synchronization

Docker/Files/cri-docker.service

@@ -0,0 +1,39 @@
+[Unit]
+Description=CRI Interface for Docker Application Container Engine
+Documentation=https://docs.mirantis.com
+After=network-online.target firewalld.service docker.service
+Wants=network-online.target
+Requires=cri-docker.socket
+
+[Service]
+Type=notify
+ExecStart=/usr/bin/cri-dockerd --container-runtime-endpoint fd://
+ExecReload=/bin/kill -s HUP $MAINPID
+TimeoutSec=0
+RestartSec=2
+Restart=always
+
+# Note that StartLimit* options were moved from "Service" to "Unit" in systemd 229.
+# Both the old, and new location are accepted by systemd 229 and up, so using the old location
+# to make them work for either version of systemd.
+StartLimitBurst=3
+
+# Note that StartLimitInterval was renamed to StartLimitIntervalSec in systemd 230.
+# Both the old, and new name are accepted by systemd 230 and up, so using the old name to make
+# this option work for either version of systemd.
+StartLimitInterval=60s
+
+# Having non-zero Limit*s causes performance problems due to accounting overhead
+# in the kernel. We recommend using cgroups to do container-local accounting.
+LimitNOFILE=infinity
+LimitNPROC=infinity
+LimitCORE=infinity
+
+# Comment TasksMax if your systemd version does not support it.
+# Only systemd 226 and above support this option.
+TasksMax=infinity
+Delegate=yes
+KillMode=process
+
+[Install]
+WantedBy=multi-user.target

Docker/Files/cri-docker.socket

@@ -0,0 +1,12 @@
+[Unit]
+Description=CRI Docker Socket for the API
+PartOf=cri-docker.service
+
+[Socket]
+ListenStream=%t/cri-dockerd.sock
+SocketMode=0660
+SocketUser=root
+SocketGroup=docker
+
+[Install]
+WantedBy=sockets.target

Docker/Files/daemon-original.json

@@ -0,0 +1,114 @@
+{
+  "allow-nondistributable-artifacts": [],
+  "api-cors-header": "",
+  "authorization-plugins": [],
+  "bip": "",
+  "bridge": "",
+  "cgroup-parent": "",
+  "containerd": "/run/containerd/containerd.sock",
+  "containerd-namespace": "docker",
+  "containerd-plugin-namespace": "docker-plugins",
+  "data-root": "",
+  "debug": true,
+  "default-address-pools": [
+    {
+      "base": "172.30.0.0/16",
+      "size": 24
+    },
+    {
+      "base": "172.31.0.0/16",
+      "size": 24
+    }
+  ],
+  "default-cgroupns-mode": "private",
+  "default-gateway": "",
+  "default-gateway-v6": "",
+  "default-network-opts": {},
+  "default-runtime": "runc",
+  "default-shm-size": "64M",
+  "default-ulimits": {
+    "nofile": {
+      "Hard": 64000,
+      "Name": "nofile",
+      "Soft": 64000
+    }
+  },
+  "dns": [],
+  "dns-opts": [],
+  "dns-search": [],
+  "exec-opts": [],
+  "exec-root": "",
+  "experimental": false,
+  "features": {},
+  "fixed-cidr": "",
+  "fixed-cidr-v6": "",
+  "group": "",
+  "hosts": [],
+  "proxies": {
+    "http-proxy": "http://proxy.example.com:80",
+    "https-proxy": "https://proxy.example.com:443",
+    "no-proxy": "*.test.example.com,.example.org",
+  },
+  "icc": false,
+  "init": false,
+  "init-path": "/usr/libexec/docker-init",
+  "insecure-registries": [],
+  "ip": "0.0.0.0",
+  "ip-forward": false,
+  "ip-masq": false,
+  "iptables": false,
+  "ip6tables": false,
+  "ipv6": false,
+  "labels": [],
+  "live-restore": true,
+  "log-driver": "json-file",
+  "log-level": "",
+  "log-opts": {
+    "cache-disabled": "false",
+    "cache-max-file": "5",
+    "cache-max-size": "20m",
+    "cache-compress": "true",
+    "env": "os,customer",
+    "labels": "somelabel",
+    "max-file": "5",
+    "max-size": "10m"
+  },
+  "max-concurrent-downloads": 3,
+  "max-concurrent-uploads": 5,
+  "max-download-attempts": 5,
+  "mtu": 0,
+  "no-new-privileges": false,
+  "node-generic-resources": [
+    "NVIDIA-GPU=UUID1",
+    "NVIDIA-GPU=UUID2"
+  ],
+  "oom-score-adjust": 0,
+  "pidfile": "",
+  "raw-logs": false,
+  "registry-mirrors": [],
+  "runtimes": {
+    "cc-runtime": {
+      "path": "/usr/bin/cc-runtime"
+    },
+    "custom": {
+      "path": "/usr/local/bin/my-runc-replacement",
+      "runtimeArgs": [
+        "--debug"
+      ]
+    }
+  },
+  "seccomp-profile": "",
+  "selinux-enabled": false,
+  "shutdown-timeout": 15,
+  "storage-driver": "",
+  "storage-opts": [],
+  "swarm-default-advertise-addr": "",
+  "tls": true,
+  "tlscacert": "",
+  "tlscert": "",
+  "tlskey": "",
+  "tlsverify": true,
+  "userland-proxy": false,
+  "userland-proxy-path": "/usr/libexec/docker-proxy",
+  "userns-remap": ""
+}

