Pipeline withDockerContainer (docker-in-docker) unable to detect running inside container with cgroups v2

This issue is archived. You can view it, but you can't modify it. Learn more

XMLWordPrintable

      Running the pipeline taken from https://www.nixknight.com/2021/04/jenkins-docker-in-docker/ works fine in case of cgroups v1 but fails for cgroups v2.

      pipeline {
  agent {
    docker {
      image "bash:5.1.4"
    }
  }
  stages {
    stage('Donkey Work') {
      steps {
        sh '''
        if grep -sq 'docker' /proc/1/cgroup ; then
          echo -e "I'm running in a docker container."
        fi
        '''
      }
    }
  }
}
      Result (cgroups v1)

      -> Jenkins seems to be running inside container 3a9...acc

      [Pipeline] withDockerContainer
Jenkins seems to be running inside container 3a930717d4967175b00e0e42f8756fe6cf508448b75fdd4763a02eb6d913eacc
$ docker run -t -d -u 1000:1000 -w /var/jenkins_home/workspace/test --volumes-from 3a930717d4967175b00e0e42f8756fe6cf508448b75fdd4763a02eb6d913eacc -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** bash:5.1.4 cat
$ docker top 4cf8f914963f286da3a9a830ae37b68463e12d822fe9811548a66a4694dd0139 -eo pid,comm
[Pipeline] {
[Pipeline] stage
[Pipeline] { (Donkey Work)
[Pipeline] sh
+ grep -sq docker /proc/1/cgroup
+ echo -e 'I'"'"'m running in a docker container.'
I'm running in a docker container.
[Pipeline] }
[Pipeline] // stage
[Pipeline] }
      Result (cgroups v2)

      -> Jenkins does not seem to be running inside a container

      [Pipeline] withDockerContainer
Jenkins does not seem to be running inside a container
$ docker run -t -d -u 1000:1000 -w /var/jenkins_home/workspace/test -v /var/jenkins_home/workspace/test:/var/jenkins_home/workspace/test:rw,z -v /var/jenkins_home/workspace/test@tmp:/var/jenkins_home/workspace/test@tmp:rw,z -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** bash:5.1.4 cat
$ docker top 3a6ec19ad44c8d4f9390c64f83b26f3a31fe6f5224a9c05ea63ed2e32f431563 -eo pid,comm
[Pipeline] {
[Pipeline] stage
[Pipeline] { (Donkey Work)
[Pipeline] sh
process apparently never started in /var/jenkins_home/workspace/test@tmp/durable-097b92c0
(running Jenkins temporarily with -Dorg.jenkinsci.plugins.durabletask.BourneShellScript.LAUNCH_DIAGNOSTICS=true might make the problem clearer)
[Pipeline] }
[Pipeline] // stage
[Pipeline] }

      Further investigation shows that detecting if the process runs within a docker container is currently not easily feasible for cgroups v2, see: https://stackoverflow.com/questions/67155739/how-to-check-if-process-runs-within-a-docker-container-cgroup-v2-linux-host. However, I was wondering if this is a known issue and if anyone is trying to come up with a solution?

      cgroups v1
      $ cat /proc/1/cgroup
12:pids:/docker/3a930717d4967175b00e0e42f8756fe6cf508448b75fdd4763a02eb6d913eacc
11:hugetlb:/docker/3a930717d4967175b00e0e42f8756fe6cf508448b75fdd4763a02eb6d913eacc
10:freezer:/docker/3a930717d4967175b00e0e42f8756fe6cf508448b75fdd4763a02eb6d913eacc
9:cpu,cpuacct:/docker/3a930717d4967175b00e0e42f8756fe6cf508448b75fdd4763a02eb6d913eacc
8:memory:/docker/3a930717d4967175b00e0e42f8756fe6cf508448b75fdd4763a02eb6d913eacc
7:devices:/docker/3a930717d4967175b00e0e42f8756fe6cf508448b75fdd4763a02eb6d913eacc
6:perf_event:/docker/3a930717d4967175b00e0e42f8756fe6cf508448b75fdd4763a02eb6d913eacc
5:cpuset:/docker/3a930717d4967175b00e0e42f8756fe6cf508448b75fdd4763a02eb6d913eacc
4:net_cls,net_prio:/docker/3a930717d4967175b00e0e42f8756fe6cf508448b75fdd4763a02eb6d913eacc
3:rdma:/
2:blkio:/docker/3a930717d4967175b00e0e42f8756fe6cf508448b75fdd4763a02eb6d913eacc
1:name=systemd:/docker/3a930717d4967175b00e0e42f8756fe6cf508448b75fdd4763a02eb6d913eacc
0::/system.slice/containerd.service
      cgroups v2
      $ cat /proc/1/cgroup
0::/

            Assignee:
            Unassigned
            Reporter:
            Christian
            Archiver:
            Jenkins Service Account

              Created:
              Updated:
              Resolved:
              Archived: