docker-workflow-plugin icon indicating copy to clipboard operation
docker-workflow-plugin copied to clipboard

Published 20 hours ago verified publisher icon jenkinsci

JENKINS-64608: detect running in container by ENV to allow detection independent of cgroup version

Open gmasil opened this issue 3 years ago • 3 comments

When using cgroup v2 the docker-workflow-plugin cannot determine if it is running inside a container by checking /proc/self/cgroup anymore.

JIRA: https://issues.jenkins.io/browse/JENKINS-64608

I suggest using an environment variable telling the plugin if Jenkins is running inside a container, so we are independent of cgroup version. I called the env var JENKINS_RUNNING_IN_CONTAINER which has to be set to true. This could be done in Jenkins' Dockerfile, so no configuration has to be changed for example in docker-compose or kubernetes. The container ID is resolved by taking a look into /etc/hostname, which is only giving the short container id, it can be discussed if that could face a problem.

Before I provide tests I would like to get some feedback if the general idea is okay or not.

Background

I recently updated to Debian 11 (providing cgroup v2 support) which broke my Jenkins setup, so I quickly needed a fix. I am using this patched plugin right now in my personal Jenkins and it is working perfectly fine.

Addendum

Here the question is asked how to obtain docker info when cgroup v2 is enabled, still unanswered: https://stackoverflow.com/questions/68816329/how-to-get-docker-container-id-from-within-the-container-with-cgroup-v2

Checklist

  • [x] Make sure you are opening from a topic/feature/bugfix branch (right side) and not your main branch!
  • [X] Ensure that the pull request title represents the desired changelog entry
  • [x] Please describe what you did
  • [x] Link to relevant issues in GitHub or Jira
  • [ ] Link to relevant pull requests, esp. upstream and downstream changes
  • [ ] Ensure you have provided tests - that demonstrates feature works or fixes the issue

gmasil avatar Sep 01 '21 10:09 gmasil

@rsandell What is the blocking factor making this PR not being merged? I would like to help working on this PR.

leeopop avatar Apr 26 '22 05:04 leeopop

Either

  • This PR should be merged and the new env variable should be set by jenkins/inbound-agent by default
  • The README of jenkins/inbound-agent on docker hub needs to clearly state, that it requires the cgroupns host option
  • Another way of detecting the containerization needs to be implemented

If there is no action on this, a lot of human capital is going to waste diagnosing this issue.

nappy avatar Jun 07 '22 11:06 nappy

I just noticed that I can discover the container ID inside /proc/1/task/1/mountinfo as part of a /containers/${CONTAINER_ID}/.... path. If this is something that works always (at least on cgroup v2) then this approach may be preferable. Especially because I notice that when using --net=host /etc/hostname's content tends to be equal to that of my host.

muggenhor avatar Jul 27 '22 16:07 muggenhor

Try https://repo.jenkins-ci.org/incrementals/org/jenkins-ci/plugins/docker-workflow/523.v69dde87b_2243/docker-workflow-523.v69dde87b_2243.hpi from #280?

jglick avatar Oct 22 '22 01:10 jglick

@jglick Today I was setting up my Jenkins from scratch and I gave your plugin a shot: works perfectly fine under cgroups v2!

gmasil avatar Oct 24 '22 12:10 gmasil