Skip to content
This repository has been archived by the owner on Nov 23, 2020. It is now read-only.

Capabilities not supported on Docker swarms #22

Open
roelofr opened this issue Jan 7, 2018 · 1 comment
Open

Capabilities not supported on Docker swarms #22

roelofr opened this issue Jan 7, 2018 · 1 comment

Comments

@roelofr
Copy link

roelofr commented Jan 7, 2018

I like to use Docker Swarm in conjunction with docker-compose.yml files, but so far the cap_add property is not supported for Docker Swarm.

We're currently in the weird limbo phase where memory and CPU limits only work when used with docker stack deploy, but capabilities only work when using docker-compose up.

For this example I used the following docker-compose.yml file:

# Using v3.4 for use of x-* properties.
version: '3.4'

# Set default deploy policy
x-deploy: &deploy-policy
    # Only ever run one instance
    mode: global

    # Apply resource limits
    resources: 

        # Hard cap on using 'half' a CPU and 500MB of memory per container
        limits:
            cpus: '0.5'
            memory: 500M

# Service definitions
services:

    # [more services]

    # Collabora server
    office:
        image: collabora/code
        ports:
            - '127.0.0.1:9980:9980'
        environment:
            domain: 'example\.com'
        cap_add:
            - MKNOD
        deploy: *deploy-policy

When still running it using docker swarm deploy -c docker-compose.yml [name], the following errors can be found in the logs:

frk-00028-00028 19:46:20.523839 [ forkit ] FTL  Capability cap_fowner is not set for the loolforkit program.| kit/ForKit.cpp:168
FATAL: Capabilities are not set for the loolforkit program.
FATAL: Capabilities are not set for the loolforkit program.
If you are on SLES11, please set 'file_caps=1' as kernel boot option.

Just figured I should post an issue here, should others encounter this problem. Maybe the MKNOD capability can be deactivated / made optional?

Also see moby/moby#26849, which is currently "being worked on".

@olljanat
Copy link

olljanat commented Oct 9, 2018

Swarmkit team have made proposal of device support to moby/swarmkit#2682

Please comment to there your thought about if that fits to your use cases.

EDIT: There now there looks to be suggested solution on this message:
moby/moby#24862 (comment)

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants