
|
LimitNPROC=infinity
|
2015-02-09 19:03:07 +00:00
|
|
|
LimitCORE=infinity
|
2016-03-24 23:14:30 +00:00
|
|
|
# Uncomment TasksMax if your systemd version supports it.
|
|
|
|
|
# Only systemd 226 and above support this version.
|
|
|
|
|
#TasksMax=infinity
|
2015-12-03 21:15:31 +00:00
|
|
|
TimeoutStartSec=0
|
2016-02-23 22:21:29 +00:00
|
|
|
# set delegate yes so that systemd does not reset the cgroups of docker containers
|
|
|
|
|
Delegate=yes
|
2016-06-16 18:46:04 +00:00
|
|
|
# kill only the docker process, not all processes in the cgroup
|
|
|
|
|
KillMode=process
|
2017-01-04 23:31:04 +00:00
|
|
|
# restart the docker process if it exits prematurely
|
|
|
|
|
Restart=on-failure
|
|
|
|
|
StartLimitBurst=3
|
|
|
|
|
StartLimitInterval=60s
|
2013-10-15 15:37:18 +00:00
|
|
|
|
|
|
|
|
[Install]
|
Fix system socket/service unit files
Two problems how they are today:
In the current systemd unit files it is impossible to have the
docker.service started at system boot. Instead enableing docker.service
will actually enable docker.socket. This is a problem, as that means
any container with --restart=always will not launch on reboot. And of
course as soon as you log in and type docker ps, docker.service will be
launched and now your images are running. Talk about a PITA to debug!
The fix is to just install docker.service when people ask docker.service
to be enabled. If an admin wants to enable docker.socket instead, that
is fine and will work just as it does today.
The second problem is a common docker devel workflow, although not
something normal admins would hit. In this case consider a dev doing
the following:
systemctl stop docker.service
docker -d
[run commands]
[^C]
systemctl start docker.service
Running docker -d (without -F fd://) will clean up the
/var/run/docker.sock when it exits. Remember, you just ran the docker
daemon not telling it about socket actviation, so cleaning up its socket
makes sense! The new docker, started by systemd will expect socket
activation, but the last one cleaned up the docker.sock. So things are
just broken. You can, today, work around this by restarting
docker.socket. This fixes it by telling docker.socket that it is
PartOf=docker.service. So when docker.service is
started/stopped/restarted docker.socket will also be
started/stopped/restarted. So the above semi-common devel workflow will
be fine. When docker.service is stopped, so is docker.socket, docker
-d (without -F fd://) will create and delete /var/run/docker.sock.
Starting docker.service again will restart docker.socket, which will
create the file an all is happy in the word.
Signed-off-by: Eric Paris <eparis@redhat.com>
2014-10-07 18:09:08 +00:00
|
|
|
WantedBy=multi-user.target
|