Home > Blockchain >  Docker jenkins ssh-agent "not running inside container" on Ubuntu 22.04
Docker jenkins ssh-agent "not running inside container" on Ubuntu 22.04

Time:05-20

Now that Ubuntu 22.04 is released I did a clean install on one of our jenkins-workers to test it but I can't get the docker ssh-agent to work properly. It can no longer identify that it's running inside a container, so whenever a job is launching that uses docker I can see in the console "Jenkins-worker-X does not seem to be running inside a container", followed by the pipeline failing.

I know from before that jenkins uses cgroup information to detect whether it's running in a container, so e.g. executing cat /proc/self/cgroup in a container should result in a list of lines ending with /docker/<container-id>, which is then used by Jenkins to detect the container. However, once I installed Ubuntu 22.04 the cgroup information no longer contains the /docker/<container-id> which causes the jenkins agent to think it's running on bare metal.

Even executing the official image has the same problem, i.e. docker run jenkins/ssh-agent:jdk11 followed by docker exec <container-id> cat /proc/self/cgroup ends up with a list without the container hashes on my machine.

How do I troubleshoot this? Has something changed from Ubuntu 21.10 to 22.04 that causes this problem? Is some extra configuration necessary?

I'm running latest Ubuntu 22.04 (5.15.0-27-generic), Docker version 20.10.12, build 20.10.12-0ubuntu4.

Any help would be appreciated!

EDIT: I now realized that the same thing happens in 21.10 if you upgrade all packages to the latest version (and use the latest jenkins/ssh-agent image), so the cause might be in one of the upgraded packages

CodePudding user response:

It turned out that the problem was related to cgroup v2 after all. It seems that when using v2 the cgroup namespace is private by default when you create a container, in my case the Jenkins agents, which caused the container id to not be available in /proc/self/cgroup.

The easy solution is to run the docker container with --cgroupns host as suggested in another question here. When I did that Jenkins could once again detect the container it's running inside.

An update was probably released for Ubuntu 21.10 switching to cgroup v2, just as I posted the question, since I could later reproduce the issue there as well.

Page link:https//www.codepudding.com/Blockchain/413650.html

Prev:unable to connect cloud sql from app engine
Next:hive fetch result from hdfs is too slow, because of too many the map only task, How can I merge the
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding