I have some of my Docker containers bind to Tailscale IPs on the host. Even though I edited the Docker service to depend on tailscaled.service and it starts about 10 seconds after it, every once in a while Tailscale interface won’t be ready by the time the containers try to spin up after a reboot.

Since restart policies do not apply to containers that has never started and ran at least for a while, Docker gives me no choice but to restart either those containers or the Docker daemon manually.

Is there a way to have Docker daemon try to restart containers even though they failed on the first try?

A restart policy only takes effect after a container starts successfully. In this case, starting successfully means that the container is up for at least 10 seconds and Docker has started monitoring it. This prevents a container which doesn’t start at all from going into a restart loop.

https://docs.docker.com/engine/containers/start-containers-automatically

  • just_another_person@lemmy.world
    link
    fedilink
    English
    arrow-up
    4
    ·
    11 days ago

    This is the correct answer, but you need a few things to clarify:

    1. The issue isn’t the Docker system service. Don’t make that depend on Tailscale
    2. Add a healthcheck and restart policy to the container to make it fail when conditions aren’t met, and restart until they are successful
    3. Build in some time tolerance at the service level inside the container to prevent it from flailing if your Tailscale healthchecks don’t pass after they initially start. Don’t rely solely on container health checks to ensure it works properly as that might not always be possible.
    • horse_battery_staple@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      ·
      10 days ago

      Considering it’s tailscale, one may want to have the service fail though as tailscale is sometimes not used for convenience but security concerns instead.