diff --git a/README.md b/README.md index 2ba750e1d..fa644db49 100755 --- a/README.md +++ b/README.md @@ -195,6 +195,17 @@ class { 'docker': } ``` +To increase/decrese docker process limits (open files limit or proc limit), you can use the service_limits option. +This could be necessary to set higher limits than the ones inherited from systemd. +```puppet +class {'docker': + service_limits => { + nofile => 4096, + nproc => 4096 + } +} +``` + The class contains lots of other options, please see the inline code documentation for the full options. diff --git a/manifests/init.pp b/manifests/init.pp index 471b5be64..7060c2991 100755 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -187,6 +187,15 @@ # Valid values are 'true', 'false'. # Defaults to 'true'. # +# [*service_limits*] +# Hash of limits to be applied for the systemd service +# Example: +# class {'docker': +# service_limits => { +# nofile => 4096 +# } +# } +# # [*root_dir*] # Custom root directory for containers # Defaults to undefined @@ -440,6 +449,7 @@ $service_overrides_template = $docker::params::service_overrides_template, $service_hasstatus = $docker::params::service_hasstatus, $service_hasrestart = $docker::params::service_hasrestart, + $service_limits = $docker::params::service_limits, ) inherits docker::params { validate_string($version) @@ -463,6 +473,9 @@ validate_string($fixed_cidr) validate_string($default_gateway) validate_string($bip) + if $service_limits != undef { + validate_hash($service_limits) + } if ($default_gateway) and (!$bridge) { fail('You must provide the $bridge parameter.') diff --git a/manifests/params.pp b/manifests/params.pp index ad01fc227..401081c2d 100755 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -30,6 +30,7 @@ $labels = [] $service_state = running $service_enable = true + $service_limits = undef $manage_service = true $root_dir = undef $tmp_dir = '/tmp/' diff --git a/manifests/service.pp b/manifests/service.pp index 0e0a10e1a..b2c1197b8 100755 --- a/manifests/service.pp +++ b/manifests/service.pp @@ -31,6 +31,15 @@ # [*shell_values*] # Array of shell values to pass into init script config files # +# [*service_limits*] +# Hash of limits to be applied for the systemd service +# Example: +# class {'docker': +# service_limits => { +# nofile => 4096 +# } +# } +# # [*manage_service*] # Specify whether the service should be managed. # Valid values are 'true', 'false'. @@ -104,6 +113,7 @@ $service_overrides_template = $docker::service_overrides_template, $service_hasstatus = $docker::service_hasstatus, $service_hasrestart = $docker::service_hasrestart, + $service_limits = $docker::service_limits, $daemon_environment_files = $docker::daemon_environment_files, $tls_enable = $docker::tls_enable, $tls_verify = $docker::tls_verify, diff --git a/spec/classes/docker_spec.rb b/spec/classes/docker_spec.rb index a09375638..b7652dc01 100755 --- a/spec/classes/docker_spec.rb +++ b/spec/classes/docker_spec.rb @@ -905,12 +905,23 @@ it { should contain_yumrepo('docker') } it { should_not contain_class('epel') } it { should contain_package('docker').with_install_options('--enablerepo=rhel7-extras') } - - let(:params) { {'proxy' => 'http://127.0.0.1:3128' } } - service_config_file = '/etc/sysconfig/docker' - it { should contain_file(service_config_file).with_content(/^http_proxy='http:\/\/127.0.0.1:3128'/) } - it { should contain_file(service_config_file).with_content(/^ https_proxy='http:\/\/127.0.0.1:3128'/) } it { should contain_service('docker').with_provider('systemd').with_hasstatus(true).with_hasrestart(true) } + + + context 'with proxy param' do + let(:params) { {'proxy' => 'http://127.0.0.1:3128' } } + service_config_file = '/etc/sysconfig/docker' + it { should contain_file(service_config_file).with_content(/^http_proxy='http:\/\/127.0.0.1:3128'/) } + it { should contain_file(service_config_file).with_content(/^ https_proxy='http:\/\/127.0.0.1:3128'/) } + end + + context 