Docker/Files/daemon.json

@@ -0,0 +1,52 @@
+{
+  "registry-mirrors": [
+    "https://mirror.ccs.tencentyun.com",
+    "https://docker.mirrors.ustc.edu.cn",
+    "http://hub-mirror.c.163.com"
+  ],
+  "insecure-registries": [],
+  "experimental": true,
+  "debug": false,
+  "selinux-enabled": false,
+  "default-runtime": "runc",
+  "default-shm-size": "64M",
+  "max-concurrent-downloads": 10,
+  "max-concurrent-uploads": 10,
+  "max-download-attempts": 3,
+  "default-ulimits": {
+    "nofile": {
+      "Hard": 64000,
+      "Name": "nofile",
+      "Soft": 64000
+    }
+  },
+  "default-address-pools": [
+    {
+      "base": "172.17.0.0/16",
+      "size": 24
+    }
+  ],
+  "ip": "0.0.0.0",
+  "data-root": "/var/lib/docker",
+  "live-restore": true,
+  "shutdown-timeout": 15,
+  "log-driver": "json-file",
+  "log-level": "warn",
+  "log-opts": {
+    "cache-disabled": "false",
+    "cache-max-file": "3",
+    "cache-max-size": "10m",
+    "cache-compress": "true",
+    "env": "os,customer",
+    "labels": "somelabel",
+    "max-file": "3",
+    "max-size": "10m"
+  },
+  "raw-logs": false,
+  "builder": {
+    "gc": {
+      "enabled": true,
+      "defaultKeepStorage": "20GB"
+    }
+  }
+}

Docker/Files/docker-original.service

@@ -0,0 +1,46 @@
+[Unit]
+Description=Docker Application Container Engine
+Documentation=https://docs.docker.com
+After=network-online.target docker.socket firewalld.service containerd.service time-set.target
+Wants=network-online.target containerd.service
+Requires=docker.socket
+
+[Service]
+Type=notify
+# the default is not to use systemd for cgroups because the delegate issues still
+# exists and systemd currently does not support the cgroup feature set required
+# for containers run by docker
+ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
+ExecReload=/bin/kill -s HUP $MAINPID
+TimeoutStartSec=0
+RestartSec=2
+Restart=always
+
+# Note that StartLimit* options were moved from "Service" to "Unit" in systemd 229.
+# Both the old, and new location are accepted by systemd 229 and up, so using the old location
+# to make them work for either version of systemd.
+StartLimitBurst=3
+
+# Note that StartLimitInterval was renamed to StartLimitIntervalSec in systemd 230.
+# Both the old, and new name are accepted by systemd 230 and up, so using the old name to make
+# this option work for either version of systemd.
+StartLimitInterval=60s
+
+# Having non-zero Limit*s causes performance problems due to accounting overhead
+# in the kernel. We recommend using cgroups to do container-local accounting.
+LimitNPROC=infinity
+LimitCORE=infinity
+
+# Comment TasksMax if your systemd version does not support it.
+# Only systemd 226 and above support this option.
+TasksMax=infinity
+
+# set delegate yes so that systemd does not reset the cgroups of docker containers
+Delegate=yes
+
+# kill only the docker process, not all processes in the cgroup
+KillMode=process
+OOMScoreAdjust=-500
+
+[Install]
+WantedBy=multi-user.target

Docker/Files/docker-original.socket

@@ -0,0 +1,13 @@
+[Unit]
+Description=Docker Socket for the API
+
+[Socket]
+# If /var/run is not implemented as a symlink to /run, you may need to
+# specify ListenStream=/var/run/docker.sock instead.
+ListenStream=/run/docker.sock
+SocketMode=0660
+SocketUser=root
+SocketGroup=docker
+
+[Install]
+WantedBy=sockets.target

Docker/Files/docker.service

@@ -0,0 +1,48 @@
+# Github仓库示例地址: https://github.com/moby/moby/blob/master/contrib/init/systemd/docker.service
+# 文件位置: /usr/lib/systemd/system/docker.service
+
+[Unit]
+# 描述这个单元的作用是管理 Docker 应用容器引擎
+Description=Docker Application Container Engine
+# 提供文档链接，指向 Docker 的官方文档
+Documentation=https://docs.docker.com
+# 指定单元的启动顺序和依赖关系[网卡,防火墙,时间同步]
+After=network-online.target firewalld.service time-set.target
+# 在启动时需要网络已启动
+Wants=network-online.target
+
+[Service]
+# 指定服务的类型为通知类型
+Type=notify
+# 指定 Docker 守护进程的启动命令和参数
+ExecStart=/usr/local/bin/dockerd
+# 指定在执行重载时的命令
+ExecReload=/bin/kill -s HUP $MAINPID
+# 设置启动超时时间为 0,重启时间为 2 秒
+TimeoutStartSec=0
+# 用于指定服务重新启动之间的延迟时间
+RestartSec=100ms
+# 当服务以非零（非成功）的退出状态结束时,Systemd 将自动尝试重新启动该服务
+Restart=on-failure
+# 用于设置在 Systemd 尝试启动服务时允许的最大连续启动次数
+StartLimitBurst=3
+# 指定了在 StartLimitBurst 尝试次数内重新启动服务的时间间隔限制
+StartLimitInterval=60s
+# 限制一个服务进程可以打开的文件描述符(File Descriptor)的数量
+LimitNOFILE=infinity
+# 限制一个服务进程可以创建的子进程数量
+LimitNPROC=infinity
+# 限制一个服务进程可以使用的核心转储(core dump)文件的大小
+LimitCORE=infinity
+# 限制一个单元内的任务数量(即线程和进程总数)
+TasksMax=infinity
+# 指定使用委托，让 systemd 不重置 docker 容器的 cgroups
+Delegate=yes
+# 设置 KillMode 为 process,只杀死 Docker 进程,不影响 cgroup 中的其他进程
+KillMode=process
+# 设置 OOMScoreAdjust 为 -500,降低容器进程被 OOM 杀死的概率
+# OOMScoreAdjust=-500
+
+# 安装目标为多用户模式
+[Install]
+WantedBy=multi-user.target

Docker/Files/docker.socket

@@ -0,0 +1,20 @@
+# Github仓库示例地址: https://github.com/moby/moby/blob/master/contrib/init/systemd/docker.socket
+# 文件位置: /usr/lib/systemd/system/docker.socket
+
+[Unit]
+Description=Docker Socket for the API
+
+[Socket]
+# If /var/run is not implemented as a symlink to /run, you may need to
+# specify ListenStream=/var/run/docker.sock instead.
+ListenStream=/run/docker.sock
+SocketMode=0660
+SocketUser=root
+SocketGroup=docker
+
+[Install]
+WantedBy=sockets.target
+
+[Install]
+# 这表示你希望你的单元(unit)随着 socket 相关的单元一起启动
+WantedBy=sockets.target

Docker/Files/offends.conf

@@ -0,0 +1,2 @@
+net.ipv4.ip_forward = 1
+vm.swappiness = 0