search

puppetlabs / puppetlabs-docker

The Puppet Docker repository
Apache License 2.0
91 stars 309 forks source link

question : docker service does it take care of /etc/default/docker on debian like OSes ? #476

Closed Dan33l closed 2 years ago

Dan33l commented 5 years ago

What you expected to happen?`

I am trying to enable ipv6 in docker contrainer with ipv6 => true, by default to false.

What happened?

With ipv6 => false like include docker. It works. By adding only ipv6 => true, the docker daemon does not start with the follwoing error message

How to reproduce it?

class { 'docker':
  ipv6 => true,
}

Anything else we need to know?

The puppet module modify the file /etc/default/docker like following:

# This file is managed by Puppet and local changes
# may be overwritten

OPTIONS=" -H unix:///var/run/docker.sock --ip-forward=true --iptables=true --ip-masq=true -G docker"

# This is also a handy place to tweak where Docker's temporary files go.
TMPDIR="/tmp/"

The systemd unit for docker service does not look to take care of it:

[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
BindsTo=containerd.service
After=network-online.target firewalld.service containerd.service
Wants=network-online.target
Requires=docker.socket

[Service]
Type=notify
# the default is not to use systemd for cgroups because the delegate issues still
# exists and systemd currently does not support the cgroup feature set required
# for containers run by docker
ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
ExecReload=/bin/kill -s HUP $MAINPID
TimeoutSec=0
RestartSec=2
Restart=always

# Note that StartLimit* options were moved from "Service" to "Unit" in systemd 229.
# Both the old, and new location are accepted by systemd 229 and up, so using the old location
# to make them work for either version of systemd.
StartLimitBurst=3

# Note that StartLimitInterval was renamed to StartLimitIntervalSec in systemd 230.
# Both the old, and new name are accepted by systemd 230 and up, so using the old name to make
# this option work for either version of systemd.
StartLimitInterval=60s

# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity

# Comment TasksMax if your systemd version does not supports it.
# Only systemd 226 and above support this option.
TasksMax=infinity

# set delegate yes so that systemd does not reset the cgroups of docker containers
Delegate=yes

# kill only the docker process, not all processes in the cgroup
KillMode=process

[Install]
WantedBy=multi-user.target

Versions:

$ puppet --version
5.5.10
$ docker version
Client:
 Version:           18.09.5
 API version:       1.39
 Go version:        go1.10.8
 Git commit:        e8ff056
 Built:             Thu Apr 11 04:44:24 2019
 OS/Arch:           linux/amd64
 Experimental:      false

Server: Docker Engine - Community
 Engine:
  Version:          18.09.5
  API version:      1.39 (minimum version 1.12)
  Go version:       go1.10.8
  Git commit:       e8ff056
  Built:            Thu Apr 11 04:10:53 2019
  OS/Arch:          linux/amd64
  Experimental:     false
$ facter os
{
  architecture => "amd64",
  distro => {
    codename => "xenial",
    description => "Ubuntu 16.04.6 LTS",
    id => "Ubuntu",
    release => {
      full => "16.04",
      major => "16.04"
    }
  },
  family => "Debian",
  hardware => "x86_64",
  name => "Ubuntu",
  release => {
    full => "16.04",
    major => "16.04"
  },
  selinux => {
    enabled => false
  }
}
$ puppet module list
Warning: Missing dependency 'puppetlabs-powershell':
  'puppetlabs-docker' (v3.1.0) requires 'puppetlabs-powershell' (>= 2.1.4)
Warning: Missing dependency 'puppetlabs-reboot':
  'puppetlabs-docker' (v3.1.0) requires 'puppetlabs-reboot' (>= 2.0.0)
/opt/puppetlabs/puppet/modules
├── puppet-archive (v3.2.1)
├── puppetlabs-apt (v6.2.1)
├── puppetlabs-docker (v3.1.0)
├── puppetlabs-stdlib (v5.1.0)
├── puppetlabs-translate (v1.1.0)
└── puppetlabs-vcsrepo (v2.4.0)

Logs:

