Skip to content

Add support for cgroup_parent setting on Docker executor

Stefano Tenuta requested to merge stenuta/gitlab-runner:28644-allow-cgroup-parent-docker-executor into main

What does this MR do?

Adds support for the cgroup_parent option Docker executor.

Why was this MR needed?

Without this MR there are some scenarios where setting CPU/memory limits for Docker executor cannot work (e.g. rootless environment without Systemd)

What's the best way to test this MR?

Shorter test

  • Run a CI job
  • Execute docker inspect <my job's container id> | grep "CgroupParent" on runner's host
  • Result should be "CgroupParent": "",
  • Now add cgroup_parent=<name of the new cgroup> to runner's config.toml
  • Run a CI job
  • Execute docker inspect <my job's container id> | grep "CgroupParent" on runner's host
  • Result should be "CgroupParent": "<name of the new cgroup>",

Longer test

  • Prepare a rootless Podman environment (at least Podman 4.x) on Alpine (with OpenRC)
  • Configure runner to use the rootless Podman socket
  • Add cpuset_cpus=0 to runner's config.toml
  • Run a CI job that executes nproc
  • This will either fail or nproc will report a value higher than 1
  • Now create a cgroup and assign it to the user that owns the socket
  • Add cgroup_parent=<name of the new cgroup> to runner's config.toml
  • Re-run the previous job
  • nproc will now print 1

What are the relevant issue numbers?

#28644

Edited by Stefano Tenuta

Merge request reports