From 374d84df1b687d12aed2443355fe859036349d36 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20G=C3=BCnzler?= Date: Tue, 12 May 2020 18:40:34 +0200 Subject: [PATCH] wip: update service files to match upstream * MountFlags=slave preventing us from using live restore functionality https://github.com/moby/moby/pull/22806#issuecomment-268455501 https://access.redhat.com/articles/2938171 * LimitNOFILE=infinity LimitNPROC=infinity not-insignificant performance overhead due to limits being propagated to all children (containerd + containers) https://github.com/moby/moby/commit/8db61095a3d0bcb0733580734ba5d54bc27a614d * Delegate=yes allow docker to manage it's cgroup subtree without systemd interference https://github.com/moby/moby/issues/20152 https://github.com/moby/moby/commit/d16737f971092767c1b9d28302a3f5aedbe2f576 * TasksMax=infinity prevent systemd from setting a default task limit of 512 on the engine cgroup, on linux >=4.3 https://github.com/systemd/systemd/pull/1239 https://github.com/systemd/systemd/pull/1886 --- .../balena/balena/balena-host.service | 10 ++++++++-- .../recipes-containers/balena/balena/balena.service | 8 ++++++-- 2 files changed, 14 insertions(+), 4 deletions(-) diff --git a/meta-balena-common/recipes-containers/balena/balena/balena-host.service b/meta-balena-common/recipes-containers/balena/balena/balena-host.service index fa956f519c..9578af0d24 100644 --- a/meta-balena-common/recipes-containers/balena/balena/balena-host.service +++ b/meta-balena-common/recipes-containers/balena/balena/balena-host.service @@ -13,8 +13,14 @@ EnvironmentFile=-/etc/docker/balenahost.env ExecStart=/usr/bin/balenad --delta-data-root=/mnt/sysroot/active/balena --delta-storage-driver=@BALENA_STORAGE@ --log-driver=journald -s @BALENA_STORAGE@ --data-root=/mnt/sysroot/inactive/balena -H fd:// --pidfile=/var/run/balena-host.pid --exec-root=/var/run/balena-host --bip 10.114.101.1/24 --fixed-cidr=10.114.101.128/25 --iptables=false --max-download-attempts=10 --exec-opt native.cgroupdriver=systemd #Adjust OOMscore to -900 to make killing unlikely OOMScoreAdjust=-900 -MountFlags=slave LimitNOFILE=1048576 -LimitNPROC=1048576 +LimitNPROC=infinity LimitCORE=infinity +TasksMax=infinity +TimeoutStartSec=0 +Restart=on-failure +StartLimitBurst=3 +StartLimitInterval=30s +Delegate=yes +KillMode=process diff --git a/meta-balena-common/recipes-containers/balena/balena/balena.service b/meta-balena-common/recipes-containers/balena/balena/balena.service index 85b7e1b655..eac8148c69 100644 --- a/meta-balena-common/recipes-containers/balena/balena/balena.service +++ b/meta-balena-common/recipes-containers/balena/balena/balena.service @@ -13,12 +13,16 @@ ExecStart=/usr/bin/healthdog --healthcheck=/usr/lib/balena/balena-healthcheck /u ExecStartPost=/bin/bash -c '/usr/lib/balena/balena-healthcheck-image-load &' #Adjust OOMscore to -900 to make killing unlikely OOMScoreAdjust=-900 -MountFlags=slave LimitNOFILE=1048576 -LimitNPROC=1048576 +LimitNPROC=infinity LimitCORE=infinity +TasksMax=infinity +TimeoutStartSec=0 WatchdogSec=360 Restart=always +StartLimitBurst=3 +StartLimitInterval=30s +Delegate=yes KillMode=process [Install]