Fedora CoreOS ignores OPTIONS in `/etc/sysconfig/docker`

rocketraman · June 8, 2023, 2:32pm

I have a Fedora CoreOS system with docker.

My /etc/sysconfig/docker file looks like this:

# /etc/sysconfig/docker

# Modify these options if you want to change the way the docker daemon runs
OPTIONS="--selinux-enabled \
--log-driver=journald \
--default-ulimit nofile=122880:122880 \
--init-path /usr/libexec/docker/docker-init \
--userland-proxy-path /usr/libexec/docker/docker-proxy \
--live-restore \
"

However, the docker daemon does not pick up those options:

ps -ef | grep dockerd
root        2879       1  0 14:24 ?        00:00:00 /usr/bin/dockerd --host=fd:// --exec-opt native.cgroupdriver=systemd

Creating an explicit drop-in to override ExecStart and explicitly set the options works, but I’m surprised the default CoreOS configuration is so broken as to completely ignore /etc/sysconfig/docker. I am not doing anything to modify this behavior in the ignition file.

siosm · June 8, 2023, 2:40pm

i can not reproduce that on a fresh system:

[core@cosa-devsh ~]$ cat /etc/sysconfig/docker 
# /etc/sysconfig/docker

# Modify these options if you want to change the way the docker daemon runs
OPTIONS="--selinux-enabled \
  --log-driver=journald \
  --live-restore \
  --default-ulimit nofile=1024:1024 \
  --init-path /usr/libexec/docker/docker-init \
  --userland-proxy-path /usr/libexec/docker/docker-proxy \
"
[core@cosa-devsh ~]$ ps -ef | grep dockerd
root        1963       1  0 14:38 ?        00:00:00 /usr/bin/dockerd --host=fd:// --exec-opt native.cgroupdriver=systemd --selinux-enabled --log-driver=journald --live-restore --default-ulimit nofile=1024:1024 --init-path /usr/libexec/docker/docker-init --userland-proxy-path /usr/libexec/docker/docker-proxy

rocketraman · June 8, 2023, 2:50pm

Thank you for confirming that.

I looked at my options file again with a more critical eye, and turns out I had a comment with a line continuation character at the end, like this:

# Swarm is not compatible with --live-restore \
OPTIONS="--selinux-enabled \
  --log-driver=journald \
  --default-ulimit nofile=122880:122880 \
  --init-path /usr/libexec/docker/docker-init \
  --userland-proxy-path /usr/libexec/docker/docker-proxy \
  --live-restore \
"

and it seems that systemd parses this such that the line continuation character at the end of the comment makes OPTIONS part of the comment!

Bash ignores the line continuation character at the end of the comment so this is at the very least surprising behavior, if not a bug in systemd’s parsing of these files.

rocketraman · June 8, 2023, 3:00pm

I’ve created this upstream issue: EnvironmentFile parsing: line continuation characters at the end of comments are not ignored · Issue #27975 · systemd/systemd · GitHub.