Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-64608

Detection "running inside container" fails with cgroup namespace "private" for docker daemon

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Open (View Workflow)
    • Priority: Minor
    • Resolution: Unresolved
    • Component/s: docker-workflow-plugin
    • Labels:
    • Environment:
      jenkins version 2.263.1
      docker-workflow version 1.25
      docker 20.10.2
      arch linux with kernel 5.4.86-1-lts (/proc/cmdline contains systemd.unified_cgroup_hierarchy=1 cgroup_no_v1=all)
      cgroups v2 enabled
      cgroups v1 disabled
    • Similar Issues:

      Description

      With cgroups v2 running on the host there is a change to the behavior of the docker daemon regarding cgroups:

      The default cgroup namespace mode (docker run --cgroupns) is "private" on v2, "host" on v1. (cf. https://github.com/docker/docker.github.io/blob/master/config/containers/runmetrics.md#running-docker-on-cgroup-v2).

      Without any changes to the docker configuration the coding in src/main/java/org/jenkinsci/plugins/docker/workflow/client/ControlGroup.java of the docker-workflow-plugin fails, since /proc/self/cgroup does no longer contain the host-cgroup for the container.

      A workaround is to set the option default-cgroupns-mode to "host" for the docker daemon.

      Another way of detecting the containerization is needed.

        Attachments

          Activity

          Hide
          mus65 m t added a comment -

          See also my comment on a related issue here: JENKINS-65602 Durable task pipeline failed at sh initialisation - Jenkins Jira

          Show
          mus65 m t added a comment - See also my comment on a related issue here:  JENKINS-65602 Durable task pipeline failed at sh initialisation - Jenkins Jira
          Hide
          gmasil Simon added a comment - - edited

          After upgrading to Debian 11 I was facing the same problem and it took so much time to even figure out what is going on.

          I wanted to suggest to add an environment variable e.g. JENKINS_RUNNING_IN_CONTAINER to directly tell Jenkins if it is running in a container or not. The code parsing the cgroup output was changed several times to support a wide variety of distributions. The docker-workflow-plugin could easily check if it is running in a container by evaluating the environment and get its container ID from /etc/hostname.

          The environment variable could be set in the Dockerfile of Jenkins, so no configuration change (in compose, kubernetes etc.) would be required.

           

          Edit:

          I opened a PR proposing my idea here:

          https://github.com/jenkinsci/docker-workflow-plugin/pull/241

          Show
          gmasil Simon added a comment - - edited After upgrading to Debian 11 I was facing the same problem and it took so much time to even figure out what is going on. I wanted to suggest to add an environment variable e.g. JENKINS_RUNNING_IN_CONTAINER to directly tell Jenkins if it is running in a container or not. The code parsing the cgroup output was changed several times to support a wide variety of distributions. The docker-workflow-plugin could easily check if it is running in a container by evaluating the environment and get its container ID from /etc/hostname. The environment variable could be set in the Dockerfile of Jenkins, so no configuration change (in compose, kubernetes etc.) would be required.   Edit: I opened a PR proposing my idea here: https://github.com/jenkinsci/docker-workflow-plugin/pull/241

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            joergschray Jörg
            Votes:
            1 Vote for this issue
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated: