Bug#1073148: containerd: containerd-shim hangs at poweroff/reboot on 1.4

Thu, 13 Jun 2024 07:28:47 -0700 

Package: containerd
Version: 1.4.13~ds1-1~deb11u4
Severity: minor

Description:
  When we start a container using Docker usually through a systemd service or 
via the command line and user does not handle
the termination of the running container, the containerd-shim process hangs 
during poweroff/reboot sequence. 
e.g systemd-shutdown[1]: Waiting for process: 2011 (containerd-shim)
Although this behavior seems normal from my perspective because it forces the 
user to take action and make a graceful shutdown.
The right way to stop the containers gracefully was via the systemd service by 
using ExecStop directive primarily(sends the SIGTERM signal from systemd 
service to docker which in turn sends to containerd that handles the container 
shutdown),  TimeoutStopSec and KillSignal=SIGTERM.
  
  Recent changes(1.5>) in containerd have introduced a mechanism that 
automatically handle the termination of running containers during shutdowns, 
contributing to smoother and more reliable system reboots. 
https://github.com/containerd/containerd/pull/5828
Now the ExecStop directive and TimeoutStopSec configuration remains just an 
addition to the implemented mechanism. 


Steps to reproduce:
1. the easiest to reproduce is from the command line # docker pull --platform 
linux/arm64 alpine
2. # docker run -d --name container-test alpine tail -f /dev/null
3. # docker ps
CONTAINER ID   IMAGE     COMMAND               CREATED         STATUS         
PORTS     NAMES
57e1c1658c20   alpine    "tail -f /dev/null"   8 seconds ago   Up 5 seconds     
        container-test
4. # systemctl reboot

Expected results:
To be in sync with containerd versions (1.5>) maybe we can backport the changes 
from 1.5 to 1.4 as stated here 
https://github.com/containerd/containerd/pull/5828

Actual results:
Without proper handling of the shutdown we get systemd-shutdown[1]: Waiting for 
process: 2011 (containerd-shim)

Environment:
Debian version: bullseye
Architecture: all architectures

Additional information:
I've added the backported patch from 1.5 in case this is wanted in this 1.4 
version.

Attachment: 0001-shimv2-handle-sigint-sigterm.patch
Description: 0001-shimv2-handle-sigint-sigterm.patch

Reply via email to