cgroup v2 is the next generation of the control groups API. This patch
replaces the cgroup v1 file systems with the unified cgroup v2 file
system.
cgroup v2 allows for things like containerd/podman to run rootless
containers and opens guix system up to running things like Kubernetes.
Thanks to Hilton Chain <hako@ultrarare.space> for suggesting the Docker
service change.
* gnu/system/file-systems.scm (%control-groups): Change to a single
"cgroup2" mount point.
* gnu/services/docker.scm (docker-shepherd-service): Trim 'requirement'
field accordingly.
Co-authored-by: Ludovic Courtès <ludo@gnu.org>
* gnu/services/docker.scm (docker-configuration): Add the field
(docker-shepherd-service): Pass the list of defined variables to
make-forkexec-constructor.
* doc/guix.texi (Miscellaneous Services): Update doc.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
This commit fixes error 'time="2020-10-16T…" level=error msg="Handler for POST
/v1.40/containers/…/start returned error: failed to start shim: exec:
\"containerd-shim\": executable file not found in $PATH: unknown"'.
* gnu/services/docker.scm
(containerd-shepherd-service): Add "containerd-shim" to PATH.
The userland proxy option does not properly disable the userland proxy when
set to false. Docker defaults to enabling the userland proxy if the option is
unset on the command line.
* gnu/services/docker.scm (docker-shepherd-service): Properly handle the
'enable-proxy?' option.
Signed-off-by: Efraim Flashner <efraim@flashner.co.il>
This commit follows a404716d41.
* gnu/services/docker.scm
(docker-configuration)[docker-cli]: New record field.
(docker-service-type): Use this.
* doc/guix.texi (Miscellaneous Services)[Docker Service]: Document this.
* gnu/services/docker.scm (docker-configuration): Add a debug? field.
(containerd-shepherd-service): Pass the "--log-level=debug" argument when
DEBUG? is true.
(docker-shepherd-service): Pass the "--debug" and "--log-level=debug"
arguments when DEBUG? is true.
* doc/guix.texi (Miscellaneous Services): Update doc.
* gnu/system/file-systems.scm (%control-groups): Add "pids".
* gnu/services/docker.scm (docker-shepherd-service): Resolve a TODO.
This has allowed me to make a specific configuration of nsjail work.
* gnu/packages/linux.scm (singularity)[source](snippet): Change file
name of setuid helpers in libexec/cli/*.exec.
[arguments]: Remove "--disable-suid".
* gnu/services/docker.scm (%singularity-activation): New variable.
(singularity-setuid-programs): New procedure.
(singularity-service-type): New variable.
* gnu/tests/singularity.scm: New file.
* gnu/local.mk (GNU_SYSTEM_MODULES): Add it.
* doc/guix.texi (Miscellaneous Services): Document it.
The Docker proxy enables inter-container and outside-to-container loopback,
and is required by the Docker registry server.
* gnu/services/docker.scm (docker-configuration)[proxy,
enable-proxy?]: Add fields.
(docker-shepherd-service): Use them.
(serialize-boolean): New function.