summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--docker-api/src/main/java/com/yahoo/vespa/hosted/dockerapi/DockerImpl.java3
-rw-r--r--docker-api/src/main/resources/configdefinitions/docker.def2
-rw-r--r--node-admin/src/main/application/services.xml1
-rw-r--r--node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/docker/DockerOperationsImpl.java5
4 files changed, 5 insertions, 6 deletions
diff --git a/docker-api/src/main/java/com/yahoo/vespa/hosted/dockerapi/DockerImpl.java b/docker-api/src/main/java/com/yahoo/vespa/hosted/dockerapi/DockerImpl.java
index 958f1c70965..c5c4547f796 100644
--- a/docker-api/src/main/java/com/yahoo/vespa/hosted/dockerapi/DockerImpl.java
+++ b/docker-api/src/main/java/com/yahoo/vespa/hosted/dockerapi/DockerImpl.java
@@ -186,8 +186,7 @@ public class DockerImpl implements Docker {
@Override
public CreateContainerCommand createContainerCommand(DockerImage image, ContainerResources containerResources,
ContainerName name, String hostName) {
- return new CreateContainerCommandImpl(dockerClient, image, containerResources, name, hostName)
- .withPrivileged(config.runContainersInPrivileged());
+ return new CreateContainerCommandImpl(dockerClient, image, containerResources, name, hostName);
}
@Override
diff --git a/docker-api/src/main/resources/configdefinitions/docker.def b/docker-api/src/main/resources/configdefinitions/docker.def
index 7be8d85e0a9..83fee05dff6 100644
--- a/docker-api/src/main/resources/configdefinitions/docker.def
+++ b/docker-api/src/main/resources/configdefinitions/docker.def
@@ -13,5 +13,3 @@ isRunningLocally bool default = false
imageGCMinTimeToLiveMinutes int default = 45
networkNATed bool default = false
-
-runContainersInPrivileged bool default = false
diff --git a/node-admin/src/main/application/services.xml b/node-admin/src/main/application/services.xml
index 284b356d2ca..d4fd7a11f20 100644
--- a/node-admin/src/main/application/services.xml
+++ b/node-admin/src/main/application/services.xml
@@ -9,7 +9,6 @@
<config name="vespa.hosted.dockerapi.docker">
<uri>unix:///var/run/docker.sock</uri>
- <runContainersInPrivileged>true</runContainersInPrivileged>
</config>
<preprocess:include file="variant.xml" required="false"/>
diff --git a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/docker/DockerOperationsImpl.java b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/docker/DockerOperationsImpl.java
index ae7c94db72d..625feb034e4 100644
--- a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/docker/DockerOperationsImpl.java
+++ b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/docker/DockerOperationsImpl.java
@@ -87,7 +87,10 @@ public class DockerOperationsImpl implements DockerOperations {
.withUlimit("nproc", 32_768, 409_600)
.withUlimit("core", -1, -1)
.withAddCapability("SYS_PTRACE") // Needed for gcore, pstack etc.
- .withAddCapability("SYS_ADMIN"); // Needed for perf
+ .withAddCapability("SYS_ADMIN") // Needed for perf
+
+ // TODO: Fix. Run containers as privileged in AWS because mapped directories are on another device
+ .withPrivileged(environment.getCloud().equalsIgnoreCase("aws"));
if (environment.getNodeType() == NodeType.confighost ||
environment.getNodeType() == NodeType.proxyhost) {