Commit graph

101 commits

Author SHA1 Message Date
Neyazul Haque
10cebd4c74 Change TMPDIR to DOCKER_TMPDIR
TMPDIR was changed to DOCKER_TMPDIR in pull request 7113 but the file still asks user to set TMPDIR.
I am new to docker and wasted sometime this morning because of this.
I am using docker version 1.12.1 on ubuntu server 14.04

Signed-off-by: Neyazul Haque <nuhaque@gmail.com>
2016-08-23 08:45:46 +05:30
Liam Macgillavry
11eda60848 missed DOCKER->DOCKERD change in 1ac1b78b3a for 'status'
Signed-off-by: Liam Macgillavry <liam@kumina.nl>
2016-08-19 11:08:52 +02:00
Ramon Brooker
73e08286f9
deal with firewalld/docker startup issues
added the firewalld.service symbol in the After line docker
will always start after firewalld, thus eliminating the issue
of firewall blocking all mapped traffic.

Signed-off-by: Ramon Brooker <Ramon.Brooker@imaginecommunications.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2016-08-11 00:13:33 +02:00
Bryan Boreham
68dab9bd09 Use the name of the first unix socket in DOCKER_OPTS
Otherwise the while loop waits forever, checking for
a filename made up of all the names.

Signed-off-by: Bryan Boreham <bjboreham@gmail.com>
2016-07-29 14:04:43 +01:00
Alexander Morozov
4084bf7ad2 Merge pull request #24555 from thaJeztah/to-infinity-and-beyond
Don't set ulimits (nproc) for all init scripts
2016-07-28 16:48:16 -07:00
Michael Crosby
3cddda3bbb Remove the Require on the socket for the rpm
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-07-26 14:56:27 -07:00
Michael Crosby
04104c3a1e Remove docker.socket from rpm based systems
Fixes #23981

The selinux issue we are seeing in the report is related to the socket
file for docker and nothing else. By removing the socket docker starts
up correctly.

However, there is another motivation for removing socket activation from
docker's systemd files and that is because when you have daemons running
with --restart always whenever you have a host reboot those daemons
will not be started again because the docker daemon is not started by
systemd until a request comes into the docker API.

Leave it for deb based systems because everything is working correctly
for both socket activation and starting normally at boot.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-07-19 09:31:43 -07:00
Paul Furtado
acb41ddc9d Change $prog back to docker in sysvinit-redhat
(and set $exec to dockerd instead)

This ensures end users do not need to make any configuration changes
due to the rename from docker to dockerd in version 1.12.

Signed-off-by: Paul Furtado <pfurtado@hubspot.com>
2016-07-14 17:21:59 -04:00
Sebastiaan van Stijn
428d7337e8
Don't set ulimits (nproc)
There is a not-insignificant performance overhead for all containers (if
containerd is a child of Docker, which is the current setup) if rlimits are
set on the main Docker daemon process (because the limits
propogate to all children).

We recommend using cgroups to do container-local accounting.

This applies the change added in 8db61095a3
to other init scripts.

Note that nfile cannot be set to unlimited, and the limit
is hardcoded to 1048576 (2^20) , see:
http://stackoverflow.com/a/1213069/1811501

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2016-07-13 17:15:19 +02:00
Sebastiaan van Stijn
fa077f7496
use tabs for indentation
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2016-07-12 23:16:55 +02:00
Aleksa Sarai
8db61095a3
contrib: systemd: set Limit* to infinity
There is a not-insignificant performance overhead for all containers (if
containerd is a child of Docker, which is the current setup) if systemd
sets rlimits on the main Docker daemon process (because the limits
propogate to all children).

Signed-off-by: Aleksa Sarai <asarai@suse.de>
2016-07-04 23:00:28 +10:00
Michael Crosby
db435f526a Set systemd KillMode
Change the kill mode to process so that systemd does not kill container
processes when the daemon is shutdown but only the docker daemon

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-06-16 11:46:04 -07:00
Ilya Dmitrichenko
2aee081cad Remove MountFlags in systemd unit to allow shared mount propagation
Signed-off-by: Ilya Dmitrichenko <errordeveloper@gmail.com>
2016-05-24 12:51:31 +01:00
Antonio Murdaca
1ac1b78b3a contrib: init: use dockerd
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-05-11 11:00:11 +02:00
Sebastiaan van Stijn
f74b856e1a
Add support for reloading daemon configuration through systemd
This adds support for reloading the docker daemon
(SIGHIUP) so that changes in '/etc/docker/daemon.json'
can be loaded at runtime by reloading the service
through systemd ('systemctl reload docker')

Before this change, systemd would output an error
that "reloading" is not supported for the docker
service;

  systemctl reload docker
  Failed to reload docker.service: Job type reload is not applicable for unit docker.service.

