c23032a8b1
All the new options in detail: Enable docker in multi-user.target make container created with restart=always to start. We still want socket activation as it decouples dependencies between the existing of /var/run/docker.sock and the docker daemon. This means that services can rely on the availability of this socket. Fixes #11478 #21303 wantedBy = ["multi-user.target"]; This allows us to remove the postStart hack, as docker reports on its own when it is ready. Type=notify The following will set unset some limits because overhead in kernel's ressource accounting was observed. Note that these limit only apply to containerd. Containers will have their own limit set. LimitNPROC=infinity LimitCORE=infinity TasksMax=infinity Upgrades may require schema migrations. This can delay the startup of dockerd. TimeoutStartSec=0 Allows docker to create its own cgroup subhierarchy to apply ressource limits on containers. Delegate=true When dockerd is killed, container should be not affected to allow `live restore` to work. KillMode=process
43 lines
1.3 KiB
Nix
43 lines
1.3 KiB
Nix
# This test runs docker-registry and check if it works
|
|
|
|
import ./make-test.nix ({ pkgs, ...} : {
|
|
name = "docker-registry";
|
|
meta = with pkgs.stdenv.lib.maintainers; {
|
|
maintainers = [ globin ];
|
|
};
|
|
|
|
nodes = {
|
|
registry = { config, pkgs, ... }: {
|
|
services.dockerRegistry.enable = true;
|
|
services.dockerRegistry.port = 8080;
|
|
services.dockerRegistry.listenAddress = "0.0.0.0";
|
|
networking.firewall.allowedTCPPorts = [ 8080 ];
|
|
};
|
|
|
|
client1 = { config, pkgs, ...}: {
|
|
virtualisation.docker.enable = true;
|
|
virtualisation.docker.extraOptions = "--insecure-registry registry:8080";
|
|
};
|
|
|
|
client2 = { config, pkgs, ...}: {
|
|
virtualisation.docker.enable = true;
|
|
virtualisation.docker.extraOptions = "--insecure-registry registry:8080";
|
|
};
|
|
};
|
|
|
|
testScript = ''
|
|
$client1->start();
|
|
$client1->waitForUnit("docker.service");
|
|
$client1->succeed("tar cv --files-from /dev/null | docker import - scratch");
|
|
$client1->succeed("docker tag scratch registry:8080/scratch");
|
|
|
|
$registry->start();
|
|
$registry->waitForUnit("docker-registry.service");
|
|
$client1->succeed("docker push registry:8080/scratch");
|
|
|
|
$client2->start();
|
|
$client2->waitForUnit("docker.service");
|
|
$client2->succeed("docker pull registry:8080/scratch");
|
|
$client2->succeed("docker images | grep scratch");
|
|
'';
|
|
})
|