New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Remove docker.socket from rpm based systems #24804
Conversation
Fixes moby#23981 The selinux issue we are seeing in the report is related to the socket file for docker and nothing else. By removing the socket docker starts up correctly. However, there is another motivation for removing socket activation from docker's systemd files and that is because when you have daemons running with --restart always whenever you have a host reboot those daemons will not be started again because the docker daemon is not started by systemd until a request comes into the docker API. Leave it for deb based systems because everything is working correctly for both socket activation and starting normally at boot. Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Packages tested with both ubuntu 16.04 and fedora 24 |
LGTM |
LGTM 🐸 |
are we only changing this for RPM installs? |
because debs works and rpm does not |
For the record the only change for the service file is:
LGTM |
@tiborvass yes, that is the diff for the rpm version |
@crosbymichael How does Debian handle the Restart problem differently then RPM based systems? |
@rhatdan the systemctl enable and start are run in post stop hooks for the install. The user is not expected to do this manually and when we created the RPMs we were told that on RPM based systems that was the opposite . When we created the RPMs we were told that on RPM based systems that the user knows and is expected to run these commands manually after the install. |
Right no service should be enabled by default. Just installing a package should not imply that you want to run it. I am questioning the use of docker.socket at all, since this blocks docker restart. |
The socket is fine on ubuntu because we enable both the socket and the service. Because the service has the multi-user.target it is started at boot as well as having the socket activation if someone tries to access the socket before the daemon is started. |
note: moby/moby#24804 does not apply to pld as docker.service is registered at startup (enabled by default)
Fixes moby#23981 The selinux issue we are seeing in the report is related to the socket file for docker and nothing else. By removing the socket docker starts up correctly. However, there is another motivation for removing socket activation from docker's systemd files and that is because when you have daemons running with --restart always whenever you have a host reboot those daemons will not be started again because the docker daemon is not started by systemd until a request comes into the docker API. Leave it for deb based systems because everything is working correctly for both socket activation and starting normally at boot. External Link: moby#24804 Signed-off-by: Michael Crosby <michael@docker.com> Signed-off-by: xiekeyang <xiekeyang@huawei.com>
…rting Follow up commit 57ded30. To fix that docker client can not get response when racing with docker daemon starting. This is for EulerOS platform. External Link: moby#24804 Signed-off-by: xiekeyang <xiekeyang@huawei.com>
Fixes #23981
The selinux issue we are seeing in the report is related to the socket
file for docker and nothing else. By removing the socket docker starts
up correctly.
However, there is another motivation for removing socket activation from
docker's systemd files and that is because when you have daemons running
with --restart always whenever you have a host reboot those daemons
will not be started again because the docker daemon is not started by
systemd until a request comes into the docker API.
Leave it for deb based systems because everything is working correctly
for both socket activation and starting normally at boot.
Signed-off-by: Michael Crosby crosbymichael@gmail.com