GHA ubuntu-latest image will break `ansible-test --docker` for many stable branches

[felixfontein]

GHA ubuntu-latest image will break ansible-test --docker

Github has been migrating ubuntu-latest from 20.04 to 22.04 and it comes with cgroups v2, which in turn breaks current release versions of ansible-test when used in combination of --docker flag.

This also applies, if the ansible-test-gh-action is used.

@mattclay has been working hard in bringing support for cgroups v2 in https://github.com/ansible/ansible/pull/78550 and is working even harder now trying to backport this down to stable-2.12.

Until then, the best course of action is to use ubuntu-20.04 image for GHA CI jobs involving ansible-test:

- runs-on: ubuntu-latest
+ runs-on: ubuntu-20.04

EOL versions <= ansible/stable-2.11

If you are testing against ansible/stable-2.11 or lower, ubuntu-20.04 is a permanent solution as the backport will not reach EOL versions.

(Thanks to @kristianheljas for preparing this announcement.)

[felixfontein]

If you want to discuss this, please use: https://github.com/ansible-collections/news-for-maintainers/discussions/29

https://github.com/ansible-collections/collection_template/pull/54 shows how you can use ubuntu-latest for all CI runs except the ones that need ubuntu-20.04.

The following list of stable branches still needs ubuntu-20.04 since no backport has been created and/or merged. This list will be updated over time:

• stable-2.9 (EOL)
• stable-2.10 (EOL)
• stable-2.11 (EOL)

The EOL versions stable-2.9, stable-2.10, and stable-2.11 seem to work with ubuntu-latest for some of the containers, so you could also try using ubuntu-latest for them if you prefer.

[felixfontein]

Backports for stable-2.13 and stable-2.14 have been merged:

• https://github.com/ansible/ansible/pull/79538
• https://github.com/ansible/ansible/pull/79507

[felixfontein]

A backport for stable-2.12 has been merged:

• https://github.com/ansible/ansible/pull/79611

[felixfontein]

30 means that the milestone branch will now also work. So the only remaining branches that need ubuntu-20.04 are the EOL branches stable-2.9, stable-2.10, and stable-2.11.

[briantist]

30 means that the milestone branch will now also work. So the only remaining branches that need ubuntu-20.04 are the EOL branches stable-2.9, stable-2.10, and stable-2.11.

I have not needed to pin to 20.04 even for EoL branches once the change was backported to 2.13, possibly due to my using only the default container?

[mattclay]

Without the backported changes, the default container in 2.12 and earlier is partially functional with cgroup v2 (and other configurations lacking a systemd cgroup v1 hierarchy). This is due to the container being based on Ubuntu 18.04, which has an older systemd that hangs on failure instead of exiting. That keeps the container running, so it can work as a controller, but it is unable to run services, such as sshd.

With the changes backported to 2.12, some users that were previously able to use the default container will encounter an error instead: The container host provides cgroup v1, but does not appear to be running systemd.

If this occurs, a possible work-around is to use the options --controller docker:default,cgroup=none instead of the --docker default option. This is only effective for containers with an older systemd.