Azure-devops-docs: AgentService.js does not reap zombie processes
For Linux docker containers, exec ./externals/node/bin/node ./bin/AgentService.js interactive becomes PID 1, but it does not reap zombie processes. Docker containers that run multiple pipeline jobs end up with a huge amount of zombie processes which makes it harder to troubleshoot.
The quick fix is to use docker run --init which causes PID 1 to be /sbin/docker-init, which will reap zombie processes. It will also forward signals, so AgentService.js should still get the TERM and INT signals that it needs to restart and self-update.
I think the documentation should be updated to tell the user either:
- Use
docker run --init - The Dockerfile should install an init program
Alternatively, AgentService.js could be updated to reap zombie processes.
https://ahmet.im/blog/minimal-init-process-for-containers/
Document Details
⚠Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.
- ID: b31d4f6c-d16d-2ba1-1294-6aa94e328046
- Version Independent ID: 88aec599-4410-697d-1002-1c41b1c17bb6
- Content: Running a self-hosted agent in Docker - Azure Pipelines
- Content Source: docs/pipelines/agents/docker.md
- Product: devops
- Technology: devops-cicd-agents
- GitHub Login: @steved0x
- Microsoft Alias: sdanie
egrubbs
All 5 comments
@egrubbs Thank you for the feedback, I am passing this along to the team.
steved0x
on 9 Mar 2020
We don't really expect containers to run for longer than the length of a single job. Can you share more about your use case?
vtbassmatt
on 9 Mar 2020
Microsoft-hosted agents exist in containers that only run for a single job, but the documentation for setting up a docker self-hosted agent uses the default behavior of AgentService.js, which continually requests new jobs.
The documentation for self-hosted Linux (not specific to docker) mentions the ability to use ./run.sh once to only process a single job, but the documentation does not recommend this as the normal way to run an agent. It even has directions on using systemd to run the agent as a service.
https://docs.microsoft.com/en-us/azure/devops/pipelines/agents/v2-linux?view=azure-devops#run-once
Only processing a single job per container is not mentioned at all in the documentation for setting up a self-hosted Linux agents inside of docker.
https://docs.microsoft.com/en-us/azure/devops/pipelines/agents/docker?view=azure-devops#linux
egrubbs
on 9 Mar 2020
Good point, I should update our recommendations there. For a normal, VM-based self-hosted agent, it's not common to want --once. For container-based agents running in some kind of outside orchestrator (Kubernetes, ACI, etc.), we do recommend --once so that the agent goes away and the orchestrator can reap the container.
vtbassmatt
on 13 Mar 2020
A doc-based fix has been merged and should publish today. I'm closing this issue since I'm likely to forget to circle back to it.
vtbassmatt
on 13 Mar 2020
Related issues
atrauzzi
·
3Comments
EM1L
·
3Comments
michhar
·
3Comments
sandeepzgk
·
3Comments
cijujoseph
·
3Comments