{CI} Use Ubuntu 24.04 on ARM agent #31158
Conversation
️✔️AzureCLI-FullTest
|
️✔️AzureCLI-BreakingChangeTest
|
|
Thank you for your contribution! We will review the pull request and get back to you soon. |
|
The git hooks are available for azure-cli and azure-cli-extensions repos. They could help you run required checks before creating the PR. Please sync the latest code with latest dev branch (for azure-cli) or main branch (for azure-cli-extensions). pip install azdev --upgrade
azdev setup -c <your azure-cli repo path> -r <your azure-cli-extensions repo path>
|
microsoft-github-policy-service
bot
requested review from
Pan-Qi,
jiasli,
jsntcy,
kairu-ms,
wangzelin007 and
yonzhan
| echo "Docker is already installed on AMD64" | ||
| exit 0 | ||
| fi | ||
| # https://docs.docker.com/engine/security/rootless/ |
There was a problem hiding this comment.
Not able to install rootless docker in 22.04 and 24.04.
Ubuntu use cgroup v2 after 22.04. Docker keeps raising docker: Error response from daemon: open /sys/fs/cgroup/user.slice/user-1000.slice/cgroup.controllers: no such file or directory when run docker, but /sys/fs/cgroup/user.slice/ and other files exist. I guess user-1000 is not logged in and this folder does not exist.
+ ls /sys/fs/cgroup/user.slice/
cgroup.controllers
cgroup.events
cgroup.freeze
cgroup.kill
cgroup.max.depth
cgroup.max.descendants
cgroup.pressure
cgroup.procs
cgroup.stat
cgroup.subtree_control
cgroup.threads
cgroup.type
cpu.idle
cpu.max
cpu.max.burst
cpu.pressure
cpu.stat
cpu.stat.local
cpu.uclamp.max
cpu.uclamp.min
cpu.weight
cpu.weight.nice
cpuset.cpus
cpuset.cpus.effective
cpuset.cpus.exclusive
cpuset.cpus.exclusive.effective
cpuset.cpus.partition
cpuset.mems
cpuset.mems.effective
io.max
io.pressure
io.prio.class
io.stat
io.weight
memory.current
memory.events
memory.events.local
memory.high
memory.low
memory.max
memory.min
memory.numa_stat
memory.oom.group
memory.peak
memory.pressure
memory.reclaim
memory.stat
memory.swap.current
memory.swap.events
memory.swap.high
memory.swap.max
memory.swap.peak
memory.zswap.current
memory.zswap.max
memory.zswap.writeback
pids.current
pids.events
pids.max
pids.peak
This issue is the same as this one, but there has been no response. https://forums.docker.com/t/docker-rootless-mode-issues-on-ubuntu-server-22-04-lts-in-aws/145115
There was a problem hiding this comment.
The document https://docs.docker.com/engine/security/rootless/ still exists and is valid. Is user-1000.slice-not-exist an ADO-specific issue?
There was a problem hiding this comment.
Yes. Some say user-1000.slice is created when a user logs in or has a running process, but I can't find any reference.
|
|
||
| # https://docs.docker.com/engine/install/ubuntu/#install-using-the-convenience-script | ||
| curl -fsSL https://get.docker.com/ | sh | ||
| sudo chmod 666 /var/run/docker.sock |
There was a problem hiding this comment.
Use chmod 666 to ensure docker can be used without sudo like runner-image agent.
The official way to do this is add user to docker group. In runner-image repo, this is achieved by adding user to docker group: https://github.com/actions/runner-images/blob/86ef9be8745af78c1e11cce2921532217216c90b/images/ubuntu/scripts/build/install-docker.sh#L49
But we can't re-login for it to take effect in the pipeline.
There was a problem hiding this comment.
runner-image is a general concept. I believe you are trying to mention Microsoft-hosted agents.
There was a problem hiding this comment.
I prefer we stick to the example at https://docs.docker.com/engine/install/ubuntu/#install-using-the-convenience-script, instead of piping to | sh in case something unexpected happens:
There was a problem hiding this comment.
Use
chmod 666to ensuredockercan be used withoutsudolike runner-image agent.
Any reference for this?
There was a problem hiding this comment.
Use
chmod 666to ensuredockercan be used withoutsudolike runner-image agent.Any reference for this?
This error is raised when run docker run hello-world without sudo: docker: permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Head "[http://%2Fvar%2Frun%2Fdocker.sock/_ping"](http://%2Fvar%2Frun%2Fdocker.sock/_ping%22): dial unix /var/run/docker.sock: connect: permission denied.
Change it to 666 is a general way to fix the permission issue.
| ubuntu_multi_core_pool: 'pool-ubuntu-latest-multi-core' | ||
| windows_pool: 'pool-windows-2019' | ||
| ubuntu_arm64_pool: 'ubuntu-arm64-2004-pool' | ||
| ubuntu_arm64_pool: 'pool-ubuntu-latest-arm64' |
There was a problem hiding this comment.
I remember we decided not to use the name latest?
There was a problem hiding this comment.
Using the latest version saves effort by avoiding changes to the pool reference in CI and release pipelines, but it loses the ability to revert back if we encounter severe issues.
We need to be cautious during the agent transition to eliminate the issue we met during the 20.04 deprecation. How about this? We create a temp pool with newer image when we need to update the agent, then test it in the main repository. If everything works fine, we'll update the latest pool with the newer image.
@wangzelin007 for awareness
(cherry picked from commit 2fa70b0)
4 participants
Description
This PR enables
pool-ubuntu-latest-arm64pool, which uses Ubuntu 24.04This PR also changes rootless docker to normal docker.
Related PR: