docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Choose default-cgroup parent by cgroup driver 

It's "/docker" for cgroupfs and "system.slice" for systemd.

Fix #19140

Signed-off-by: Alexander Morozov <lk4d4@docker.com>
This commit is contained in:
Alexander Morozov 2016-01-06 13:59:01 -08:00
parent 7fab93175d
commit c1cd45d547
7 changed files with 25 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
daemon/config_unix.go
View File

@ -78,7 +78,7 @@ func (config *Config) InstallFlags(cmd *flag.FlagSet, usageFn func(string) strin
cmd.BoolVar(&config.Bridge.EnableUserlandProxy, []string{"-userland-proxy"}, true, usageFn("Use userland proxy for loopback traffic")) cmd.BoolVar(&config.Bridge.EnableUserlandProxy, []string{"-userland-proxy"}, true, usageFn("Use userland proxy for loopback traffic"))
cmd.BoolVar(&config.EnableCors, []string{"#api-enable-cors", "#-api-enable-cors"}, false, usageFn("Enable CORS headers in the remote API, this is deprecated by --api-cors-header")) cmd.BoolVar(&config.EnableCors, []string{"#api-enable-cors", "#-api-enable-cors"}, false, usageFn("Enable CORS headers in the remote API, this is deprecated by --api-cors-header"))
cmd.StringVar(&config.CorsHeaders, []string{"-api-cors-header"}, "", usageFn("Set CORS headers in the remote API")) cmd.StringVar(&config.CorsHeaders, []string{"-api-cors-header"}, "", usageFn("Set CORS headers in the remote API"))
cmd.StringVar(&config.CgroupParent, []string{"-cgroup-parent"}, "/docker", usageFn("Set parent cgroup for all containers")) cmd.StringVar(&config.CgroupParent, []string{"-cgroup-parent"}, "", usageFn("Set parent cgroup for all containers"))
config.attachExperimentalFlags(cmd, usageFn) config.attachExperimentalFlags(cmd, usageFn)
} }

17
daemon/container_operations_unix.go
View File

@ -23,6 +23,7 @@ import (
"github.com/docker/docker/pkg/fileutils" "github.com/docker/docker/pkg/fileutils"
"github.com/docker/docker/pkg/idtools" "github.com/docker/docker/pkg/idtools"
"github.com/docker/docker/pkg/mount" "github.com/docker/docker/pkg/mount"
"github.com/docker/docker/pkg/parsers"
"github.com/docker/docker/pkg/stringid" "github.com/docker/docker/pkg/stringid"
"github.com/docker/docker/runconfig" "github.com/docker/docker/runconfig"
"github.com/docker/go-units" "github.com/docker/go-units"
@ -241,6 +242,20 @@ func (daemon *Daemon) populateCommand(c *container.Container, env []string) erro
} }
uidMap, gidMap := daemon.GetUIDGIDMaps() uidMap, gidMap := daemon.GetUIDGIDMaps()
defaultCgroupParent := "/docker"
if daemon.configStore.CgroupParent != "" {
defaultCgroupParent = daemon.configStore.CgroupParent
} else {
for _, option := range daemon.configStore.ExecOptions {
key, val, err := parsers.ParseKeyValueOpt(option)
if err != nil || !strings.EqualFold(key, "native.cgroupdriver") {
continue
}
if val == "systemd" {
defaultCgroupParent = "system.slice"
}
}
}
c.Command = &execdriver.Command{ c.Command = &execdriver.Command{
CommonCommand: execdriver.CommonCommand{ CommonCommand: execdriver.CommonCommand{
ID: c.ID, ID: c.ID,
@ -258,7 +273,7 @@ func (daemon *Daemon) populateCommand(c *container.Container, env []string) erro
AutoCreatedDevices: autoCreatedDevices, AutoCreatedDevices: autoCreatedDevices,
CapAdd: c.HostConfig.CapAdd.Slice(), CapAdd: c.HostConfig.CapAdd.Slice(),
CapDrop: c.HostConfig.CapDrop.Slice(), CapDrop: c.HostConfig.CapDrop.Slice(),
CgroupParent: daemon.configStore.CgroupParent, CgroupParent: defaultCgroupParent,
GIDMapping: gidMap, GIDMapping: gidMap,
GroupAdd: c.HostConfig.GroupAdd, GroupAdd: c.HostConfig.GroupAdd,
Ipc: ipc, Ipc: ipc,

5
daemon/execdriver/driver_unix.go
View File

@ -146,14 +146,11 @@ func InitContainer(c *Command) *configs.Config {
// This can be overridden later by driver during mount setup based // This can be overridden later by driver during mount setup based
// on volume options // on volume options
SetRootPropagation(container, mount.RPRIVATE) SetRootPropagation(container, mount.RPRIVATE)
container.Cgroups.Parent = c.CgroupParent
// check to see if we are running in ramdisk to disable pivot root // check to see if we are running in ramdisk to disable pivot root
container.NoPivotRoot = os.Getenv("DOCKER_RAMDISK") != "" container.NoPivotRoot = os.Getenv("DOCKER_RAMDISK") != ""
// Default parent cgroup is "docker". Override if required.
if c.CgroupParent != "" {
container.Cgroups.Parent = c.CgroupParent
}
return container return container
} }

