Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

running a normal job works fine, but when trying to use a service container or specifying a container image in a work flow causes the job to fail with #2792

Closed
jandrunas opened this issue Aug 2, 2023 · 3 comments
Closed

running a normal job works fine, but when trying to use a service container or specifying a container image in a work flow causes the job to fail with #2792

jandrunas opened this issue Aug 2, 2023 · 3 comments
Labels
stale

Comments

@jandrunas
Copy link

running a normal job works fine, but when trying to use a service container or specifying a container image in a work flow causes the job to fail with

Failed to update oom_score_adj for PID: 70. [WORKER 2023-08-01 23:48:59Z INFO ProcessInvokerWrapper] System.UnauthorizedAccessException: Access to the path '/proc/70/oom_score_adj' is denied. [WORKER 2023-08-01 23:48:59Z INFO ProcessInvokerWrapper] ---> System.IO.IOException: Permission denied [WORKER 2023-08-01 23:48:59Z INFO ProcessInvokerWrapper] --- End of inner exception stack trace ---

I even copied the exact example from the deep dive video in https://www.youtube.com/watch?v=_F5ocPrv6io

I can connect to the runner and the permissions on /proc look ok, but any attempt to do anything in /proc gives permissions denied even as root or with sudo

the jobs run just fine on hosted runners, and were running just fine using 0.27.4 with runner deployments

.github/workflows/stupid_test.yml

this fails

---
name: stupid_test
on:
  workflow_dispatch

jobs:
  build-and-test:
    runs-on: arc-runner-set
    container:
      image: ghcr.io/actions/actions-runner:latest
    steps:
      - name: Trials
        run: |
          echo "Hello World" >> $GITHUB_STEP_SUMMARY
          sleep 720
        env:
          REDIS_HOST: redis
          REDIS_PORT: 6379

this does not

---
name: stupid_test
on:
  workflow_dispatch

jobs:
  build-and-test:
    runs-on: arc-runner-set
    steps:
      - name: Trials
        run: |
          echo "Hello World" >> $GITHUB_STEP_SUMMARY
          sleep 720
        env:
          REDIS_HOST: redis
          REDIS_PORT: 6379

values.yaml

githubConfigUrl: "https://github.com/PollyEx"
githubConfigSecret: "controller-manager"
maxRunners: 20
minRunners: 1
containerMode:
  type: "kubernetes"
  kubernetesModeWorkVolumeClaim:
    accessModes: ["ReadWriteOnce"]
    storageClassName: "ebs"
    resources:
      requests:
        storage: 10Gi
        cpu: "1000m"
        memory: "2Gi"
template:
  spec:
    securityContext:
      fsGroup: 1001
    containers:
      - name: runner
        image: ghcr.io/actions/actions-runner:latest
        imagePullPolicy: Always
        command: ["/home/runner/run.sh"]
        env:
          - name: ACTIONS_RUNNER_CONTAINER_HOOKS
            value: /home/runner/k8s/index.js
          - name: ACTIONS_RUNNER_POD_NAME
            valueFrom:
              fieldRef:
                fieldPath: metadata.name
          - name: ACTIONS_RUNNER_REQUIRE_JOB_CONTAINER
            value: "false"
        volumeMounts:
          - name: work
            mountPath: /home/runner/_work
        volumes:
          - name: work
            ephemeral:
              volumeClaimTemplate:
                spec:
                  accessModes: ["ReadWriteOnce"]
                  storageClassName: "ebs"
                  resources:
                    requests:
                      storage: 10Gi
@github-actions
Copy link
Contributor

github-actions bot commented Aug 2, 2023

Hello! Thank you for filing an issue.

The maintainers will triage your issue shortly.

In the meantime, please take a look at the troubleshooting guide for bug reports.

If this is a feature request, please review our contribution guidelines.

@nikola-jokic
Copy link
Member

Hey @jandrunas,

Your values.yaml should not be written this way. The containerMode field provides out-of-box way to add fields required by the container hook. The documented fields are a preview of what will be generated in case you are using containerMode kubernetes.
Since you have used that extended spec in the template.containers, your containerMode should be commented out.

In the video, the template spec looks like the following:

template:
  spec:
    containers:
    - name: runner
      image: ghcr.io/actions/actions-runner:latest
      command: ["/home/runner/run.sh"]
      env:
      - name: ACTIONS_RUNNER_REQUIRE_JOB_CONTAINER
        value: "false"

@github-actions
Copy link
Contributor

github-actions bot commented Sep 4, 2023

This issue is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 5 days.

@github-actions github-actions bot added the stale label Sep 4, 2023
@bobertrublik bobertrublik mentioned this issue Sep 12, 2023
Closed
7 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
stale
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jandrunas @nikola-jokic