After this change, the docker daemon can be reloaded
through 'systemctl reload docker', which reloads
the configuration;

  journalctl -f -u docker.service

  May 02 03:49:20 testing systemd[1]: Reloading Docker Application Container Engine.
  May 02 03:49:20 testing docker[28496]: time="2016-05-02T03:49:20.143964103-04:00" level=info msg="Got signal to reload configuration, reloading from: /etc/docker/daemon.json"
  May 02 03:49:20 testing systemd[1]: Reloaded Docker Application Container Engine.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2016-05-02 10:27:07 +02:00
Pierre Carrier
33a8ab29ed docker.service: don't limit tasks
Signed-off-by: Pierre Carrier <pierre@meteor.com>
2016-03-27 04:02:34 -07:00
Michael Crosby
d16737f971 Add "Delegate=yes" to docker's service file
We need to add delegate yes to docker's service file so that it can
manage the cgroups of the processes that it launches without systemd
interfering with them and moving the processes after it is reloaded.

```
       Delegate=
           Turns on delegation of further resource control partitioning to
           processes of the unit. For unprivileged services (i.e. those
           using the User= setting), this allows processes to create a
           subhierarchy beneath its control group path. For privileged
           services and scopes, this ensures the processes will have all
           control group controllers enabled.
```

This is the proper fix for issue #20152

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-02-25 10:32:09 -08:00
Jessica Frazelle
6241250824
remove tasksmax, people on newer kernels can add it themselves
Signed-off-by: Jessica Frazelle <acidburn@docker.com>
2016-02-09 14:07:23 -08:00
Jess Frazelle
d47812dd1d Merge pull request #19886 from AndrewGuenther/185160-init-socket-fix
Wait to fire start event until socket is created
2016-02-03 17:38:52 -08:00
Vincent Woo
87a450a37f Allow disabling of colored Docker logs via daemon flag.
Signed-off-by: Vincent Woo <me@vincentwoo.com>
Signed-off-by: David Calavera <david.calavera@gmail.com>
2016-02-01 16:19:18 -05:00
Andrew Guenther
9f401254bd Wait to fire start event until socket is created
Previously, this check only worked if no host was specified and was
hard coded to check for "/var/run/docker.sock"

This change generalizes that check and captures any specified socket
and waits for it to be created.

Caveat: This will only check the first socket specified, but it is an
improvement over none at all.

Fixes #185160

Signed-off-by: Andrew Guenther <guenther.andrew.j@gmail.com>
2016-02-01 08:40:26 -08:00
Tianon Gravi
90e33640b8 Add a note to /etc/default/docker noting that it does not apply to systemd
Signed-off-by: Andrew "Tianon" Page <admwiggin@gmail.com>
2016-01-22 07:35:02 -08:00
Candid Dauth
105778343a Set TasksMax in addition to LimitNPROC in systemd service files
systemd sets an additional limit on processes and threads that defaults to 512 when run under Linux >= 4.3.
See more information here: http://unix.stackexchange.com/a/255603/59955

Signed-off-by: Candid Dauth <cdauth@cdauth.eu>
2016-01-16 18:45:41 +01:00
oyld
bbbc01b86e Fix syntax error in init script
Signed-off-by: oyld <oyld0210@163.com>
2015-12-22 04:00:00 -08:00
Tonis Tiigi
eff5e6498f Disable timeout for systemd
With content addressability update starting upgraded
daemon for the first time can take a long time if
graph dir was not prepared with a migration tool before.
This avoids systemd timeouts while the migration is
taking place.

Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2015-12-03 13:15:31 -08:00
Julien Pervillé
6f83dd22a3 Update upstart init script to start on filesystem (not only on local ones).
Signed-off-by: Julien Pervillé <julien.perville@perfect-memory.com>
2015-11-05 20:38:52 +01:00
Ewa Czechowska
5c94a9e800 #16560 Add timeout to sudo service docker stop on sysvinit
Add 10 seconds timeout when running `sudo service docker stop`. This is
especially needed when running `sudo service docker restart`. Otherwise,
`restart` results in exitstatus 1, because `start` has nothing to do.

