I have a basic cloud-config.yaml to run four containers on CoreOS (directly, without clustering). Two of the containers (nginx-gen and nginx-letsencrypt) mount volumes from the container named nginx. Each container startup is defined as a systemd unit.
I have added After= and Requires= dependencies, however upon first login I am greeted with:
CoreOS stable (1185.5.0)
Failed Units: 2
letsencrypt.service
nginx-gen.service
nginx (the one providing volume) is running.
If after that I execute:
sudo systemctl start nginx-gen.service
sudo systemctl start letsencrypt.service
They start and run correctly, so I guess the problem is in dependencies at the system startup.
I am not experienced with CoreOS nor systemd, so the cause may be pretty basic (like the unit getting "complete"-status before Docker container actually runs).
And looking at the journalctl log, indeed the nginx-gen service fails before it has a chance to mount volumes from nginx:
...
Jan 02 14:35:47 core-01 systemd[1]: nginx-gen.service: Failed with result 'start-limit-hit'.
...
Jan 02 14:36:03 core-01 docker[1401]: Status: Downloaded newer image for nginx:latest
...
What can I do to fix the problem?
My cloud-config.yaml:
#cloud-config
write_files:
# omitted for ServerFault: ensure template file
# https://raw.githubusercontent.com/jwilder/nginx-proxy/master/nginx.tmpl)
# and directories (/path/to/templates, /path/to/certs) are in-place
coreos:
units:
- name: nginx.service
command: start
content: |
[Unit]
Description=Generic Nginx container
[Service]
Restart=always
ExecStart=/usr/bin/docker run --name nginx -p 80:80 -p 443:443 -v /etc/nginx/conf.d -v /etc/nginx/vhost.d -v /usr/share/nginx/html -v /path/to/certs:/etc/nginx/certs:ro nginx
ExecStop=/usr/bin/docker rm -f nginx
- name: nginx-gen.service
command: start
content: |
[Unit]
Description=Docker-gen service for Nginx
After=nginx.service
Requires=nginx.service
[Service]
Restart=always
ExecStart=/usr/bin/docker run --name nginx-gen --volumes-from nginx -v /path/to/templates:/etc/docker-gen/templates -v /path/to/certs:/etc/nginx/certs:ro -v /var/run/docker.sock:/tmp/docker.sock:ro jwilder/docker-gen -notify-sighup nginx -watch -wait 5s:30s /etc/docker-gen/templates/nginx.tmpl /etc/nginx/conf.d/default.conf
ExecStop=/usr/bin/docker rm -f nginx-gen
- name: letsencrypt.service
command: start
content: |
[Unit]
Description=Ngnix reverse proxy Letsencrypt companion
After=nginx.service
Requires=nginx.service
[Service]
Restart=always
ExecStart=/usr/bin/docker run --name nginx-letsencrypt -e "NGINX_DOCKER_GEN_CONTAINER=nginx-gen" --volumes-from nginx -v /path/to/certs:/etc/nginx/certs:rw -v /var/run/docker.sock:/var/run/docker.sock:ro jrcs/letsencrypt-nginx-proxy-companion
ExecStop=/usr/bin/docker rm -f nginx-letsencrypt
Per http://container-solutions.com/running-docker-containers-with-systemd/, you need to enforce that these containers launch after the docker service.
Sample:
So in your case, adding Requires=docker.service to the Unit section of your nginx unit should do it, and probably add a WantedBy to each of your units as well so SystemD knows to run them.