Description
After upgrading to 23.x (specifically 23.0.1) some things no longer start properly with systemd running in a Docker container.
The setup worked correctly previously with Docker pre-23.x.
The issue was reported by some other users on StackOverflow as well: https://stackoverflow.com/a/75771251/431369
The issue may be related to changes in the NOFILE limits as adjusting the limits for the cups service allows it to start correctly, but it doesn't print and the web ui doesn't work.
Specifically:
% systemctl status cups
○ cups.service - CUPS Scheduler
Loaded: loaded (/lib/systemd/system/cups.service; enabled; preset: disabled)
Active: inactive (dead) (Result: exit-code) since Thu 2023-03-23 18:46:43 PDT; 2min 3s ago
Duration: 3ms
TriggeredBy: × cups.socket
○ cups.path
Docs: man:cupsd(8)
Process: 2015386 ExecStart=/usr/sbin/cupsd -l (code=exited, status=1/FAILURE)
Main PID: 2015386 (code=exited, status=1/FAILURE)
Status: "Scheduler is running..."
Mar 23 18:46:43 forge systemd[1]: cups.service: Scheduled restart job, restart counter is at 15.
Mar 23 18:46:43 forge systemd[1]: Stopped cups.service.
Mar 23 18:46:43 forge systemd[1]: Dependency failed for cups.service.
Mar 23 18:46:43 forge systemd[1]: cups.service: Job cups.service/start failed with result 'dependency'.
The cups.socket fails to start:
× cups.socket - CUPS Scheduler
Loaded: loaded (/lib/systemd/system/cups.socket; enabled; preset: disabled)
Active: failed (Result: start-limit-hit) since Thu 2023-03-23 18:46:43 PDT; 2min 54s ago
Duration: 249ms
Triggers: ● cups.service
Listen: /run/cups/cups.sock (Stream)
Mar 23 18:46:42 forge systemd[1]: Listening on cups.socket.
Mar 23 18:46:43 forge systemd[1]: cups.socket: Deactivated successfully.
Mar 23 18:46:43 forge systemd[1]: Closed cups.socket.
Mar 23 18:46:43 forge systemd[1]: Stopping cups.socket...
Mar 23 18:46:43 forge systemd[1]: cups.socket: Start request repeated too quickly.
Mar 23 18:46:43 forge systemd[1]: cups.socket: Failed with result 'start-limit-hit'.
Mar 23 18:46:43 forge systemd[1]: Failed to listen on cups.socket.
Reproduce
[working on a full reproduce Dockerfile]
- Run a Docker container with any distro
- Run cups in the docker container
- Cups fails to run with errors about NOFILE limits.
Cups starts correctly after the following workaround, however, the cups interface at localhost:631 returns not found and any attempt to print doesn't work.
1. Create a directory at /etc/systemd/system/cups.service.d
2. Create a file in that directory named limits.conf
3. Add to the file:
limits.conf:
[Service]
LimitNOFILE=65536
Then run "systemctl daemon-reload && systemctl restart cups"
Expected behavior
Cups should work correctly as it did with previous Docker releases.
docker version
Client:
Version: 23.0.1
API version: 1.42
Go version: go1.20.1
Git commit: 23.0.1
Built: unknown-buildtime
OS/Arch: linux/amd64
Context: default
Server:
Engine:
Version: 23.0.1
API version: 1.42 (minimum version 1.12)
Go version: go1.20.1
Git commit: buildroot
Built:
OS/Arch: linux/amd64
Experimental: true
containerd:
Version: 1.6.16
GitCommit:
runc:
Version: 1.1.4
GitCommit:
docker-init:
Version: 0.19.0
GitCommit:
docker info
Client:
Context: default
Debug Mode: false
Server:
Containers: 4
Running: 2
Paused: 0
Stopped: 2
Images: 27
Server Version: 23.0.1
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Using metacopy: false
Native Overlay Diff: true
userxattr: false
Logging Driver: journald
Cgroup Driver: systemd
Cgroup Version: 1
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: io.containerd.runc.v2 runc
Default Runtime: runc
Init Binary: docker-init
containerd version:
runc version:
init version:
Security Options:
seccomp
Profile: builtin
Kernel Version: 6.2.7
Operating System: SkiffOS 2023.02-1-ga7203d4f
OSType: linux
Architecture: x86_64
CPUs: 8
Total Memory: 31.28GiB
Name: forge
ID: d3c5110a-c710-4e65-8d57-6c907f2ef6a5
Docker Root Dir: /mnt/persist/skiff/docker
Debug Mode: false
Registry: https://index.docker.io/v1/
Experimental: true
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
Additional Info
SkiffOS, can reproduce:
- git clone https://github.com/skiffos/skiffos
- SKIFF_CONFIG=intel/desktop,virt/qemu,skiff/core make compile
- make cmd/virt/qemu/run
- Log in as "root"
- su - core
- Install cups in the container environment
- Try running cups
Description
After upgrading to 23.x (specifically 23.0.1) some things no longer start properly with systemd running in a Docker container.
The setup worked correctly previously with Docker pre-23.x.
The issue was reported by some other users on StackOverflow as well: https://stackoverflow.com/a/75771251/431369
The issue may be related to changes in the NOFILE limits as adjusting the limits for the cups service allows it to start correctly, but it doesn't print and the web ui doesn't work.
Specifically:
The cups.socket fails to start:
Reproduce
[working on a full reproduce Dockerfile]
Cups starts correctly after the following workaround, however, the cups interface at localhost:631 returns not found and any attempt to print doesn't work.
limits.conf:
Then run "systemctl daemon-reload && systemctl restart cups"
Expected behavior
Cups should work correctly as it did with previous Docker releases.
docker version
Client: Version: 23.0.1 API version: 1.42 Go version: go1.20.1 Git commit: 23.0.1 Built: unknown-buildtime OS/Arch: linux/amd64 Context: default Server: Engine: Version: 23.0.1 API version: 1.42 (minimum version 1.12) Go version: go1.20.1 Git commit: buildroot Built: OS/Arch: linux/amd64 Experimental: true containerd: Version: 1.6.16 GitCommit: runc: Version: 1.1.4 GitCommit: docker-init: Version: 0.19.0 GitCommit:docker info
Additional Info
SkiffOS, can reproduce: