Giters

google / gvisor

Application Kernel for Containers

Home Page:https://gvisor.dev

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Debian package always overwrites Docker daemon.json

fffe opened this issue · comments

commented

Description

The Debian package for gvisor has a post-install script. This script checks for the existence of /etc/docker/daemon.json and, if found, runs runsc install which overwrites daemon.json with a basic file adding runsc but without any options.

I’m not sure if the test should be inverted (create daemon.json only if it doesn’t exist), the behaviour of runsc install improved to modify instead of overwrite, or removed entirely (I like this, personally, just document what’s required…) but the current behaviour seems wrong.

Steps to reproduce

Customize /etc/docker/daemon.json (perhaps to include runtime args for gvisor)

Install or update gvisor from the Debian package.

Observe that the custom daemon.json has been overwritten.

runsc version

Any/Current

docker version (if using docker)

Any/Current

uname

N/A

kubectl (if using Kubernetes)

N/A

repo state (if built from source)

N/A

runsc debug logs (if available)

N/A
commented

Hi @fffe,

Yup, this is all expected behavior. I think the intent is that it is nice to get up and running after apt-get install runsc. We also don't know how people want to configure runsc on their system, hence no args but the "sane" defaults under the hood.

The way to do what you're asking for right now is:

# Edit /etc/docker/daemon.json
apt-get install runsc
runsc install --  --some_arg --some_other_arg=with_arg

You can see the available arguments via runsc install -- --help.

The important options for performance are described in sections in the User Guide (Filesystem, Networking, Changing Platforms).

I'm going to close this, but feel free to reopen if this answer isn't satisfactory.

commented

edit: @zkoopmans I should probably tag you, since I don’t think I can reopen this myself….

Unfortunately that answer isn’t satisfactory.

One problem is that it triggers on a package upgrade, not just install… realistically I may forget to run the above command after, but the update may also be performed by an automated process I can’t easily trigger other commands after.

The other is that I have other runtimes configured that aren’t runsc.

Effectively, to accommodate new users for whom you don’t know what configuration they might want, you’re overwriting the configuration of people who do.

Perhaps your post install script could just print a message pointing to the quick start documentation?

commented

@fffe: Huh, I thought I ran that case.

The offending lines are here:

gvisor/runsc/cmd/install.go

Line 109 in 86b29f5

rts[i.Runtime] = struct {

I think the default behavior should probably be that, if given no arguments and an existing runtime of that name, we don't overwrite. Feel free to submit a PR or I can see if I can get to it soon. That is annoying.

commented

@fffe, hopefully this fixes it..thanks for bringing this to our attention. Please let us know if there are further problems.