1302167 – When stopping httpd container that be startd via kubernetes with "docker kill" on the node, it fails to automatically re-start the container.

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1302167 - When stopping httpd container that be startd via kubernetes with "docker kill" on the node, it fails to automatically re-start the container.

Summary: When stopping httpd container that be startd via kubernetes with "docker kill...

Keywords:
Status:	CLOSED NOTABUG
Alias:	None
Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	docker
Sub Component:
Version:	7.2
Hardware:	x86_64
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	rc
Target Release:	---
Assignee:	Daniel Walsh
QA Contact:	atomic-bugs@redhat.com
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2016-01-27 01:26 UTC by kyoneyama
Modified:	2019-09-12 09:51 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2016-06-03 19:07:31 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Description kyoneyama 2016-01-27 01:26:01 UTC

Description of problem:

When stopping httpd container that be startd via kubernetes with "docker kill" on the node, it fails to automatically re-start the container by recovery of kubernetes.


I commited the failed container, and I looked at the error_log file that has been recorded in the container. Then, httpd digest authentication module causes the error.

  # docker ps -f status=exited
  # docker commit <container id> test
  # docker run -it --rm --entrypoint=/bin/bash test
  
    # cat /var/log/httpd/error_log
    [root@ec2ae5cc6ccb httpd]# cat error_log 
    [Tue Jan 19 01:05:17.409548 2016] [suexec:notice] [pid 1] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
    AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 10.20.66.32. Set the 'ServerName' directive globally to suppress this message
    [Tue Jan 19 01:05:17.423792 2016] [auth_digest:notice] [pid 1] AH01757: generating secret for digest authentication ...
    [Tue Jan 19 01:05:17.424578 2016] [auth_digest:error] [pid 1] (17)File exists: AH01762: Failed to create shared memory segment on file /run/httpd/authdigest_shm.1
    [Tue Jan 19 01:05:17.424606 2016] [auth_digest:error] [pid 1] (17)File exists: AH01760: failed to initialize shm - all nonce-count checking, one-time nonces, and MD5-sess algorithm disabled
    [Tue Jan 19 01:05:17.424611 2016] [:emerg] [pid 1] AH00020: Configuration Failed, exiting


Version-Release number of selected component (if applicable):

  Master:
  - kubernetes-1.0.3-0.2.gitb9a88a7.el7.
  - etcd-2.1.1-2.el7.x86_64

  Node:
  - kernel-3.10.0-327.3.1.el7
  - kubernetes-1.0.3-0.2.gitb9a88a7.el7
  - docker-1.8.2-10.el7

How reproducible:

Always

Steps to Reproduce:

-Configuration

  --- simpleweb-service.yml ---
  apiVersion: v1beta3
  kind: Service
  metadata:
    labels:
      name: simpleweb
    name: simpleweb-service
    namespace: default
  spec:
    ports:
    - port: 80
    selector:
      name: simpleweb

  --- simpleweb-rc.yml ---
  apiVersion: v1beta3
  kind: ReplicationController
  metadata:
    name: simpleweb-controller
  spec:
    replicas: 1
    selector:
      name: simpleweb
    template:
      spec:
        containers:
        - name: simpleweb
          image: simpleweb-image
          ports:
          - containerPort: 80
            hostPort: 80
      metadata:
        labels:
          name: simleweb
        selectorname: simpleweb
    labels:
      name: simpleweb


  --- Dockerfile ---
  FROM rhel7:latest
  USER root
  
  # Fix per https://bugzilla.redhat.com/show_bug.cgi?id=1192200 
  RUN yum -y install deltarpm yum-utils --disablerepo=*
  RUN yum-config-manager --disable *-eus-* *-htb-* *-ha-* *-rt-* *-lb-* *-rs-* *-sap-* > /dev/null
  
  # Update image
  RUN yum update -y
  RUN yum install httpd -y
  
  # Add httpd app and configuration
  RUN echo "The Web Server is Running" > /var/www/html/index.html
  EXPOSE 80
  
  # Start the service
  CMD ["-D", "FOREGROUND"]
  ENTRYPOINT ["/usr/sbin/httpd"]


-Reproducer

  1. (Node) Build httpd container
    # cp Dockerfile simpleweb/
    # docker build -t simpleweb-image simpleweb/

  2. (Master) Run httpd container via kubernetes
    # kubectl create -f simpleweb-service.yml
    # kubectl create -f simpleweb-rc.yml
    # kubectl get pod -w

  3. (Node) Stop the container

    (OK)
    # docker stop <simpleweb container id>
    # docker ps | grep simpleweb
    # docker ps -f status=exited | grep simpleweb

    (NG)
    # docker kill <simpleweb container id>
    # docker ps | grep simpleweb
    # docker ps -f status=exited | grep simpleweb


Actual results:

httpd container stops immediately.

Expected results:

httpd container continues running.


Additional info:

- Since it does not reproduce in httpd container based on RHEL6, it seems that the httpd container based on RHEL7 only problem.

- A workaround is adding "VOLUME /run" in the Dockerfile.

Comment 2 Daniel Walsh 2016-02-22 21:19:10 UTC

I don't see how this is a docker or k8s problem, Seems to be more of a bug about httpd running inside of a container.  I would prefer to use --tmpfs mounted on /run, although docker has pulled the code to handle this correctly.

Note You need to log in before you can comment on or make changes to this bug.