commit 79b4e5a8d7efe534647e2d5287f606883fc555a3

tjh.dev / nixpkgs

Clone of https://github.com/NixOS/nixpkgs.git (to stress-test knotserver)

docker module: fix kernel module loading

The docker module used different code for socket-activated docker daemon than for the non-socket activated daemon.
In particular, if the socket-activated daemon is used, then modprobe wasn't set up to be usable and in PATH for
the docker daemon, which resulted in a failure to start the daemon with overlayfs as storageDriver if the
`overlay` kernel module wasn't already loaded. This commit fixes that bug (which only appears if socket
activation is used), and also reduces the duplication between code paths so that it's easier to keep
both in sync in future.

Benno Fünfstück 10 years ago 79b4e5a8 0fda4ff7

+16 -31

1 changed file

expand all

unified split

nixos

modules

virtualisation

docker.nix

+16 -31

nixos/modules/virtualisation/docker.nix

··· 69 description = '' 70 The postStart phase of the systemd service. You may need to 71 override this if you are passing in flags to docker which 72 - don't cause the socket file to be created. 73 ''; 74 }; 75 ··· 81 config = mkIf cfg.enable (mkMerge [ 82 { environment.systemPackages = [ pkgs.docker ]; 83 users.extraGroups.docker.gid = config.ids.gids.docker; 84 - } 85 - (mkIf cfg.socketActivation { 86 - 87 systemd.services.docker = { 88 description = "Docker Application Container Engine"; 89 - after = [ "network.target" "docker.socket" ]; 90 - requires = [ "docker.socket" ]; 91 serviceConfig = { 92 - ExecStart = "${pkgs.docker}/bin/docker daemon --host=fd:// --group=docker --storage-driver=${cfg.storageDriver} ${cfg.extraOptions}"; 93 # I'm not sure if that limits aren't too high, but it's what 94 # goes in config bundled with docker itself 95 LimitNOFILE = 1048576; 96 LimitNPROC = 1048576; 97 } // proxy_env; 98 - }; 99 100 systemd.sockets.docker = { 101 description = "Docker Socket for the API"; 102 wantedBy = [ "sockets.target" ]; ··· 106 SocketUser = "root"; 107 SocketGroup = "docker"; 108 }; 109 - }; 110 - }) 111 - (mkIf (!cfg.socketActivation) { 112 - 113 - systemd.services.docker = { 114 - description = "Docker Application Container Engine"; 115 - wantedBy = [ "multi-user.target" ]; 116 - after = [ "network.target" ]; 117 - serviceConfig = { 118 - ExecStart = "${pkgs.docker}/bin/docker daemon --group=docker --storage-driver=${cfg.storageDriver} ${cfg.extraOptions}"; 119 - # I'm not sure if that limits aren't too high, but it's what 120 - # goes in config bundled with docker itself 121 - LimitNOFILE = 1048576; 122 - LimitNPROC = 1048576; 123 - } // proxy_env; 124 - 125 - path = [ pkgs.kmod ] ++ (optional (cfg.storageDriver == "zfs") pkgs.zfs); 126 - environment.MODULE_DIR = "/run/current-system/kernel-modules/lib/modules"; 127 - 128 - postStart = cfg.postStart; 129 - 130 - # Presumably some containers are running we don't want to interrupt 131 - restartIfChanged = false; 132 }; 133 }) 134 ]);

··· 69 description = '' 70 The postStart phase of the systemd service. You may need to 71 override this if you are passing in flags to docker which 72 + don't cause the socket file to be created. This option is ignored 73 + if socket activation is used. 74 ''; 75 }; 76 ··· 82 config = mkIf cfg.enable (mkMerge [ 83 { environment.systemPackages = [ pkgs.docker ]; 84 users.extraGroups.docker.gid = config.ids.gids.docker; 85 systemd.services.docker = { 86 description = "Docker Application Container Engine"; 87 + wantedBy = optional (!cfg.socketActivation) "multi-user.target"; 88 + after = [ "network.target" ] ++ (optional cfg.socketActivation "docker.socket") ; 89 + requires = optional cfg.socketActivation "docker.socket"; 90 serviceConfig = { 91 + ExecStart = "${pkgs.docker}/bin/docker daemon --group=docker --storage-driver=${cfg.storageDriver} ${optionalString cfg.socketActivation "--host=fd://"} ${cfg.extraOptions}"; 92 # I'm not sure if that limits aren't too high, but it's what 93 # goes in config bundled with docker itself 94 LimitNOFILE = 1048576; 95 LimitNPROC = 1048576; 96 } // proxy_env; 97 98 + path = [ pkgs.kmod ] ++ (optional (cfg.storageDriver == "zfs") pkgs.zfs); 99 + environment.MODULE_DIR = "/run/current-system/kernel-modules/lib/modules"; 100 + 101 + postStart = if cfg.socketActivation then "" else cfg.postStart; 102 + 103 + # Presumably some containers are running we don't want to interrupt 104 + restartIfChanged = false; 105 + }; 106 + } 107 + (mkIf cfg.socketActivation { 108 systemd.sockets.docker = { 109 description = "Docker Socket for the API"; 110 wantedBy = [ "sockets.target" ]; ··· 114 SocketUser = "root"; 115 SocketGroup = "docker"; 116 }; 117 }; 118 }) 119 ]);