[SRU] update containerd:amd64 1.3.3-0 stops docker daemon
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
containerd (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Xenial |
Fix Released
|
Undecided
|
Unassigned | ||
Bionic |
Fix Released
|
Undecided
|
Unassigned | ||
Focal |
Fix Released
|
Undecided
|
Unassigned | ||
Groovy |
Fix Released
|
Undecided
|
Unassigned | ||
Hirsute |
Fix Released
|
Undecided
|
Unassigned | ||
docker.io (Ubuntu) |
Fix Released
|
Critical
|
Unassigned | ||
Xenial |
Fix Released
|
Critical
|
Unassigned | ||
Bionic |
Fix Released
|
Critical
|
Unassigned | ||
Focal |
Fix Released
|
Critical
|
Unassigned | ||
Groovy |
Fix Released
|
Critical
|
Unassigned | ||
Hirsute |
Fix Released
|
Critical
|
Unassigned |
Bug Description
[Impact]
Docker uses containerd under the hood. When containerd is upgraded it stops and restarts its service; docker stops when containerd stops but doesn’t restart. Particularly when doing unattended upgrades, an SRU fix rolled out for containerd can result in unexpected and widespread service outages for docker.
[Test Case]
$ sudo apt install docker.io
$ sudo systemctl start docker
$ systemctl status docker | grep Active
Active: active (running) since[...]
$ systemctl status containerd | grep Active
Active: active (running) since[...]
$ docker pull ubuntu/redis:latest
$ docker run -e REDIS_PASSWORD=1234 --network host \
--name test-redis -d ubuntu/redis:latest
$ telnet localhost 6379
$ docker container logs test-redis
$ sudo apt install --reinstall containerd
$ systemctl status containerd | grep Active
Active: active (running) since
$ systemctl status docker | grep Active
Active: inactive (dead) since [...]; 8s ago
$ docker container logs test-redis
[Where Problems Could Occur]
The challenge with this issue is addressing all important corner cases, and as such the biggest risk is that we miss a corner case and fail to keep the two services running when they should. Areas to watch will be failures during start/stop/
[Original Report]
hello we have had in several vms, the problem that after updating to " containerd:amd64 1.3.3" the docker daemon is stopped and so are all running containers
the vms run with ubuntu 18.04.1/18.04.2
journal log during the update:
```
-- Logs begin at Tue 2020-01-14 09:58:27 CET, end at Fri 2020-04-03 11:30:39 CEST. --
Apr 03 06:09:09 server dockerd[1751]: time="2020-
Apr 03 06:09:09 server dockerd[1751]: time="2020-
Apr 03 06:09:14 server interface_
Apr 03 06:09:14 server interface_
Apr 03 06:09:24 server dockerd[1751]: time="2020-
Apr 03 06:09:24 server dockerd[1751]: time="2020-
Apr 03 06:09:31 server systemd[1]: Starting Daily apt upgrade and clean activities...
Apr 03 06:09:39 server dockerd[1751]: time="2020-
Apr 03 06:09:39 server dockerd[1751]: time="2020-
Apr 03 06:09:43 server systemd[1]: Stopping Docker Application Container Engine...
Apr 03 06:09:43 server dockerd[1751]: time="2020-
Apr 03 06:09:43 server dockerd[1751]: time="2020-
Apr 03 06:09:43 server dockerd[1751]: time="2020-
Apr 03 06:09:43 server systemd[1]: Stopped Docker Application Container Engine.
Apr 03 06:09:43 server systemd[1]: Stopping containerd container runtime...
Apr 03 06:09:43 server systemd[1]: Closed Docker Socket for the API.
Apr 03 06:09:43 server containerd[1736]: time="2020-
Apr 03 06:09:43 server containerd[1736]: time="2020-
Apr 03 06:09:43 server containerd[1736]: time="2020-
Apr 03 06:09:43 server containerd[1736]: time="2020-
Apr 03 06:09:43 server systemd[1]: Stopped containerd container runtime.
Apr 03 06:09:47 server systemd[1]: Reloading.
Apr 03 06:09:48 server systemd[1]: Reloading.
Apr 03 06:09:49 server systemd[1]: Reloading.
Apr 03 06:09:49 server systemd[1]: Starting containerd container runtime...
Apr 03 06:09:49 server containerd[1904]: time="2020-
Apr 03 06:09:49 server systemd[1]: Started containerd container runtime.
