From 79b4e5a8d7efe534647e2d5287f606883fc555a3 Mon Sep 17 00:00:00 2001 From: Benno Fünfstück Date: Thu, 24 Dec 2015 12:07:45 +0100 Subject: docker module: fix kernel module loading The docker module used different code for socket-activated docker daemon than for the non-socket activated daemon. In particular, if the socket-activated daemon is used, then modprobe wasn't set up to be usable and in PATH for the docker daemon, which resulted in a failure to start the daemon with overlayfs as storageDriver if the `overlay` kernel module wasn't already loaded. This commit fixes that bug (which only appears if socket activation is used), and also reduces the duplication between code paths so that it's easier to keep both in sync in future. --- nixos/modules/virtualisation/docker.nix | 47 +++++++++++---------------------- 1 file changed, 16 insertions(+), 31 deletions(-) diff --git a/nixos/modules/virtualisation/docker.nix b/nixos/modules/virtualisation/docker.nix index 718ca0851477..97b2927cf1bd 100644 --- a/nixos/modules/virtualisation/docker.nix +++ b/nixos/modules/virtualisation/docker.nix @@ -69,7 +69,8 @@ in description = '' The postStart phase of the systemd service. You may need to override this if you are passing in flags to docker which - don't cause the socket file to be created. + don't cause the socket file to be created. This option is ignored + if socket activation is used. ''; }; @@ -81,22 +82,29 @@ in config = mkIf cfg.enable (mkMerge [ { environment.systemPackages = [ pkgs.docker ]; users.extraGroups.docker.gid = config.ids.gids.docker; - } - (mkIf cfg.socketActivation { - systemd.services.docker = { description = "Docker Application Container Engine"; - after = [ "network.target" "docker.socket" ]; - requires = [ "docker.socket" ]; + wantedBy = optional (!cfg.socketActivation) "multi-user.target"; + after = [ "network.target" ] ++ (optional cfg.socketActivation "docker.socket") ; + requires = optional cfg.socketActivation "docker.socket"; serviceConfig = { - ExecStart = "${pkgs.docker}/bin/docker daemon --host=fd:// --group=docker --storage-driver=${cfg.storageDriver} ${cfg.extraOptions}"; + ExecStart = "${pkgs.docker}/bin/docker daemon --group=docker --storage-driver=${cfg.storageDriver} ${optionalString cfg.socketActivation "--host=fd://"} ${cfg.extraOptions}"; # I'm not sure if that limits aren't too high, but it's what # goes in config bundled with docker itself LimitNOFILE = 1048576; LimitNPROC = 1048576; } // proxy_env; - }; + path = [ pkgs.kmod ] ++ (optional (cfg.storageDriver == "zfs") pkgs.zfs); + environment.MODULE_DIR = "/run/current-system/kernel-modules/lib/modules"; + + postStart = if cfg.socketActivation then "" else cfg.postStart; + + # Presumably some containers are running we don't want to interrupt + restartIfChanged = false; + }; + } + (mkIf cfg.socketActivation { systemd.sockets.docker = { description = "Docker Socket for the API"; wantedBy = [ "sockets.target" ]; @@ -108,29 +116,6 @@ in }; }; }) - (mkIf (!cfg.socketActivation) { - - systemd.services.docker = { - description = "Docker Application Container Engine"; - wantedBy = [ "multi-user.target" ]; - after = [ "network.target" ]; - serviceConfig = { - ExecStart = "${pkgs.docker}/bin/docker daemon --group=docker --storage-driver=${cfg.storageDriver} ${cfg.extraOptions}"; - # I'm not sure if that limits aren't too high, but it's what - # goes in config bundled with docker itself - LimitNOFILE = 1048576; - LimitNPROC = 1048576; - } // proxy_env; - - path = [ pkgs.kmod ] ++ (optional (cfg.storageDriver == "zfs") pkgs.zfs); - environment.MODULE_DIR = "/run/current-system/kernel-modules/lib/modules"; - - postStart = cfg.postStart; - - # Presumably some containers are running we don't want to interrupt - restartIfChanged = false; - }; - }) ]); } -- cgit 1.4.1