The GitHub Actions DinD environment failed to start inner containers due to
cgroup v2 namespace isolation problems ('cannot enter cgroupv2 ... invalid state').
To resolve this, all docker run calls inside the CI workflow were updated
to include --cgroupns=host, ensuring the inner dockerd inherits the host
cgroup namespace instead of being sandboxed.
This aligns the CI runtime with the expectations of runc and prevents OCI-level
container creation failures.
Details and troubleshooting steps documented here:
https://chatgpt.com/share/6930e285-9604-800f-aad8-7a81c928548c
Includes:
- Rewrite of test-deploy workflow to use isolated inner dockerd with privileged mode.
- Switch logging drivers to 'json-file' when IS_CONTAINER=true for compatibility with non-systemd CI runners.
- Adjust Dockerfile to install docker CLI and simplify package setup.
- Improve inventory creation and deploy steps for CI stability.
- Fully compatible with Ansible 2.20 variable handling.
Conversation reference:
https://chatgpt.com/share/6930e285-9604-800f-aad8-7a81c928548c
- Introduce global IS_CONTAINER flag based on ansible_virtualization facts
- Skip systemd-based handlers and tasks when running inside containers
- Extend EXCLUDED_ROLES list in GitHub Actions test-deploy workflow
- Ensure docker.sock is mounted for all CI deploy stages
- Improve sys-svc-docker by suppressing service restarts inside containers
- Add meta: flush_handlers to properly trigger delayed docker restarts
- Update sys-service handlers with container guards
- Update sys-timer tasks to avoid systemctl inside CI containers
- Enhance drv-non-free role with Manjaro detection and mhwd fallback warning
- Skip swapfile generation in containers
- Minor service template fixes and cleanup in proxy.conf.j2
Details and discussion: https://chatgpt.com/share/6930a4ca-56f4-800f-9b3d-4791f040a03b
- Renamed test-cli.yml to test-code.yml and updated job name.
- Extended timeout for test-deploy workflow from 30 to 240 minutes.
- Skipped Ansible timezone configuration inside Docker/Podman/containerd to avoid write errors in CI.
- Added --skip-tests to the initial deploy step for improved CI stability.
Origin: https://chatgpt.com/share/69301c58-6628-800f-9e3a-f026c01b6e17
