Pivotal Cloud Foundry (PCF) Deployments 1.11 and above with the File Integrity Monitoring (FIM) add-on deployed to Diego cells.
This article is about the PCF configurations where the File Integrity Monitoring (FIM) add-on deployed to Diego cells.
CF pushing an app fails and prints:
"cannot set limits on the memory cgroup, as the container has not joined it"
This was originally discovered and reported by the Diego team (https://github.com/cloudfoundry/garden-runc-release/issues/74)
FIM colocated alongside Garden has a rare compatibility issue. FIM will make system resources (cgroups) temporarily unavailable to garden during FIM's startup. If Garden happens to create a container during this time, it will fail with the above message.
Subsequent CF pushes won't fail for the same reason after a few seconds. This because a few seconds is more than enough time for FIM to remount the cgroups.
We're not aware of this ever occurring in production, it was self-discovered by Diego. FIM is doing work to prevent this problem from occurring in future versions of FIM.