Apr 03 06:09:50 server containerd[1904]: time="2020-
Apr 03 06:09:50 server containerd[1904]: time="2020-
Apr 03 06:09:50 server containerd[1904]: time="2020-
Apr 03 06:09:50 server containerd[1904]: time="2020-
Apr 03 06:09:50 server containerd[1904]: time="2020-
Apr 03 06:09:50 server containerd[1904]: time="2020-
Apr 03 06:09:50 server containerd[1904]: time="2020-
Apr 03 06:09:50 server containerd[1904]: time="2020-
Apr 03 06:09:50 server containerd[1904]: time="2020-
Apr 03 06:09:50 server containerd[1904]: time="2020-
Apr 03 06:09:50 server containerd[1904]: time="2020-
Apr 03 06:09:50 server containerd[1904]: time="2020-
Apr 03 06:09:50 server containerd[1904]: time="2020-
Apr 03 06:09:50 server containerd[1904]: time="2020-
Apr 03 06:09:50 server containerd[1904]: time="2020-
Apr 03 06:09:50 server containerd[1904]: time="2020-
Apr 03 06:09:50 server containerd[1904]: time="2020-
Apr 03 06:09:50 server containerd[1904]: time="2020-
Apr 03 06:09:50 server containerd[1904]: time="2020-
Apr 03 06:09:50 server containerd[1904]: time="2020-
Apr 03 06:09:50 server containerd[1904]: time="2020-
Apr 03 06:09:50 server containerd[1904]: time="2020-
Apr 03 06:09:50 server containerd[1904]: time="2020-
Apr 03 06:09:50 server containerd[1904]: time="2020-
Apr 03 06:09:50 server containerd[1904]: time="2020-
Apr 03 06:09:50 server containerd[1904]: time="2020-
Apr 03 06:09:50 server containerd[1904]: time="2020-
Apr 03 06:09:50 server containerd[1904]: time="2020-
Apr 03 06:09:50 server containerd[1904]: time="2020-
Apr 03 06:09:50 server containerd[1904]: time="2020-
Apr 03 06:09:50 server containerd[1904]: time="2020-
Apr 03 06:09:50 server containerd[1904]: time="2020-
Apr 03 06:09:50 server containerd[1904]: time="2020-
Apr 03 06:09:50 server containerd[1904]: time="2020-
Apr 03 06:09:50 server containerd[1904]: time="2020-
Apr 03 06:09:50 server containerd[1904]: time="2020-
Apr 03 06:09:50 server containerd[1904]: time="2020-
Apr 03 06:09:50 server containerd[1904]: time="2020-
Apr 03 06:09:50 server containerd[1904]: time="2020-
Apr 03 06:09:50 server containerd[1904]: time="2020-
Apr 03 06:09:50 server containerd[1904]: time="2020-
Apr 03 06:09:50 server containerd[1904]: time="2020-
Apr 03 06:09:50 server containerd[1904]: time="2020-
Apr 03 06:09:50 server containerd[1904]: time="2020-
Apr 03 06:09:50 server containerd[1904]: time="2020-
Apr 03 06:09:50 server containerd[1904]: time="2020-
Apr 03 06:09:50 server containerd[1904]: time="2020-
Apr 03 06:09:50 server containerd[1904]: time="2020-
Apr 03 06:09:50 server containerd[1904]: time="2020-
Apr 03 06:09:50 server containerd[1904]: time="2020-
Apr 03 06:09:50 server containerd[1904]: time="2020-
Apr 03 06:09:50 server containerd[1904]: time="2020-
Apr 03 06:10:08 server systemd[1]: Reloading.
Apr 03 06:10:08 server systemd[1]: Stopping LSB: automatic crash report generation...
Apr 03 06:10:08 server apport[2377]: * Stopping automatic crash report generation: apport
Apr 03 06:10:08 server apport[2377]: ...done.
Apr 03 06:10:08 server systemd[1]: Stopped LSB: automatic crash report generation.
Apr 03 06:10:09 server systemd[1]: Reloading.
Apr 03 06:10:09 server systemd[1]: Reloading.
Apr 03 06:10:11 server systemd[1]: Reloading.
Apr 03 06:10:11 server systemd[1]: Reloading.
Apr 03 06:10:12 server systemd[1]: Reloading.
Apr 03 06:10:12 server systemd[1]: Starting LSB: automatic crash report generation...
