From d3620f68cb27e42a689991485ba1fe89884032d96c84c7b0366bef8c604e686b Mon Sep 17 00:00:00 2001 From: Jordi Massaguer Date: Fri, 26 Aug 2016 09:56:58 +0000 Subject: [PATCH] Accepting request 422714 from home:cyphar:branches:Virtualization:containers Fixes the overwrites of docker.service. OBS-URL: https://build.opensuse.org/request/show/422714 OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=132 --- docker.changes | 13 ++++++++++--- docker.service | 30 +++++++++++++++++++++++++++--- 2 files changed, 37 insertions(+), 6 deletions(-) diff --git a/docker.changes b/docker.changes index b598f09..b4668d6 100644 --- a/docker.changes +++ b/docker.changes @@ -1,20 +1,27 @@ +------------------------------------------------------------------- +Fri Aug 26 08:49:15 UTC 2016 - asarai@suse.com + +- Update docker.service file with several changes. + * Reapply fix for bsc#983015 (Limit*=infinity). + * Specify an "OCI" runtime for our runc package explicitly. bsc#978260 + ------------------------------------------------------------------- Thu Aug 25 14:02:04 UTC 2016 - jmassaguerpla@suse.com - remove disable-pprof-trace.patch: We can remove this patch because - we use go 1.6, either gcc6-go or gc-go. This patch was for gcc5-go + we use go 1.6, either gcc6-go or gc-go. This patch was for gcc5-go ------------------------------------------------------------------- Wed Aug 24 12:31:23 UTC 2016 - jmassaguerpla@suse.com - add go_arches in project configuration: this way, we can use the same spec file but decide in the project configuration if to - use gc-go or gcc-go for some archs. + use gc-go or gcc-go for some archs. ------------------------------------------------------------------- Tue Aug 23 11:35:09 UTC 2016 - jmassaguerpla@suse.com -- use gcc6-go instead of gcc5-go (bsc#988408) +- use gcc6-go instead of gcc5-go (bsc#988408) - build ppc64le with gc-go because this version builds with gc-go 1.6 - remove bnc964673-boltdb-metadata-recovery.patch because it has already been merged diff --git a/docker.service b/docker.service index 4a89c42..352933c 100644 --- a/docker.service +++ b/docker.service @@ -6,11 +6,35 @@ Requires=docker.socket containerd.socket [Service] EnvironmentFile=/etc/sysconfig/docker -ExecStart=/usr/bin/dockerd -H fd:// --containerd /run/containerd/containerd.sock $DOCKER_NETWORK_OPTIONS $DOCKER_OPTS -LimitNOFILE=1048576 -LimitNPROC=1048576 + +# Quick rundown of options, so we can keep track of them. Upstream's +# service file only contains -H. +# +# * -H tells Docker that it's running as a socket-activated service. +# * --containerd tells Docker to not manage the running of containerd. +# * --add-runtime and --default-runtime tell Docker to not try to use +# its "bundled" runC version (which is not shipped by us) but rather use +# the runC version provided as by the runc package. +ExecStart=/usr/bin/dockerd -H fd:// --containerd /run/containerd/containerd.sock --add-runtime oci=/usr/sbin/runc --default-runtime oci $DOCKER_NETWORK_OPTIONS $DOCKER_OPTS +ExecReload=/bin/kill -s HUP $MAINPID + +# Having non-zero Limit*s causes performance problems due to accounting overhead +# in the kernel. We recommend using cgroups to do container-local accounting. +LimitNOFILE=infinity +LimitNPROC=infinity LimitCORE=infinity +# Uncomment TasksMax if your systemd version supports it. +# Only systemd 226 and above support this property. +#TasksMax=infinity + +# Set delegate yes so that systemd does not reset the cgroups of docker containers +# Only systemd 218 and above support this property. +#Delegate=yes + +# Tis is not necessary because of how we set up containerd. +#KillMode=process + [Install] WantedBy=multi-user.target