Signed-off-by: Ewa Czechowska <ewa@ai-traders.com>
2015-09-24 19:41:32 +00:00
Matthias Rampke
01c5cfcc56 Do not try to guess "docker" in Debian SysV init script
On boot, the init script is invoked from `/etc/rcN.d/S20docker` (where N
is the runlevel). Consequently, the init script tried to find the
defaults at `/etc/defaults/S20docker` and the binary at
`/usr/bin/S20docker`. This causes the docker daemon to fail at boot with
the error

    /usr/bin/S20docker not present or not executable

Starting it manually works because it invokes `/etc/init.d/docker` which
has the correct basename.

Fix this by hardcoding "docker" as the base name.

Signed-off-by: Matthias Rampke <mr@soundcloud.com>
2015-09-23 11:27:34 +00:00
William Hubbs
e3772538c0 Fix OpenRC init script
The shebang for OpenRC init scripts is now #!/sbin/openrc-run, and we
can also use the default start and stop functions built into OpenRC.

Signed-off-by: William Hubbs <w.d.hubbs@gmail.com>
2015-08-25 12:02:01 -05:00
William Hubbs
1c0c68b18f Drop execute bit from openrc init script
Signed-off-by: William Hubbs <w.d.hubbs@gmail.com>
2015-08-25 12:00:54 -05:00
Jessie Frazelle
ebe27cb34c Merge pull request #14868 from jeffminard-ck/rhel-init-detect-failure
Allow RHEL init script to detect daemon start pid failure
2015-08-24 14:24:36 -07:00
Rob Vesse
f8387f6904 Fix silent failure in RedHat sysvinit script
The docker script in contrib/init/sysvinit-redhat will fail silently on
a start if Docker is not installed in the default /usr/bin/ location.
While a non-zero exit code is returned the user will receive no visible
indication (i.e. error message) as to why Docker was not started.

This commit changes the logic so that in the case that the docker
executable is not found in the expected location or the user does not
have execute permissions on the executable appropriate error messages
are now shown to the user as well as exiting with a non-zero exit code

Signed-off-by: Rob Vesse <rvesse@dotnetrdf.org>
2015-08-06 12:07:38 +01:00
Dimitri John Ledkov
d3e5179c29 systemd: set service type to notify.
Currently the service type is 'simple', the default, meaning that
docker.service is considered to be started straight after
spawning. This is incorrect as there is significant amount of time
between spawning and docker ready to accept connections on the passed
sockets. Docker does implement systemd socket activate and
notification protocol, and send the ready signal to systemd, once it
is ready. However for systemd to take those notifications into
account, the service file type should be set to notify.

Signed-off-by: Dimitri John Ledkov <dimitri.j.ledkov@intel.com>
2015-07-29 14:02:12 +01:00
Jeff Minard
6f8fdb8aa8 Allow RHEL init script to detect daemon start pid failure
If you have some kind of bogus `other_args` in `/etc/sysconfig/docker` the start script will report "started" but it's full of lies. This enhances the flow so that if the pidfile never shows up (failure to start) you get a proper failure message.

I also added dots for fun.

Signed-off-by: Jeff Minard <jeff.minard@creditkarma.com>
2015-07-22 11:36:34 -07:00
David Calavera
346ce4f8d2 Update init scripts to use docker daemon.
Signed-off-by: David Calavera <david.calavera@gmail.com>
2015-07-22 11:24:38 -07:00
David Calavera
d8592eaff8 Revert "contrib/init: unshare mount namespace for inits"
This reverts commit b6569b6b82.

Signed-off-by: David Calavera <david.calavera@gmail.com>
2015-06-15 10:35:17 -07:00
Eric-Olivier Lamey
dbf5e36fd6 Fix docs URL in systemd service file.
Fixes #13799.

Signed-off-by: Eric-Olivier Lamey <eo@lamey.me>
2015-06-08 10:21:43 +00:00
David Calavera
0256bbdebb Merge pull request #13039 from stevenbrichards/13031-Upstart
Fix check for upstart not detecting properly
2015-05-28 10:38:55 -07:00
Steven Richards
e5ff643aed Fixes #13031 - Check for upstart or init is not detecting properly
This will now properly check whether /etc/init.d/docker or service docker is
invoking the script and respond to the user accordingly.

