review balena-engine systemd service

[robertgzr]

we currently diverge from the one provided by upstream here:
https://github.com/moby/moby/blob/master/contrib/init/systemd/docker.service

• MountFlags=slave
  preventing us from using live restore functionality
  Remove MountFlags in systemd unit to allow shared mount propagation moby/moby#22806 (comment)
  access.redhat.com/articles/2938171

• LimitNOFILE=infinity, LimitNPROC=infinity
  not-insignificant performance overhead due to
  limits being propagated to all children (containerd + containers)
  moby/moby@8db6109

• Delegate=yes
  allow docker to manage it's cgroup subtree without systemd
  interference
  [1.10] Docker top something return empty list of processes for a running container moby/moby#20152
  moby/moby@d16737f

• TasksMax=infinity
  prevent systemd from setting a default task limit of 512 on the engine
  cgroup, on linux >=4.3
  core: add support for the "pids" cgroup controller systemd/systemd#1239
  Enable TasksMax by default for all units systemd/systemd#1886

• TimeoutStartSec=0
  prevent systemd from interrupting slow engine startup, potentially rendering a device unusable because we never get the supervisor back up
  moby/moby@eff5e64

as per my previous commit here: see: fb2b63e

[robertgzr]

regarding TimeoutStartSec

1. there seems to be an issue where some low-spec devices can exceed this timeout, which triggers systemd to stop the unit, see https://www.flowdock.com/app/rulemotion/balenalabs/threads/chG_M67A0Va0Bl2cgLiZ4pdCelh

2. upstream introduced this setting when they put their graphdriver migration code into the engine startup code. In the future we will also run similar migrations, see Aufs to overlay2 migration utility balena-engine#168. So disabling it seems like a good move.

[robertgzr]

Are there any counter arguments to having live-restore enabled on device?
https://docs.docker.com/config/containers/live-restore/

[jellyfish-bot]

[roman-mazur] This issue has attached support thread https://jel.ly.fish/9cfdf4d4-c626-4ba1-aa46-35e357fdbb08

[roman-mazur]

Just applied the TimeoutStartSec=0 change to mitigate an issue on a RPi Zero device that could not get the engine running in 90 seconds (the app is balenaSense, so it takes time to load 5 containers).

[jellyfish-bot]

[kb2ma] This issue has attached support thread https://jel.ly.fish/f50e9cf8-d51b-4000-b5ed-84f8cae452cc

[alexgg]

This refactoring happened in 8227a61.

The TimeoutStartSec was disabled in c4ce541