Apr 03 06:10:12 server apport[2666]: * Starting automatic crash report generation: apport
Apr 03 06:10:12 server apport[2666]: ...done.
Apr 03 06:10:12 server systemd[1]: Started LSB: automatic crash report generation.
Apr 03 06:10:12 server systemd[1]: Reloading.
Apr 03 06:10:18 server systemd[1]: Started Daily apt upgrade and clean activities.
```
Related branches
- Sergio Durigan Junior (community): Approve
- Canonical Server: Pending requested
-
Diff: 30 lines (+10/-1)2 files modifieddebian/changelog (+9/-0)
debian/control (+1/-1)
- Sergio Durigan Junior (community): Approve
- Canonical Server: Pending requested
-
Diff: 40 lines (+12/-2)2 files modifieddebian/changelog (+10/-0)
debian/control (+2/-2)
- Sergio Durigan Junior (community): Approve
- Canonical Server: Pending requested
-
Diff: 29 lines (+10/-0)2 files modifieddebian/changelog (+9/-0)
debian/control (+1/-0)
- Sergio Durigan Junior (community): Approve
- Canonical Server: Pending requested
-
Diff: 29 lines (+10/-0)2 files modifieddebian/changelog (+9/-0)
debian/control (+1/-0)
- Sergio Durigan Junior (community): Approve
- Canonical Server: Pending requested
-
Diff: 117 lines (+85/-0)4 files modifieddebian/changelog (+12/-0)
debian/patches/do-not-bind-docker-to-containerd.patch (+64/-0)
debian/patches/series (+1/-0)
debian/rules (+8/-0)
- Sergio Durigan Junior (community): Approve
- Canonical Server: Pending requested
-
Diff: 132 lines (+90/-1)5 files modifieddebian/changelog (+16/-0)
debian/control (+1/-1)
debian/patches/do-not-bind-docker-to-containerd.patch (+64/-0)
debian/patches/series (+1/-0)
debian/rules (+8/-0)
- Sergio Durigan Junior (community): Approve
- Canonical Server: Pending requested
-
Diff: 115 lines (+85/-0)4 files modifieddebian/changelog (+12/-0)
debian/patches/do-not-bind-docker-to-containerd.patch (+64/-0)
debian/patches/series (+1/-0)
debian/rules (+8/-0)
- Sergio Durigan Junior (community): Approve
- Canonical Server: Pending requested
-
Diff: 116 lines (+85/-0)4 files modifieddebian/changelog (+12/-0)
debian/patches/do-not-bind-docker-to-containerd.patch (+64/-0)
debian/patches/series (+1/-0)
debian/rules (+8/-0)
- Steve Langasek (community): Approve
- Michael Hudson-Doyle: Pending requested
- Paulo Flabiano Smorigo: Pending requested
- git-ubuntu bot: Pending requested
- Dimitri John Ledkov: Pending requested
- Canonical Server: Pending requested
- Canonical Server packageset reviewers: Pending requested
-
Diff: 111 lines (+80/-0)4 files modifieddebian/changelog (+12/-0)
debian/patches/do-not-bind-docker-to-containerd.patch (+64/-0)
debian/patches/series (+1/-0)
debian/rules (+3/-0)
affects: | ubuntu → containerd (Ubuntu) |
tags: | added: regression-proposed |
no longer affects: | containerd (Ubuntu Focal) |
no longer affects: | containerd (Ubuntu Focal) |
tags: |
added: regression-security removed: regression-proposed |
Changed in containerd (Ubuntu): | |
importance: | Undecided → Critical |
Changed in containerd (Ubuntu Xenial): | |
importance: | Undecided → Critical |
Changed in containerd (Ubuntu Bionic): | |
importance: | Undecided → Critical |
Changed in containerd (Ubuntu Focal): | |
importance: | Undecided → Critical |
status: | New → In Progress |
Changed in containerd (Ubuntu Bionic): | |
status: | Confirmed → In Progress |
Changed in containerd (Ubuntu Xenial): | |
status: | Confirmed → In Progress |
Changed in containerd (Ubuntu): | |
status: | Confirmed → In Progress |
Changed in containerd (Ubuntu Groovy): | |
status: | New → In Progress |
importance: | Undecided → Critical |
description: | updated |
summary: |
- update containerd:amd64 1.3.3-0 stops docker daemon + [SRU] update containerd:amd64 1.3.3-0 stops docker daemon |
containerd:amd64 1.3.3-0ubuntu1~ 18.04.2