docker 套接字在 sssd 中的组启动时失败

我在隔离模式下运行 docker，daemon.json 具有：

"group": "devgp",
"userns-remap": "default",

'devgp' 是通过 sssd 在 LDAP 中定义的组。这意味着在网络正常工作并且 sssd 运行之前，系统在启动时并不知道它。

Docker 无法在启动时启动，但之后手动启动正常。在系统日志中我们发现

Nov 29 18:30:18 dotter systemd: Failed to chown socket at step GROUP: No such process
Nov 29 18:30:18 dotter systemd: docker.socket control process exited, code=exited status=216
Nov 29 18:30:18 dotter systemd: Failed to listen on Docker Socket for the API.
Nov 29 18:30:18 dotter systemd: Dependency failed for Docker Application Container Engine.
Nov 29 18:30:18 dotter systemd: Job docker.service/start failed with result 'dependency'.
Nov 29 18:30:18 dotter systemd: Unit docker.socket entered failed state.

好的，所以我需要使 docker 任务依赖于网络和 sssd。所以我创造/etc/systemd/system/docker.socket.d/override.conf和：

[Unit]
After=network-online.target firewalld.service containerd.service sssd.service
Wants=network-online.target sssd.service

[Socket]
SocketGroup=qtim

并创造/etc/systemd/system/docker.service.d/override.conf和：

[Unit]
After=sssd.service

但它仍然不起作用，系统日志有以下消息：

Nov 30 08:02:37 dotter systemd: Found ordering cycle on sockets.target/start
Nov 30 08:02:37 dotter systemd: Found dependency on docker.socket/start
Nov 30 08:02:37 dotter systemd: Found dependency on firewalld.service/start
Nov 30 08:02:37 dotter systemd: Found dependency on basic.target/start
Nov 30 08:02:37 dotter systemd: Found dependency on sockets.target/start
Nov 30 08:02:37 dotter systemd: Breaking ordering cycle by deleting job docker.socket/start
Nov 30 08:02:37 dotter systemd: Job docker.socket/start deleted to break ordering cycle starting with sockets.target/start

因此甚至不尝试启动 Docker。

你知道让 systemd 仅在网络和 sssd 启动后才启动 Docker 套接字和服务的魔力吗？