From cc1eb7e9a42f478b18c7aa07c6a8d0936ae7a6fe Mon Sep 17 00:00:00 2001 From: Alex Gustafsson Date: Wed, 20 May 2020 19:31:35 +0200 Subject: [PATCH] Add defaults to Fedora CoreOS provider Add the defaults used by the Docker installation on Fedora CoreOS provider available in /etc/systemd/system/docker.service and /etc/sysconfig/docker except for --live-restore which is incompatible with swarm mode. --- .DS_Store | Bin 0 -> 8196 bytes libmachine/provision/fedora_coreos.go | 31 +++++++++++++++++--------- 2 files changed, 20 insertions(+), 11 deletions(-) create mode 100644 .DS_Store diff --git a/.DS_Store b/.DS_Store new file mode 100644 index 0000000000000000000000000000000000000000..f321c84d14890b91bdf2326ab38154ef1e010d78 GIT binary patch literal 8196 zcmeHM%Wl&^6ur}g)JZA`5)uU=WQheVO4J9U3pQz*0F?@ zijdf{MzG}}{sZ_1K7l<8mT>NPsBEWYg+!&!RGvGv&z-sF%pFh1B_dJoHK&NiiO9gk zwvb14K;h?n4V4jf=OV0tKaow($s?bNu)1gkv;tZIt$>#xA)qzSL0btX(EeqN>2S^`N*^;t@&`MYI8J-@5auw=`AwqXN zHyI9FQg#s9(49o+PC|_=)Con%(cx!GIEhkdb*&Z93Jfd2XZJC(sDq#F*!g{n+6!%O zz0vj>!0@uVf$PdISly(P=x~U~=-C7)hm1WJZl_E}zYx z%x9m}TVB5&SV6B_w*1w?g}T$U8fRDP3spF3> zLz5<6CVWyr5BK~dfii&dfZIZ9xYVR>JQA4-uOq22D)BA_h{mBt0?jEAMV|uS8rZJT zGA&SYYJ69>y!u26^$3B-NdD-|w3W0MBJqFYc78zq5=xRgP0O}?d8P9RdFNa+4;I|33MMTfcHxmpn$A9q& z;4_>TU>);GA*x`A1(v+niEz##0?e<>i*;(D?I!gkW*+q!MMf`R#;cg&I#m;~Gv6pW zPj|2qI2%@!ts+b62`^?G^)ldPK_mO{Iga7Sl6Yv#T-M{`aGs0r5&k1!o={)%jbgHh zw~E*+7^8}QhgTbOj(X(aQBxjsv~-{kGmiRXsEbVCTv30-VJ$G?thyM@@lL7|=MM|Eq_8|37MB>v*&R zT7iG4fJj&Bl`=Z~^OtL~Z$4|AxYlrSVca0J(ghVm_`W=j!|wmX5N%UED=9k&EuNtK WpAP|g|5pdP*efUqWTRPD>c&q literal 0 HcmV?d00001 diff --git a/libmachine/provision/fedora_coreos.go b/libmachine/provision/fedora_coreos.go index a6626c4d69..aa12a14eb3 100644 --- a/libmachine/provision/fedora_coreos.go +++ b/libmachine/provision/fedora_coreos.go @@ -58,21 +58,30 @@ func (provisioner *FedoraCoreOSProvisioner) GenerateDockerOptions(dockerPort int driverNameLabel := fmt.Sprintf("provider=%s", provisioner.Driver.DriverName()) provisioner.EngineOptions.Labels = append(provisioner.EngineOptions.Labels, driverNameLabel) + // Adds defaults used by Fedora CoreOS in /etc/systemd/system/docker.service + // as well as in /etc/sysconfig/docker. + // The only removed option is the --live-restore option which is incompatible + // with swarm mode. engineConfigTmpl := `[Service] Environment=TMPDIR=/var/tmp ExecStart= ExecStart=/usr/bin/dockerd \ - --exec-opt native.cgroupdriver=systemd \ - --host=unix:///var/run/docker.sock \ - --host=tcp://0.0.0.0:{{.DockerPort}} \ - --tlsverify \ - --tlscacert {{.AuthOptions.CaCertRemotePath}} \ - --tlscert {{.AuthOptions.ServerCertRemotePath}} \ - --tlskey {{.AuthOptions.ServerKeyRemotePath}}{{ range .EngineOptions.Labels }} \ - --label {{.}}{{ end }}{{ range .EngineOptions.InsecureRegistry }} \ - --insecure-registry {{.}}{{ end }}{{ range .EngineOptions.RegistryMirror }} \ - --registry-mirror {{.}}{{ end }}{{ range .EngineOptions.ArbitraryFlags }} \ - --{{.}}{{ end }} \$DOCKER_OPTS \$DOCKER_OPT_BIP \$DOCKER_OPT_MTU \$DOCKER_OPT_IPMASQ +--selinux-enabled \ +--log-driver=journald \ +--default-ulimit nofile=1024:1024 \ +--init-path /usr/libexec/docker/docker-init \ +--userland-proxy-path /usr/libexec/docker/docker-proxy \ +--exec-opt native.cgroupdriver=systemd \ +--host=unix:///var/run/docker.sock \ +--host=tcp://0.0.0.0:{{.DockerPort}} \ +--tlsverify \ +--tlscacert {{.AuthOptions.CaCertRemotePath}} \ +--tlscert {{.AuthOptions.ServerCertRemotePath}} \ +--tlskey {{.AuthOptions.ServerKeyRemotePath}}{{ range .EngineOptions.Labels }} \ +--label {{.}}{{ end }}{{ range .EngineOptions.InsecureRegistry }} \ +--insecure-registry {{.}}{{ end }}{{ range .EngineOptions.RegistryMirror }} \ +--registry-mirror {{.}}{{ end }}{{ range .EngineOptions.ArbitraryFlags }} \ +--{{.}}{{ end }} \$DOCKER_OPTS \$DOCKER_OPT_BIP \$DOCKER_OPT_MTU \$DOCKER_OPT_IPMASQ Environment={{range .EngineOptions.Env}}{{ printf "%q" . }} {{end}} `