File tree 2 files changed +16
-1
lines changed
contrib/systemd/containerized 2 files changed +16
-1
lines changed Original file line number Diff line number Diff line change @@ -8,7 +8,7 @@ After=openvswitch.service
88[Service]
99EnvironmentFile =/etc/sysconfig/origin-node
1010ExecStartPre =-/usr/bin/docker rm -f origin-node
11- ExecStart =/usr/bin/docker run --name origin-node --rm --privileged --net =host --pid =host --env-file =/etc/sysconfig/origin-node -v /:/rootfs:ro -v /etc/systemd/system:/host-etc/systemd/system -v /etc/localtime:/etc/localtime:ro -v /etc/machine-id:/etc/machine-id:ro -v /lib/modules:/lib/modules -v /run:/run -v /sys:/sys:ro -v /usr/bin/docker:/usr/bin/docker:ro -v / var/lib/docker:/var/lib/docker -v /etc/origin/node:/etc/origin/node -v /etc/origin/openvswitch:/etc/openvswitch -v /etc/origin/sdn:/etc/openshift-sdn -v /var/lib/origin:/var/lib/origin -v /var/log:/var/log -v /dev:/dev -e HOST =/rootfs -e HOST_ETC =/host-etc openshift/node
11+ ExecStart =/usr/bin/docker run --name origin-node --rm --privileged --net =host --pid =host --env-file =/etc/sysconfig/origin-node -v /:/rootfs:ro -v /etc/systemd/system:/host-etc/systemd/system -v /etc/localtime:/etc/localtime:ro -v /etc/machine-id:/etc/machine-id:ro -v /lib/modules:/lib/modules -v /run:/run -v /sys:/sys:ro -v /var/lib/docker:/var/lib/docker -v /etc/origin/node:/etc/origin/node -v /etc/origin/openvswitch:/etc/openvswitch -v /etc/origin/sdn:/etc/openshift-sdn -v /var/lib/origin:/var/lib/origin -v /var/log:/var/log -v /dev:/dev -e HOST =/rootfs -e HOST_ETC =/host-etc openshift/node
1212ExecStartPost =/usr/bin/sleep 10
1313ExecStop =/usr/bin/docker stop origin-node
1414Restart =always
Original file line number Diff line number Diff line change 11#! /bin/sh
22
3+ # We need to ensure that the version of docker we're running inside the
4+ # container matches that of the host. A newer version of docker client against
5+ # and older daemon is known not to work and older versions of the client
6+ # against newer versions of the daemon aren't widely tested. So therefore we
7+ # rely on running docker from the host's filesystem which we expect to be
8+ # mounted at /rootfs. Docker on the host can be upgraded without a corresponding
9+ # update to the node image and that update may add dependencies like libseccomp
10+ # that aren't available inside our node image. By chroot'ing to /rootfs we can
11+ # ensure that as long as the host has a valid install things will work.
12+
13+ # NOTE: This means that anything inside the node container needs to call
14+ # `docker` or `/usr/local/bin/docker`. We're not replacing /usr/bin/docker
15+ # because most installs currently mount /usr/bin/docker from the host into that
16+ # path.
17+
318chroot /rootfs docker " ${@ } "
You can’t perform that action at this time.
0 commit comments