diff options
author | Valerij Fredriksen <valerijf@oath.com> | 2018-08-30 10:50:44 +0200 |
---|---|---|
committer | Valerij Fredriksen <valerijf@oath.com> | 2018-08-30 10:50:44 +0200 |
commit | a4095d49eda6a7da77d695e4e01d6e9f0d0fc604 (patch) | |
tree | e1b845c79eb4c10224b274a60974e3e4bd7fd4f9 | |
parent | 9a515bdc2caa36f75d4db5b4912c5a3d607df059 (diff) |
Remove runContainersInPrivileged config option
4 files changed, 5 insertions, 6 deletions
diff --git a/docker-api/src/main/java/com/yahoo/vespa/hosted/dockerapi/DockerImpl.java b/docker-api/src/main/java/com/yahoo/vespa/hosted/dockerapi/DockerImpl.java index 958f1c70965..c5c4547f796 100644 --- a/docker-api/src/main/java/com/yahoo/vespa/hosted/dockerapi/DockerImpl.java +++ b/docker-api/src/main/java/com/yahoo/vespa/hosted/dockerapi/DockerImpl.java @@ -186,8 +186,7 @@ public class DockerImpl implements Docker { @Override public CreateContainerCommand createContainerCommand(DockerImage image, ContainerResources containerResources, ContainerName name, String hostName) { - return new CreateContainerCommandImpl(dockerClient, image, containerResources, name, hostName) - .withPrivileged(config.runContainersInPrivileged()); + return new CreateContainerCommandImpl(dockerClient, image, containerResources, name, hostName); } @Override diff --git a/docker-api/src/main/resources/configdefinitions/docker.def b/docker-api/src/main/resources/configdefinitions/docker.def index 7be8d85e0a9..83fee05dff6 100644 --- a/docker-api/src/main/resources/configdefinitions/docker.def +++ b/docker-api/src/main/resources/configdefinitions/docker.def @@ -13,5 +13,3 @@ isRunningLocally bool default = false imageGCMinTimeToLiveMinutes int default = 45 networkNATed bool default = false - -runContainersInPrivileged bool default = false diff --git a/node-admin/src/main/application/services.xml b/node-admin/src/main/application/services.xml index 284b356d2ca..d4fd7a11f20 100644 --- a/node-admin/src/main/application/services.xml +++ b/node-admin/src/main/application/services.xml @@ -9,7 +9,6 @@ <config name="vespa.hosted.dockerapi.docker"> <uri>unix:///var/run/docker.sock</uri> - <runContainersInPrivileged>true</runContainersInPrivileged> </config> <preprocess:include file="variant.xml" required="false"/> diff --git a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/docker/DockerOperationsImpl.java b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/docker/DockerOperationsImpl.java index ae7c94db72d..625feb034e4 100644 --- a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/docker/DockerOperationsImpl.java +++ b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/docker/DockerOperationsImpl.java @@ -87,7 +87,10 @@ public class DockerOperationsImpl implements DockerOperations { .withUlimit("nproc", 32_768, 409_600) .withUlimit("core", -1, -1) .withAddCapability("SYS_PTRACE") // Needed for gcore, pstack etc. - .withAddCapability("SYS_ADMIN"); // Needed for perf + .withAddCapability("SYS_ADMIN") // Needed for perf + + // TODO: Fix. Run containers as privileged in AWS because mapped directories are on another device + .withPrivileged(environment.getCloud().equalsIgnoreCase("aws")); if (environment.getNodeType() == NodeType.confighost || environment.getNodeType() == NodeType.proxyhost) { |