2
daemon/execdriver/native/driver.go
View File

@ -16,7 +16,6 @@ import (
"github.com/Sirupsen/logrus" "github.com/Sirupsen/logrus"
"github.com/docker/docker/daemon/execdriver" "github.com/docker/docker/daemon/execdriver"
"github.com/docker/docker/daemon/execdriver/native/template"
"github.com/docker/docker/pkg/parsers" "github.com/docker/docker/pkg/parsers"
"github.com/docker/docker/pkg/pools" "github.com/docker/docker/pkg/pools"
"github.com/docker/docker/pkg/reexec" "github.com/docker/docker/pkg/reexec"
@ -90,7 +89,6 @@ func NewDriver(root string, options []string) (*Driver, error) {
case "systemd": case "systemd":
if systemd.UseSystemd() { if systemd.UseSystemd() {
cgm = libcontainer.SystemdCgroups cgm = libcontainer.SystemdCgroups
template.SystemdCgroups = true
} else { } else {
// warn them that they chose the wrong driver // warn them that they chose the wrong driver
logrus.Warn("You cannot use systemd as native.cgroupdriver, using cgroupfs instead") logrus.Warn("You cannot use systemd as native.cgroupdriver, using cgroupfs instead")

10
daemon/execdriver/native/template/default_template_linux.go
View File

@ -9,9 +9,6 @@ import (
const defaultMountFlags = syscall.MS_NOEXEC | syscall.MS_NOSUID | syscall.MS_NODEV const defaultMountFlags = syscall.MS_NOEXEC | syscall.MS_NOSUID | syscall.MS_NODEV
// SystemdCgroups indicates whether systemd cgroup implemenation is in use or not
var SystemdCgroups = false
// New returns the docker default configuration for libcontainer // New returns the docker default configuration for libcontainer
func New() *configs.Config { func New() *configs.Config {
container := &configs.Config{ container := &configs.Config{
@ -40,7 +37,7 @@ func New() *configs.Config {
{Type: "NEWUSER"}, {Type: "NEWUSER"},
}), }),
Cgroups: &configs.Cgroup{ Cgroups: &configs.Cgroup{
Parent: "/docker", ScopePrefix: "docker", // systemd only
Resources: &configs.Resources{ Resources: &configs.Resources{
AllowAllDevices: false, AllowAllDevices: false,
MemorySwappiness: -1, MemorySwappiness: -1,
@ -99,10 +96,5 @@ func New() *configs.Config {
container.AppArmorProfile = "docker-default" container.AppArmorProfile = "docker-default"
} }
if SystemdCgroups {
container.Cgroups.Parent = "system.slice"
container.Cgroups.ScopePrefix = "docker"
}
return container return container
} }

5
docs/reference/commandline/daemon.md
View File

@ -20,7 +20,7 @@ weight = -1
--authz-plugin=[] Set authorization plugins to load --authz-plugin=[] Set authorization plugins to load
-b, --bridge="" Attach containers to a network bridge -b, --bridge="" Attach containers to a network bridge
--bip="" Specify network bridge IP --bip="" Specify network bridge IP
--cgroup-parent=/docker Set parent cgroup for all containers --cgroup-parent= Set parent cgroup for all containers
-D, --debug Enable debug mode -D, --debug Enable debug mode
--default-gateway="" Container default gateway IPv4 address --default-gateway="" Container default gateway IPv4 address
--default-gateway-v6="" Container default gateway IPv6 address --default-gateway-v6="" Container default gateway IPv6 address
@ -647,7 +647,8 @@ set like this:
# Default cgroup parent # Default cgroup parent
The `--cgroup-parent` option allows you to set the default cgroup parent The `--cgroup-parent` option allows you to set the default cgroup parent
to use for containers. If this option is not set, it defaults to `/docker`. to use for containers. If this option is not set, it defaults to `/docker` for
fs cgroup driver and `system.slice` for systemd cgroup driver.
If the cgroup has a leading forward slash (`/`), the cgroup is created If the cgroup has a leading forward slash (`/`), the cgroup is created
under the root cgroup, otherwise the cgroup is created under the daemon under the root cgroup, otherwise the cgroup is created under the daemon

4
man/docker-daemon.8.md
View File

@ -10,7 +10,7 @@ docker-daemon - Enable daemon mode
[**--authz-plugin**[=*[]*]] [**--authz-plugin**[=*[]*]]
[**-b**|**--bridge**[=*BRIDGE*]] [**-b**|**--bridge**[=*BRIDGE*]]
[**--bip**[=*BIP*]] [**--bip**[=*BIP*]]
[**--cgroup-parent**[=*/docker*]] [**--cgroup-parent**[=*[]*]]
[**--cluster-store**[=*[]*]] [**--cluster-store**[=*[]*]]
[**--cluster-advertise**[=*[]*]] [**--cluster-advertise**[=*[]*]]
[**--cluster-store-opt**[=*map[]*]] [**--cluster-store-opt**[=*map[]*]]
@ -82,7 +82,7 @@ format.
Use the provided CIDR notation address for the dynamically created bridge (docker0); Mutually exclusive of \-b Use the provided CIDR notation address for the dynamically created bridge (docker0); Mutually exclusive of \-b
**--cgroup-parent**="" **--cgroup-parent**=""
Set parent cgroup for all containers. Default is "/docker". Set parent cgroup for all containers. Default is "/docker" for fs cgroup driver and "system.slice" for systemd cgroup driver.
**--cluster-store**="" **--cluster-store**=""
URL of the distributed storage backend URL of the distributed storage backend