-
Notifications
You must be signed in to change notification settings - Fork 30
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
docker restarts containers before containerd socket is opened #203
Comments
Seems like a race condition because the containerd service unit treats the services as ready as soon as it runs but it should only be ready if it is actually able to accept requests on the socket. It needs to be changed to |
Hi @photos, thanks for the quick answer :-) Here is the docker.service unit content : # systemctl cat docker.service
# /run/systemd/system/docker.service
[Unit]
Requires=torcx.target
After=torcx.target
Description=Docker Application Container Engine
Documentation=http://docs.docker.com
After=containerd.service docker.socket network-online.target
Wants=network-online.target
Requires=containerd.service docker.socket
[Service]
EnvironmentFile=/run/metadata/torcx
Environment=TORCX_IMAGEDIR=/docker
Type=notify
EnvironmentFile=-/run/flannel/flannel_docker_opts.env
Environment=DOCKER_SELINUX=--selinux-enabled=true
# the default is not to use systemd for cgroups because the delegate issues still
# exists and systemd currently does not support the cgroup feature set required
# for containers run by docker
ExecStart=/usr/bin/env PATH=${TORCX_BINDIR}:${PATH} ${TORCX_BINDIR}/dockerd --host=fd:// --containerd=/var/run/docker/libcontainerd/docker-containerd.sock $DOCKER_SELINUX $DOCKER_OPTS $DOCKER_CGROUPS $DOCKER_OPT_>
ExecReload=/bin/kill -s HUP $MAINPID
LimitNOFILE=1048576
# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNPROC=infinity
LimitCORE=infinity
# Uncomment TasksMax if your systemd version supports it.
# Only systemd 226 and above support this version.
TasksMax=infinity
TimeoutStartSec=0
# set delegate yes so that systemd does not reset the cgroups of docker containers
Delegate=yes
# kill only the docker process, not all processes in the cgroup
KillMode=process
# restart the docker process if it exits prematurely
Restart=on-failure
StartLimitBurst=3
StartLimitInterval=60s
[Install]
WantedBy=multi-user.target
# /etc/systemd/system/docker.service.d/10-machine.conf
[Service]
Environment=TMPDIR=/var/tmp
ExecStart=
ExecStart=/usr/lib/coreos/dockerd --host=unix:///var/run/docker.sock --host=tcp://0.0.0.0:2376 --tlsverify --tlscacert /etc/docker/ca.pem --tlscert /etc/docker/server.pem --tlskey /etc/docker/server-key.pem --la>
Environment= Why does docker.service runs two services : dockerd and containerd ? |
Here is the tree of processes in docker.service:
|
Action to be done here: We are still using |
Done @ flatcar/scripts#866 @pothos |
Hi,
Description
For a few days, my flatcar server doesn't reboot containers (set to always).
Impact
Since updates triggers reboot, I often have all my services down :-((
Environment and steps to reproduce
Expected behavior
I expect the containers to successfuly restart.
Additional information
My server is migrated from coreos. I disabled docker.socket and enabled docker.service according to #175, using
systemctl enable --now docker.service
andsystemctal disable --now docker.socket
.journalctl --boot -u docker
Do you have some clue about this ?
The text was updated successfully, but these errors were encountered: