commit 79b4e5a8d7efe534647e2d5287f606883fc555a3 · tjh.dev/nixpkgs

tjh.dev / nixpkgs

Clone of https://github.com/NixOS/nixpkgs.git (to stress-test knotserver)

docker module: fix kernel module loading

The docker module used different code for socket-activated docker daemon than for the non-socket activated daemon.
In particular, if the socket-activated daemon is used, then modprobe wasn't set up to be usable and in PATH for
the docker daemon, which resulted in a failure to start the daemon with overlayfs as storageDriver if the
`overlay` kernel module wasn't already loaded. This commit fixes that bug (which only appears if socket
activation is used), and also reduces the duplication between code paths so that it's easier to keep
both in sync in future.

Benno Fünfstück 10 years ago 79b4e5a8 0fda4ff7

+16 -31

1 changed file

expand all

unified split

nixos

modules

virtualisation

docker.nix

+16 -31

nixos/modules/virtualisation/docker.nix

··· 69 69 description = '' 70 70 The postStart phase of the systemd service. You may need to 71 71 override this if you are passing in flags to docker which 72 - don't cause the socket file to be created. 72 + don't cause the socket file to be created. This option is ignored 73 + if socket activation is used. 73 74 ''; 74 75 }; 75 76 ··· 81 82 config = mkIf cfg.enable (mkMerge [ 82 83 { environment.systemPackages = [ pkgs.docker ]; 83 84 users.extraGroups.docker.gid = config.ids.gids.docker; 84 - } 85 - (mkIf cfg.socketActivation { 86 - 87 85 systemd.services.docker = { 88 86 description = "Docker Application Container Engine"; 89 - after = [ "network.target" "docker.socket" ]; 90 - requires = [ "docker.socket" ]; 87 + wantedBy = optional (!cfg.socketActivation) "multi-user.target"; 88 + after = [ "network.target" ] ++ (optional cfg.socketActivation "docker.socket") ; 89 + requires = optional cfg.socketActivation "docker.socket"; 91 90 serviceConfig = { 92 - ExecStart = "${pkgs.docker}/bin/docker daemon --host=fd:// --group=docker --storage-driver=${cfg.storageDriver} ${cfg.extraOptions}"; 91 + ExecStart = "${pkgs.docker}/bin/docker daemon --group=docker --storage-driver=${cfg.storageDriver} ${optionalString cfg.socketActivation "--host=fd://"} ${cfg.extraOptions}"; 93 92 # I'm not sure if that limits aren't too high, but it's what 94 93 # goes in config bundled with docker itself 95 94 LimitNOFILE = 1048576; 96 95 LimitNPROC = 1048576; 97 96 } // proxy_env; 98 - }; 99 97 98 + path = [ pkgs.kmod ] ++ (optional (cfg.storageDriver == "zfs") pkgs.zfs); 99 + environment.MODULE_DIR = "/run/current-system/kernel-modules/lib/modules"; 100 + 101 + postStart = if cfg.socketActivation then "" else cfg.postStart; 102 + 103 + # Presumably some containers are running we don't want to interrupt 104 + restartIfChanged = false; 105 + }; 106 + } 107 + (mkIf cfg.socketActivation { 100 108 systemd.sockets.docker = { 101 109 description = "Docker Socket for the API"; 102 110 wantedBy = [ "sockets.target" ]; ··· 106 114 SocketUser = "root"; 107 115 SocketGroup = "docker"; 108 116 }; 109 - }; 110 - }) 111 - (mkIf (!cfg.socketActivation) { 112 - 113 - systemd.services.docker = { 114 - description = "Docker Application Container Engine"; 115 - wantedBy = [ "multi-user.target" ]; 116 - after = [ "network.target" ]; 117 - serviceConfig = { 118 - ExecStart = "${pkgs.docker}/bin/docker daemon --group=docker --storage-driver=${cfg.storageDriver} ${cfg.extraOptions}"; 119 - # I'm not sure if that limits aren't too high, but it's what 120 - # goes in config bundled with docker itself 121 - LimitNOFILE = 1048576; 122 - LimitNPROC = 1048576; 123 - } // proxy_env; 124 - 125 - path = [ pkgs.kmod ] ++ (optional (cfg.storageDriver == "zfs") pkgs.zfs); 126 - environment.MODULE_DIR = "/run/current-system/kernel-modules/lib/modules"; 127 - 128 - postStart = cfg.postStart; 129 - 130 - # Presumably some containers are running we don't want to interrupt 131 - restartIfChanged = false; 132 117 }; 133 118 }) 134 119 ]);