Signed-off-by: Steven Richards <steven@axiomzen.co>
2015-05-28 09:52:05 -07:00
David Xia
2f9e7a067a Increase upstart kill timeout to 20 seconds
Give Docker more time to kill containers before upstart kills Docker.
The default kill timeout is 5 seconds.
This will help decrease the chance of but not eliminate the chance of
orphaned container processes.

Signed-off-by: David Xia <dxia@spotify.com>
2015-05-20 14:20:46 -04:00
Vincent Batts
b6569b6b82 contrib/init: unshare mount namespace for inits
* openrc
* sysvinit-debian
* upstart

Signed-off-by: Vincent Batts <vbatts@redhat.com>
2015-04-23 14:08:37 -04:00
Lewis Marshall
302e3834a0 Prevent Upstart post-start stanza from hanging
Once the job has failed and is respawned, the status becomes `docker
respawn/post-start` after subsequent failures (as opposed to `docker
stop/post-start`), so the post-start script needs to take this into
account.

I could not find specific documentation on the job transitioning to the
`respawn/post-start` state, but this was observed on Ubuntu 14.04.2.

Signed-off-by: Lewis Marshall <lewis@lmars.net>
2015-03-31 01:56:16 +01:00
Vincent Batts
7617ec176d .: remove trailing white spaces
blame tibor this one ;-)
```
find . -type f -not -name '*.png' -not -name '*.go' -not -name '*.md'
-not -name '*.tar' -not -name '*.pem' -not -path './vendor/*' -not -path
'./.git/*' -not -path '*/testdata/*' -not -path './docs/*images*' -not
-path '*/testfiles/*' -not -path './bundles/*' -not -path
'./docs/*static*/*' -not -path './docs/*article-img/*' -exec grep -HnEl
'[[:space:]]$' {} \; | xargs sed -iE 's/[[:space:]]*$//'
```

Signed-off-by: Vincent Batts <vbatts@redhat.com>
2015-03-25 13:38:17 -04:00
Tibor Vass
0252ad0adc Revert "Dealing with trailing whitespaces"
The validation script from #10681 is too pedantic, and does not handle
well situations like:

```
cat <<EOF   # or <<-EOF
	Whether the leading whitespace is stripped out or not by bash
	it should still be considered as valid.
EOF
```

This reverts commit 4e65c1c319.

Signed-off-by: Tibor Vass <tibor@docker.com>
2015-03-25 10:04:56 -06:00
André Martins
4e65c1c319 Dealing with trailing whitespaces
Created a validation that detects all trailing whitespaces from every
text file that isn't *.go, *.md, vendor/*,
docs/theme/mkdocs/tipuesearch*

Removed trailing whitespaces from every text file except from vendor/*
builder/parser/testfiles*, docs/theme/mkdocs/tipuesearch* and *.md

Signed-off-by: André Martins <martins@noironetworks.com>
2015-03-17 03:34:01 +00:00
Arnaud Porterie
89bdaa35e0 Remove subdirectories MAINTAINERS files
Signed-off-by: Arnaud Porterie <arnaud.porterie@docker.com>
2015-03-06 18:21:51 -08:00
Jessie Frazelle
9944f8b954 Merge pull request #10598 from lsm5/core-file-size
no limit on core size
2015-02-09 17:31:40 -08:00
Lokesh Mandvekar
ae9cdbbde7 no limit on core size
set LimitCORE=infinity to ensure complete core creation,
allows extraction of as much information as possible.

Thanks to Ulrich Obergfell <uobergfe@redhat.com>
and Jeremy Eder <jeder@redhat.com>

Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
2015-02-09 19:04:50 +00:00
Mike Leone
05d04843e6 Fixing stale pidfile issue when docker dies abruptly
Signed-off-by: Mike Leone <mleone896@gmail.com>

fixing indent

Signed-off-by: Mike Leone <mleone896@gmail.com>
2015-02-09 14:01:12 -05:00
Vincent Batts
6bb6586458 contrib/sysvinit-redhat: unshare mount namespace
unshare the mount namespace of the docker daemon to avoid other pids
outside the daemon holding mount references of docker containers.

Signed-off-by: Vincent Batts <vbatts@redhat.com>
2015-01-20 16:00:41 -05:00