can we have a daemon restart integration-cli test for this

also thanks for hunting this down, I'm sure it was not the easiest thing to debug

ping @jfrazelle @cpuguy83 add a test, can we run the test with --storage-driver=overlay or devicemapper on Jenkins? The default graphdriver vfs will not trigger the problem

Ah I see well we do this on all master builds for all the graph drivers so
it's ok if it succeeds on vfs without the patch I'll test personally to
make sure it works w overlay before merging :)

But if we have a test then the overlay master build will fail on Jenkins if
we ever have a regression

On Wednesday, April 15, 2015, Lei Jitang notifications@github.com wrote:

ping @jfrazelle https://github.com/jfrazelle @cpuguy83
https://github.com/cpuguy83 add a test, can we run the test with --storage-driver=overlay
or devicemapper on Jenkins? The default graphdriver vfs will not trigger
the problem

—
Reply to this email directly or view it on GitHub
#12400 (comment).

Ping @crosbymichael @LK4D4 this is what I was thinking was related to your
state on shutdown pr

On Wednesday, April 15, 2015, Jessica Frazelle jess@docker.com wrote:

Ah I see well we do this on all master builds for all the graph drivers so
it's ok if it succeeds on vfs without the patch I'll test personally to
make sure it works w overlay before merging :)

But if we have a test then the overlay master build will fail on Jenkins
if we ever have a regression

On Wednesday, April 15, 2015, Lei Jitang <notifications@github.com
javascript:_e(%7B%7D,'cvml','notifications@github.com');> wrote:

ping @jfrazelle https://github.com/jfrazelle @cpuguy83
https://github.com/cpuguy83 add a test, can we run the test with --storage-driver=overlay
or devicemapper on Jenkins? The default graphdriver vfs will not trigger
the problem

—
Reply to this email directly or view it on GitHub
#12400 (comment).

Can you PTAL at #12423 and see if it solves this for you

On Wednesday, April 15, 2015, Jessica Frazelle jess@docker.com wrote:

Ping @crosbymichael @LK4D4 this is what I was thinking was related to
your state on shutdown pr

On Wednesday, April 15, 2015, Jessica Frazelle <jess@docker.com
javascript:_e(%7B%7D,'cvml','jess@docker.com');> wrote:

Ah I see well we do this on all master builds for all the graph drivers
so it's ok if it succeeds on vfs without the patch I'll test personally to
make sure it works w overlay before merging :)

But if we have a test then the overlay master build will fail on Jenkins
if we ever have a regression

On Wednesday, April 15, 2015, Lei Jitang notifications@github.com
wrote:

ping @jfrazelle https://github.com/jfrazelle @cpuguy83
https://github.com/cpuguy83 add a test, can we run the test with --storage-driver=overlay
or devicemapper on Jenkins? The default graphdriver vfs will not
trigger the problem

—
Reply to this email directly or view it on GitHub
#12400 (comment).

@jfrazelle I have tested, #12423 can't solve this, it solve a different problem

This one is to ensure the container is cleanuped (unmount the rootfs of the container) on docker daemon shutdown.

ping @jfrazelle @cpuguy83

In some other refactoring here @estesp and I felt like we should bump this engine wait to something significantly higher.
Reason being is that it may take longer than 10s (or even 15s) to clean up the containers.
If it is taking too long than the user can send 2 more TERMs (or INTs) to the daemon to forcibly stop it, or they can just wait for the timeout.

So if we set the timeout really high it shouldn't really hurt anything.
I believe the reason we are only ever sending TERM to the containers on shutdown is to make sure we aren't just killing them... but I suppose these need to be handled at some point anyway.

@cpuguy83

Reason being is that it may take longer than 10s (or even 15s) to clean up the containers.
If it is taking too long than the user can send 2 more TERMs (or INTs) to the daemon to forcibly stop it,

My fix is to use c.Stop(10); to stop the container , it will send the SIGTERM to container and wait 10 seconds, if the container failed to exit in 10 seconds then send SIGINT to container.

So if we set the timeout really high it shouldn't really hurt anything.
I believe the reason we are only ever sending TERM to the containers on shutdown is to make sure we aren't just killing them... but I suppose these need to be handled at some point anyway.

But just set the timeout really high may not work for some container in interactive(with -it) mode . I have test local, I set the timeout to 60 seconds and start a container with -ti, docker run -ti busybox , then I shutdown the daemon, but the container can't stop in 60 seconds. So I think send SIGTERM to container and wait for seconds and if not exited, then send SIGKILL to container is a much more reasonable way.

ping @jfrazelle @cpuguy83 @LK4D4 WDYT?

I think this is a dup of #11988, which was closed yesterday because we don't want to SIGKILL containers on daemon exit.

Hmm, but it will wait for 10 seconds. I dunno, you will kill them anyway with killing their parent - docker.

Design seems legit for me, it is basically the same, but more understandable and secure.
ping @docker/core-maintainers

@LK4D4 what about comments of @unclejack and others from the other PR (for example: #11988 (comment)) that in some cases it is potentially very bad to SIGKILL, even after waiting and finding the container unresponsive? However, it seems like the problem of "un-cleaned up" container rootFS's needs to be fixed--this PR seems to fix it cleanly, but still leaves open the window of opportunity for a container with a long-shutdown cycle (closing a ton of connections, performing a significantly large store-to-disk operation, etc.) to be unceremoniously killed in the middle of what would be a reasonable shutdown if the timeout didn't exist. As @cpuguy83 we thought about making the timeout much larger to accommodate, but even that is hacky in the case that it is unpredictable how much time is required.

by the way..with engine gone, this PR needs a rebase to not use engine.

@estesp I'm not sure what will be with that processes without parent. I think they probably will just die. I'll try tomorrow.

@rohansingh I think separate will be easier.

LGTM

update as @LK4D4 's suggestion

Also I believe this closes #7086

Also needs another rebase. :(

@rohansingh @LK4D4 I opened a PR here for increasing upstart kill timeout: #13359

@cpuguy83 rebased

TestLogsFollowGoroutinesWithStdout failed on windows jenkins, I think it's unrelated

@coolljt0725 I added this to the 1.7 milestone, could you rebase the PR (again .. )?

ping @LK4D4 @jfrazelle @thaJeztah rebased

ping @cpuguy83 @LK4D4 @jfrazelle @thaJeztah any new about this?

Still LGTM

LGTM. Merging 🤘

cherry-picked