'with service_limits specified' do + let(:params) { { 'service_limits' => { 'nofile' => 1024, 'nproc' => 2048 } } } + systemd_service_file = '/etc/systemd/system/docker.service.d/service-overrides.conf' + it { should contain_file(systemd_service_file).with_content(/^LimitNOFILE=1024/)} + it { should contain_file(systemd_service_file).with_content(/^LimitNPROC=2048/)} + end + end context 'specific to Oracle Linux 7 or above' do @@ -981,6 +992,14 @@ } } it { should contain_service('docker').with_provider('systemd').with_hasstatus(true).with_hasrestart(true) } + + context 'with service_limits specified' do + let(:params) { { 'service_limits' => { 'nofile' => 1024, 'nproc' => 2048 } } } + systemd_service_file = '/etc/systemd/system/docker.service.d/service-overrides.conf' + it { should contain_file(systemd_service_file).with_content(/^LimitNOFILE=1024/)} + it { should contain_file(systemd_service_file).with_content(/^LimitNPROC=2048/)} + end + end context 'Debian >= 8' do @@ -994,6 +1013,14 @@ } } it { should contain_service('docker').with_provider('systemd').with_hasstatus(true).with_hasrestart(true) } + + context 'with service_limits specified' do + let(:params) { { 'service_limits' => { 'nofile' => 1024, 'nproc' => 2048 } } } + systemd_service_file = '/etc/systemd/system/docker.service.d/service-overrides.conf' + it { should contain_file(systemd_service_file).with_content(/^LimitNOFILE=1024/)} + it { should contain_file(systemd_service_file).with_content(/^LimitNPROC=2048/)} + end + end end diff --git a/templates/etc/systemd/system/docker.service.d/service-overrides-archlinux.conf.erb b/templates/etc/systemd/system/docker.service.d/service-overrides-archlinux.conf.erb index 6a1577d25..8800069c2 100644 --- a/templates/etc/systemd/system/docker.service.d/service-overrides-archlinux.conf.erb +++ b/templates/etc/systemd/system/docker.service.d/service-overrides-archlinux.conf.erb @@ -1,2 +1,12 @@ [Service] EnvironmentFile=-/etc/conf.d/docker +<%- if @service_limits -%> + <%- @service_limits.each do |lim,value| -%> + <%- case lim -%> + <%- when "nofile" -%> +LimitNOFILE=<%= value %> + <%- when "nproc" -%> +LimitNPROC=<%= value %> + <%- end -%> + <%- end -%> +<%- end -%> diff --git a/templates/etc/systemd/system/docker.service.d/service-overrides-debian.conf.erb b/templates/etc/systemd/system/docker.service.d/service-overrides-debian.conf.erb index e56dabd72..49c5521dc 100644 --- a/templates/etc/systemd/system/docker.service.d/service-overrides-debian.conf.erb +++ b/templates/etc/systemd/system/docker.service.d/service-overrides-debian.conf.erb @@ -1,6 +1,16 @@ [Service] EnvironmentFile=-/etc/default/docker EnvironmentFile=-/etc/default/docker-storage +<%- if @service_limits -%> + <%- @service_limits.each do |lim,value| -%> + <%- case lim -%> + <%- when "nofile" -%> +LimitNOFILE=<%= value %> + <%- when "nproc" -%> +LimitNPROC=<%= value %> + <%- end -%> + <%- end -%> +<%- end -%> ExecStart= ExecStart=/usr/bin/<%= @docker_command %> <%= @daemon_subcommand %> $OPTIONS \ $DOCKER_STORAGE_OPTIONS diff --git a/templates/etc/systemd/system/docker.service.d/service-overrides-rhel.conf.erb b/templates/etc/systemd/system/docker.service.d/service-overrides-rhel.conf.erb index 3d367e9cf..d4c5b79af 100644 --- a/templates/etc/systemd/system/docker.service.d/service-overrides-rhel.conf.erb +++ b/templates/etc/systemd/system/docker.service.d/service-overrides-rhel.conf.erb @@ -2,6 +2,16 @@ EnvironmentFile=-/etc/sysconfig/docker EnvironmentFile=-/etc/sysconfig/docker-storage EnvironmentFile=-/etc/sysconfig/docker-network +<%- if @service_limits -%> + <%- @service_limits.each do |lim,value| -%> + <%- case lim -%> + <%- when "nofile" -%> +LimitNOFILE=<%= value %> + <%- when "nproc" -%> +LimitNPROC=<%= value %> + <%- end -%> + <%- end -%> +<%- end -%> <% if @daemon_environment_files %><% @daemon_environment_files.each do |param| %>EnvironmentFile=-<%= param %> <% end %><% end -%> ExecStart=