Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Container check does not work #363

Open
johnmaguire opened this issue Mar 8, 2023 · 1 comment · May be fixed by #408
Open

Container check does not work #363

johnmaguire opened this issue Mar 8, 2023 · 1 comment · May be fixed by #408

Comments

@johnmaguire
Copy link

johnmaguire commented Mar 8, 2023
edited
Loading

We're seeing failures to "run" the service under Docker due to syslog not being available. It seems there are container checks present but they are not firing:

service/service_linux.go

Lines 80 to 89 in a1c091b

f, err := os.Open(cgroupPath)
if err != nil {
return false, err
}
defer f.Close()
scan := bufio.NewScanner(f)
lines := 0
for scan.Scan() && !(lines > maxlines) {
if strings.Contains(scan.Text(), "docker") || strings.Contains(scan.Text(), "lxc") {

Inside the container, the cgroup file does not show "lxc" or "docker." (Tested Alpine 3.17 and Debian 11.6 under Arch Linux 6.1.3 and MacOS Ventura 13.2.

❯ docker run alpine cat /proc/1/cgroup
0::/
❯ docker run debian cat /proc/1/cgroup
0::/

❯ uname -a
Linux Acheron 6.1.3-arch1-1 #1 SMP PREEMPT_DYNAMIC Wed, 04 Jan 2023 16:28:15 +0000 x86_64 GNU/Linux
❯ docker info
Client:
 Context:    default
 Debug Mode: false
 Plugins:
  compose: Docker Compose (Docker Inc.)
    Version:  2.16.0
    Path:     /usr/lib/docker/cli-plugins/docker-compose

Server:
 Containers: 14
  Running: 13
  Paused: 0
  Stopped: 1
 Images: 36
 Server Version: 20.10.22
 Storage Driver: overlay2
  Backing Filesystem: extfs
  Supports d_type: true
  Native Overlay Diff: false
  userxattr: false
 Logging Driver: json-file
 Cgroup Driver: systemd
 Cgroup Version: 2
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
 Swarm: inactive
 Runtimes: io.containerd.runc.v2 io.containerd.runtime.v1.linux nvidia runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: 9ba4b250366a5ddde94bb7c9d1def331423aa323.m
 runc version:
 init version: de40ad0
 Security Options:
  seccomp
   Profile: default
  cgroupns
 Kernel Version: 6.1.3-arch1-1
 Operating System: Arch Linux
 OSType: linux
 Architecture: x86_64
 CPUs: 4
 Total Memory: 31.32GiB
 Name: Acheron
 ID: J6LO:L2GH:7KPO:5P2B:XWUN:HHW4:IOJZ:TBJH:GP6M:HXK4:FUBM:5EV3
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 Username: jmaguire
 Registry: https://index.docker.io/v1/
 Experimental: false
 Insecure Registries:
  127.0.0.0/8
 Live Restore Enabled: false

❯ uname -a
Darwin Johns-MacBook-Pro.local 22.3.0 Darwin Kernel Version 22.3.0: Thu Jan  5 20:48:54 PST 2023; root:xnu-8792.81.2~2/RELEASE_ARM64_T6000 arm64
❯ docker info
Client:
 Context:    default
 Debug Mode: false
 Plugins:
  buildx: Docker Buildx (Docker Inc., v0.7.1)
  compose: Docker Compose (Docker Inc., v2.2.3)
  scan: Docker Scan (Docker Inc., v0.16.0)

Server:
 Containers: 48
  Running: 3
  Paused: 0
  Stopped: 45
 Images: 50
 Server Version: 20.10.12
 Storage Driver: overlay2
  Backing Filesystem: extfs
  Supports d_type: true
  Native Overlay Diff: true
  userxattr: false
 Logging Driver: json-file
 Cgroup Driver: cgroupfs
 Cgroup Version: 2
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
 Swarm: inactive
 Runtimes: io.containerd.runc.v2 io.containerd.runtime.v1.linux runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: 7b11cfaabd73bb80907dd23182b9347b4245eb5d
 runc version: v1.0.2-0-g52b36a2
 init version: de40ad0
 Security Options:
  seccomp
   Profile: default
  cgroupns
 Kernel Version: 5.10.76-linuxkit
 Operating System: Docker Desktop
 OSType: linux
 Architecture: aarch64
 CPUs: 5
 Total Memory: 3.841GiB
 Name: docker-desktop
 ID: U5SA:S6XL:A6EC:AB5K:YE5E:HDC5:LWFY:3ZTU:BIPX:2BHE:USKA:KHIE
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 Registry: https://index.docker.io/v1/
 Labels:
 Experimental: false
 Insecure Registries:
  127.0.0.0/8
 Live Restore Enabled: false
@benoitdm-oslandia
Copy link

According to https://www.baeldung.com/linux/is-process-running-inside-container the current check works with old cgroup version. Newer version needs to parse /proc/self/mountinfo or check for /.dockerenv.

This was referenced Dec 5, 2024
Closed
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
2 participants
@johnmaguire @benoitdm-oslandia