Moby: Docker stack deploy does not support systemd containers (cap_add, tmpfs)

0

Nobody wants to run systemd in a container, but it's necessary because not all software is docker-ready, or docker is being used to simulate a production system.

It's great that docker 1.13 can now deploy a docker-compose.yml to swarm, but the limited configuration support means systemd containers will not run. docker stack deploy reports:

Ignoring unsupported options: cap_add, devices, privileged, security_opt, tmpfs

When will stack/bundle/dab/whatever support systemd containers, which require cap_add and tmpfs?

    cap_add:
      - SYS_ADMIN
    tmpfs: /run
    volumes:
      - /sys/fs/cgroup:/sys/fs/cgroup:ro
    environment:
      - container=docker

Ref https://github.com/docker/docker/issues/28614#issuecomment-261724902

PS: devices would also be very useful especially if the value could somehow be made different on different swarm nodes.

jamshid picture jamshid  ·  8 Feb 2017

Most helpful comment

22

@thaJeztah I know this has been closed for awhile, but is there a status update on "privileged: true" working for docker stack? It seems you linked docker#25885 for both cap-add/remove and privileged.

Flaniga3 picture Flaniga3  ·  24 May 2017

All comments

0

The main issue for swarm mode features is https://github.com/docker/docker/issues/25303 with links to more specific issues.

justincormack picture justincormack  ·  9 Feb 2017
0

Thanks for reporting @jamshid

I think the requirements for this are covered by https://github.com/docker/docker/issues/25885 (--cap-add / --cap-remove) and https://github.com/docker/docker/issues/25885 (--privileged).

w.r.t. tmpfs, services allow adding a tmpfs using --mount, which may be a more generic solution

I'll close this issue, because the requirements for this are tracked through the linked issues, but feel free to continue the conversation.

thaJeztah picture thaJeztah  ·  9 Feb 2017
22

@thaJeztah I know this has been closed for awhile, but is there a status update on "privileged: true" working for docker stack? It seems you linked docker#25885 for both cap-add/remove and privileged.

Flaniga3 picture Flaniga3  ·  24 May 2017
7

Joining @Flaniga3 with the question

svscorp picture svscorp  ·  26 Jul 2017