Set the PATH to what appears to be the standard on latest Ubuntu (18.04)
and Debian (9), fixing the following two issues:
1. PATH did not contain /bin (leading to ContainerTop/ps not working
on newer distros, among the other things).
2. $PATH can't be specified in Environment directives in .service files.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Upstream-commit: 62d9a0d1253049a2fab10f938542a8e09dd0804a
Component: packaging
iptables is sometimes placed in `/usr/sbin`
Signed-off-by: Eli Uriegas <eli.uriegas@docker.com>
(cherry picked from commit c86a958d6d344d6bf568523c28d6643d7b49ba43)
Signed-off-by: Eli Uriegas <eli.uriegas@docker.com>
Upstream-commit: 36a08784a0b7bc49487005d323bf4e41fd50d36d
Component: packaging
Removes the need for the offline installer to install the shim process
and instead installs the shim process as part of the packaging.
May be easier in the future to just package the shim process on it's own
but that'll come after this 18.09 release
Signed-off-by: Eli Uriegas <eli.uriegas@docker.com>
(cherry picked from commit f8bd366d58f8bdf8a82b9a033353ca5bf4eda948)
Signed-off-by: Eli Uriegas <eli.uriegas@docker.com>
Upstream-commit: 31d0cb047b98ab43f661bd026bdd63deef62543d
Component: packaging
Note that StartLimit* options were moved from "Service" to "Unit" in systemd 229
(6bf0f408e4)
both the old, and new location are accepted by systemd 229 and up, so using the old location
to make them work for either version of systemd.
StartLimitInterval was renamed to StartLimitIntervalSec in systemd 230
(f0367da7d1)
both the old, and new name are accepted by systemd 230 and up, so using the old name to make
this option work for either version of systemd.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 2c2bfea5d009fb884f5c61b62e3c85bd88e7909e)
Signed-off-by: Eli Uriegas <eli.uriegas@docker.com>
Upstream-commit: 5963decd1502e5012692a1f958bfdc5403f02920
Component: packaging
This adds support for reloading the docker daemon
(SIGHIUP) so that changes in '/etc/docker/daemon.json'
can be loaded at runtime by reloading the service
through systemd ('systemctl reload docker')
Before this change, systemd would output an error
that "reloading" is not supported for the docker
service;
systemctl reload docker
Failed to reload docker.service: Job type reload is not applicable for unit docker.service.
After this change, the docker daemon can be reloaded
through 'systemctl reload docker', which reloads
the configuration;
journalctl -f -u docker.service
May 02 03:49:20 testing systemd[1]: Reloading Docker Application Container Engine.
May 02 03:49:20 testing docker[28496]: time="2016-05-02T03:49:20.143964103-04:00" level=info msg="Got signal to reload configuration, reloading from: /etc/docker/daemon.json"
May 02 03:49:20 testing systemd[1]: Reloaded Docker Application Container Engine.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 3e1b508e5f70b35869d9c8417d3b65a141820af9)
Signed-off-by: Eli Uriegas <eli.uriegas@docker.com>
Upstream-commit: 127426fc693a882b670339391da5d12f08c1438d
Component: packaging
Change the kill mode to process so that systemd does not kill container
processes when the daemon is shutdown but only the docker daemon
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit d736ae9da7401f582469fa7e943adde9f2163024)
Signed-off-by: Eli Uriegas <eli.uriegas@docker.com>
Upstream-commit: 784c5936ec984b5525ac71eca3b7731e49eb6b37
Component: packaging
We need to add delegate yes to docker's service file so that it can
manage the cgroups of the processes that it launches without systemd
interfering with them and moving the processes after it is reloaded.
Delegate=
Turns on delegation of further resource control partitioning to
processes of the unit. For unprivileged services (i.e. those
using the User= setting), this allows processes to create a
subhierarchy beneath its control group path. For privileged
services and scopes, this ensures the processes will have all
control group controllers enabled.
This is the proper fix for issue moby/moby#20152
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit e134e666a585b1f13e9e5e371dd93e5ce04a4b34)
Signed-off-by: Eli Uriegas <eli.uriegas@docker.com>
Upstream-commit: 1120496ca0492d29731befd1460a934ac115e7f8
Component: packaging
Systemd sets a default of 512 tasks, which is far
too low to run many containers.
Note that TasksMax is only supported on systemd 226
and above.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 82fe96733f551d36018c3840cf21d813807e9b76)
Signed-off-by: Eli Uriegas <eli.uriegas@docker.com>
Upstream-commit: c42e4736e055c472284fd09ca05d405d31c4516a
Component: packaging
There is a not-insignificant performance overhead for all containers (if
containerd is a child of Docker, which is the current setup) if systemd
sets rlimits on the main Docker daemon process (because the limits
propogate to all children).
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 68e15413dce8d6e8f428ac286641a9482d30aabc)
Signed-off-by: Eli Uriegas <eli.uriegas@docker.com>
Upstream-commit: 1246dedcd55058a2856c7042509fb0badcefbf91
Component: packaging
set LimitCORE=infinity to ensure complete core creation,
allows extraction of as much information as possible.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit da69663b9ccd72d95ec60007ef707d82a35324fa)
Signed-off-by: Eli Uriegas <eli.uriegas@docker.com>
Upstream-commit: f93f4525173e3a32d315794344d44bae780de00e
Component: packaging
The daemon won't actually start without containerd
Signed-off-by: Eli Uriegas <eli.uriegas@docker.com>
Upstream-commit: 16037618282dc5076089c7b749cdd07376650f8d
Component: packaging
Old versions of things on CentOS 7 strike again!
infinity is not a thing for TimeoutSec on systemd < 229
Signed-off-by: Eli Uriegas <eli.uriegas@docker.com>
Upstream-commit: 86dafe5391e2ef298248536cd038e27230a4df63
Component: packaging
