diff --git a/engine/admin/systemd.md b/engine/admin/systemd.md index 6e1289d9ca..ff07db90d6 100644 --- a/engine/admin/systemd.md +++ b/engine/admin/systemd.md @@ -4,10 +4,6 @@ aliases: description: Controlling and configuring Docker using systemd keywords: - docker, daemon, systemd, configuration -menu: - main: - parent: engine_admin - weight: "7" title: Control and configure Docker with systemd --- @@ -19,17 +15,17 @@ shows a few examples of how to customize Docker's settings. ## Starting the Docker daemon Once Docker is installed, you will need to start the Docker daemon. - - $ sudo systemctl start docker - # or on older distributions, you may need to use - $ sudo service docker start - +```bash +$ sudo systemctl start docker +# or on older distributions, you may need to use +$ sudo service docker start +``` If you want Docker to start at boot, you should also: - - $ sudo systemctl enable docker - # or on older distributions, you may need to use - $ sudo chkconfig docker on - +```bash +$ sudo systemctl enable docker +# or on older distributions, you may need to use +$ sudo chkconfig docker on +``` ## Custom Docker daemon options There are a number of ways to configure the daemon flags and environment variables @@ -49,28 +45,38 @@ backwards compatibility, you drop a file with a `.conf` extension into the `/etc/systemd/system/docker.service.d` directory including the following: - [Service] - EnvironmentFile=-/etc/sysconfig/docker - EnvironmentFile=-/etc/sysconfig/docker-storage - EnvironmentFile=-/etc/sysconfig/docker-network - ExecStart= - ExecStart=/usr/bin/dockerd $OPTIONS \ - $DOCKER_STORAGE_OPTIONS \ - $DOCKER_NETWORK_OPTIONS \ - $BLOCK_REGISTRY \ - $INSECURE_REGISTRY +```conf +[Service] +EnvironmentFile=-/etc/sysconfig/docker +EnvironmentFile=-/etc/sysconfig/docker-storage +EnvironmentFile=-/etc/sysconfig/docker-network +ExecStart= +ExecStart=/usr/bin/dockerd $OPTIONS \ + $DOCKER_STORAGE_OPTIONS \ + $DOCKER_NETWORK_OPTIONS \ + $BLOCK_REGISTRY \ + $INSECURE_REGISTRY +``` To check if the `docker.service` uses an `EnvironmentFile`: - $ systemctl show docker | grep EnvironmentFile - EnvironmentFile=-/etc/sysconfig/docker (ignore_errors=yes) +```bash +$ systemctl show docker | grep EnvironmentFile + +EnvironmentFile=-/etc/sysconfig/docker (ignore_errors=yes) +``` Alternatively, find out where the service file is located: - $ systemctl show --property=FragmentPath docker - FragmentPath=/usr/lib/systemd/system/docker.service - $ grep EnvironmentFile /usr/lib/systemd/system/docker.service - EnvironmentFile=-/etc/sysconfig/docker +```bash +$ systemctl show --property=FragmentPath docker + +FragmentPath=/usr/lib/systemd/system/docker.service + +$ grep EnvironmentFile /usr/lib/systemd/system/docker.service + +EnvironmentFile=-/etc/sysconfig/docker +``` You can customize the Docker daemon options using override files as explained in the [HTTP Proxy example](systemd.md#http-proxy) below. The files located in `/usr/lib/systemd/system` @@ -83,42 +89,46 @@ and volumes by moving it to a separate partition. In this example, we'll assume that your `docker.service` file looks something like: - [Unit] - Description=Docker Application Container Engine - Documentation=https://docs.docker.com - After=network.target +```conf +[Unit] +Description=Docker Application Container Engine +Documentation=https://docs.docker.com +After=network.target - [Service] - Type=notify - # the default is not to use systemd for cgroups because the delegate issues still - # exists and systemd currently does not support the cgroup feature set required - # for containers run by docker - ExecStart=/usr/bin/dockerd - ExecReload=/bin/kill -s HUP $MAINPID - # Having non-zero Limit*s causes performance problems due to accounting overhead - # in the kernel. We recommend using cgroups to do container-local accounting. - LimitNOFILE=infinity - LimitNPROC=infinity - LimitCORE=infinity - # Uncomment TasksMax if your systemd version supports it. - # Only systemd 226 and above support this version. - #TasksMax=infinity - TimeoutStartSec=0 - # set delegate yes so that systemd does not reset the cgroups of docker containers - Delegate=yes - # kill only the docker process, not all processes in the cgroup - KillMode=process +[Service] +Type=notify +# the default is not to use systemd for cgroups because the delegate issues still +# exists and systemd currently does not support the cgroup feature set required +# for containers run by docker +ExecStart=/usr/bin/dockerd +ExecReload=/bin/kill -s HUP $MAINPID +# Having non-zero Limit*s causes performance problems due to accounting overhead +# in the kernel. We recommend using cgroups to do container-local accounting. +LimitNOFILE=infinity +LimitNPROC=infinity +LimitCORE=infinity +# Uncomment TasksMax if your systemd version supports it. +# Only systemd 226 and above support this version. +#TasksMax=infinity +TimeoutStartSec=0 +# set delegate yes so that systemd does not reset the cgroups of docker containers +Delegate=yes +# kill only the docker process, not all processes in the cgroup +KillMode=process - [Install] - WantedBy=multi-user.target +[Install] +WantedBy=multi-user.target +``` This will allow us to add extra flags via a drop-in file (mentioned above) by placing a file containing the following in the `/etc/systemd/system/docker.service.d` directory: - [Service] - ExecStart= - ExecStart=/usr/bin/dockerd --graph="/mnt/docker-data" --storage-driver=overlay +```conf +[Service] +ExecStart= +ExecStart=/usr/bin/dockerd --graph="/mnt/docker-data" --storage-driver=overlay +``` You can also set other environment variables in this file, for example, the `HTTP_PROXY` environment variables described below. @@ -126,13 +136,17 @@ You can also set other environment variables in this file, for example, the To modify the ExecStart configuration, specify an empty configuration followed by a new configuration as follows: - [Service] - ExecStart= - ExecStart=/usr/bin/dockerd --bip=172.17.42.1/16 +```conf +[Service] +ExecStart= +ExecStart=/usr/bin/dockerd --bip=172.17.42.1/16 +``` If you fail to specify an empty configuration, Docker reports an error such as: - docker.service has more than one ExecStart= setting, which is only allowed for Type=oneshot services. Refusing. +```conf +docker.service has more than one ExecStart= setting, which is only allowed for Type=oneshot services. Refusing. +``` ### HTTP proxy @@ -141,33 +155,44 @@ This example overrides the default `docker.service` file. If you are behind an HTTP proxy server, for example in corporate settings, you will need to add this configuration in the Docker systemd service file. -First, create a systemd drop-in directory for the docker service: +1. Create a systemd drop-in directory for the docker service: - mkdir /etc/systemd/system/docker.service.d + ```bash + $ mkdir /etc/systemd/system/docker.service.d + ``` -Now create a file called `/etc/systemd/system/docker.service.d/http-proxy.conf` -that adds the `HTTP_PROXY` environment variable: +2. Create a file called `/etc/systemd/system/docker.service.d/http-proxy.conf` + that adds the `HTTP_PROXY` environment variable: + ```conf [Service] Environment="HTTP_PROXY=http://proxy.example.com:80/" + ``` -If you have internal Docker registries that you need to contact without -proxying you can specify them via the `NO_PROXY` environment variable: +3. If you have internal Docker registries that you need to contact without + proxying you can specify them via the `NO_PROXY` environment variable: + ```conf Environment="HTTP_PROXY=http://proxy.example.com:80/" "NO_PROXY=localhost,127.0.0.1,docker-registry.somecorporation.com" + ``` -Flush changes: +4. Flush changes: + ```bash $ sudo systemctl daemon-reload + ``` -Verify that the configuration has been loaded: +5. Verify that the configuration has been loaded: + ```bash $ systemctl show --property=Environment docker Environment=HTTP_PROXY=http://proxy.example.com:80/ + ``` +6. Restart Docker: -Restart Docker: - + ```bash $ sudo systemctl restart docker + ``` ## Manually creating the systemd unit files