Apr 18 10:26:53 dockerspace systemd[1]: Starting Docker Application Container Engine...
Apr 18 10:26:53 dockerspace dockerd[15546]: time="2019-04-18T10:26:53.702362580+02:00" level=info msg="parsed scheme: \"unix\"" module=grpc
Apr 18 10:26:53 dockerspace dockerd[15546]: time="2019-04-18T10:26:53.702629445+02:00" level=info msg="scheme \"unix\" not registered, fallback to default scheme" module=grpc
Apr 18 10:26:53 dockerspace dockerd[15546]: time="2019-04-18T10:26:53.702794329+02:00" level=info msg="parsed scheme: \"unix\"" module=grpc
Apr 18 10:26:53 dockerspace dockerd[15546]: time="2019-04-18T10:26:53.702922430+02:00" level=info msg="scheme \"unix\" not registered, fallback to default scheme" module=grpc
Apr 18 10:26:53 dockerspace dockerd[15546]: time="2019-04-18T10:26:53.703931155+02:00" level=info msg="[graphdriver] using prior storage driver: overlay2"
Apr 18 10:26:53 dockerspace dockerd[15546]: time="2019-04-18T10:26:53.704532445+02:00" level=info msg="ccResolverWrapper: sending new addresses to cc: [{unix:///run/containerd/containerd.sock 0  <nil>}]" module=grpc
Apr 18 10:26:53 dockerspace dockerd[15546]: time="2019-04-18T10:26:53.704704342+02:00" level=info msg="ClientConn switching balancer to \"pick_first\"" module=grpc
Apr 18 10:26:53 dockerspace dockerd[15546]: time="2019-04-18T10:26:53.704980202+02:00" level=info msg="pickfirstBalancer: HandleSubConnStateChange: 0xc42015c6c0, CONNECTING" module=grpc
Apr 18 10:26:53 dockerspace dockerd[15546]: time="2019-04-18T10:26:53.705583429+02:00" level=info msg="pickfirstBalancer: HandleSubConnStateChange: 0xc42015c6c0, READY" module=grpc
Apr 18 10:26:53 dockerspace dockerd[15546]: time="2019-04-18T10:26:53.705815304+02:00" level=info msg="ccResolverWrapper: sending new addresses to cc: [{unix:///run/containerd/containerd.sock 0  <nil>}]" module=grpc
Apr 18 10:26:53 dockerspace dockerd[15546]: time="2019-04-18T10:26:53.706007983+02:00" level=info msg="ClientConn switching balancer to \"pick_first\"" module=grpc
Apr 18 10:26:53 dockerspace dockerd[15546]: time="2019-04-18T10:26:53.706243811+02:00" level=info msg="pickfirstBalancer: HandleSubConnStateChange: 0xc42015c9b0, CONNECTING" module=grpc
Apr 18 10:26:53 dockerspace dockerd[15546]: time="2019-04-18T10:26:53.706650400+02:00" level=info msg="pickfirstBalancer: HandleSubConnStateChange: 0xc42015c9b0, READY" module=grpc
Apr 18 10:26:53 dockerspace dockerd[15546]: time="2019-04-18T10:26:53.707960838+02:00" level=info msg="Graph migration to content-addressability took 0.00 seconds"
Apr 18 10:26:53 dockerspace dockerd[15546]: time="2019-04-18T10:26:53.708329773+02:00" level=warning msg="Your kernel does not support swap memory limit"
Apr 18 10:26:53 dockerspace dockerd[15546]: time="2019-04-18T10:26:53.708492581+02:00" level=warning msg="Your kernel does not support cgroup rt period"
Apr 18 10:26:53 dockerspace dockerd[15546]: time="2019-04-18T10:26:53.708623713+02:00" level=warning msg="Your kernel does not support cgroup rt runtime"
Apr 18 10:26:53 dockerspace dockerd[15546]: time="2019-04-18T10:26:53.709048813+02:00" level=info msg="Loading containers: start."
Apr 18 10:26:53 dockerspace dockerd[15546]: time="2019-04-18T10:26:53.765844572+02:00" level=info msg="Default bridge (docker0) is assigned with an IP address 172.17.0.0/16. Daemon option --bip can be used to set a preferred IP address"
Apr 18 10:26:53 dockerspace dockerd[15546]: Error starting daemon: Error initializing network controller: Error creating default "bridge" network: could not find an available, non-overlapping IPv6 address pool among the defaults to assign to the network
Apr 18 10:26:53 dockerspace systemd[1]: docker.service: Main process exited, code=exited, status=1/FAILURE
Apr 18 10:26:53 dockerspace systemd[1]: Failed to start Docker Application Container Engine
Dan33l commented 5 years ago

The systemd unit does not use EnvironmentFile=-/etc/default/docker in the [Service] section.

The puppet module modify /etc/default/docker.

Dan33l commented 5 years ago

It looks that it is mandatory to fix an ipv6 address: https://github.com/moby/moby/issues/36954

github-actions[bot] commented 2 years ago

This issue has been marked as stale because it has been open for a while and has had no recent activity. If this issue is still important to you please drop a comment below and we will add this to our backlog to complete. Otherwise, it will be closed in 7 days.