Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Docker stack deploy does not support systemd containers (cap_add, tmpfs) #30846

Closed
jamshid opened this issue Feb 8, 2017 · 4 comments
Closed
Labels
area/stack area/swarm kind/enhancement Enhancements are not bugs or new features but can improve usability or performance.

Comments

@jamshid
Copy link
Contributor

jamshid commented Feb 8, 2017

Nobody wants to run systemd in a container, but it's necessary because not all software is docker-ready, or docker is being used to simulate a production system.

It's great that docker 1.13 can now deploy a docker-compose.yml to swarm, but the limited configuration support means systemd containers will not run. docker stack deploy reports:

Ignoring unsupported options: cap_add, devices, privileged, security_opt, tmpfs

When will stack/bundle/dab/whatever support systemd containers, which require cap_add and tmpfs?

    cap_add:
      - SYS_ADMIN
    tmpfs: /run
    volumes:
      - /sys/fs/cgroup:/sys/fs/cgroup:ro
    environment:
      - container=docker

Ref #28614 (comment)

PS: devices would also be very useful especially if the value could somehow be made different on different swarm nodes.

@justincormack
Copy link
Contributor

The main issue for swarm mode features is #25303 with links to more specific issues.

@thaJeztah
Copy link
Member

Thanks for reporting @jamshid

I think the requirements for this are covered by #25885 (--cap-add / --cap-remove) and #25885 (--privileged).

w.r.t. tmpfs, services allow adding a tmpfs using --mount, which may be a more generic solution

I'll close this issue, because the requirements for this are tracked through the linked issues, but feel free to continue the conversation.

@thaJeztah thaJeztah added area/stack area/swarm kind/enhancement Enhancements are not bugs or new features but can improve usability or performance. labels Feb 9, 2017
@Flaniga3
Copy link

@thaJeztah I know this has been closed for awhile, but is there a status update on "privileged: true" working for docker stack? It seems you linked docker#25885 for both cap-add/remove and privileged.

@svscorp
Copy link

svscorp commented Jul 26, 2017

Joining @Flaniga3 with the question

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
area/stack area/swarm kind/enhancement Enhancements are not bugs or new features but can improve usability or performance.
Projects
None yet
Development

No branches or pull requests

5 participants