mirror of
https://github.com/moby/moby.git
synced 2022-11-09 12:21:53 -05:00
428d7337e8
There is a not-insignificant performance overhead for all containers (if
containerd is a child of Docker, which is the current setup) if rlimits are
set on the main Docker daemon process (because the limits
propogate to all children).
We recommend using cgroups to do container-local accounting.
This applies the change added in 8db61095a3
to other init scripts.
Note that nfile cannot be set to unlimited, and the limit
is hardcoded to 1048576 (2^20) , see:
http://stackoverflow.com/a/1213069/1811501
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
29 lines
1,019 B
Desktop File
29 lines
1,019 B
Desktop File
[Unit]
|
|
Description=Docker Application Container Engine
|
|
Documentation=https://docs.docker.com
|
|
After=network.target docker.socket
|
|
Requires=docker.socket
|
|
|
|
[Service]
|
|
Type=notify
|
|
# the default is not to use systemd for cgroups because the delegate issues still
|
|
# exists and systemd currently does not support the cgroup feature set required
|
|
# for containers run by docker
|
|
ExecStart=/usr/bin/dockerd -H fd://
|
|
ExecReload=/bin/kill -s HUP $MAINPID
|
|
LimitNOFILE=1048576
|
|
# Having non-zero Limit*s causes performance problems due to accounting overhead
|
|
# in the kernel. We recommend using cgroups to do container-local accounting.
|
|
LimitNPROC=infinity
|
|
LimitCORE=infinity
|
|
# Uncomment TasksMax if your systemd version supports it.
|
|
# Only systemd 226 and above support this version.
|
|
#TasksMax=infinity
|
|
TimeoutStartSec=0
|
|
# set delegate yes so that systemd does not reset the cgroups of docker containers
|
|
Delegate=yes
|
|
# kill only the docker process, not all processes in the cgroup
|
|
KillMode=process
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|