Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1430905

Summary: Terminal connections persist after navigating away
Product: Red Hat Enterprise Linux 7 Reporter: Seth Jennings <sjenning>
Component: dockerAssignee: Antonio Murdaca <amurdaca>
Status: CLOSED ERRATA QA Contact: atomic-bugs <atomic-bugs>
Severity: medium Docs Contact:
Priority: medium    
Version: 7.3CC: agoldste, amurdaca, aos-bugs, decarr, dwalsh, jokerman, jupierce, lsm5, mmccomas
Target Milestone: rcKeywords: Extras, UpcomingRelease
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: docker-2:1.12.6-50.git0fdc778 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 1392034 Environment:
Last Closed: 2017-09-05 10:35:14 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1392034    

Description Seth Jennings 2017-03-09 20:16:44 UTC 
Requesting backport of https://github.com/docker/docker/pull/27470 to docker 1.12 so we can plumb through the functionality needed to kill exec'ed processes in the container in OpenShift.

+++ This bug was initially created as a clone of Bug #1392034 +++

Description of problem:
Each time a terminal connection is opened through the web console, a /bin/sh session is left behind in the pod. These connections build up over time and do not appear to terminate.

Version-Release number of selected component (if applicable):
v3.3.0.32

How reproducible:
100%

Steps to Reproduce:
1. Navigate to the Terminal tab of a pod
2. At the prompt enter: $ ps faux
3. Count the number of /bin/sh instances
4. Reload the browser page
5. Navigate again to the Terminal tab the pod
6. Run ps again: $ ps faux
7. Note that the number of /bin/sh instances have increased by 1


Actual results:
/bin/sh instances increase each time the web console establish a new Terminal connection.

Expected results:
Some mechanism to ensure these /bin/sh instances do not build up over time.

Additional info:

--- Additional comment from Andy Goldstein on 2016-11-04 12:23:58 EDT ---

Blocked until https://github.com/docker/docker/pull/27470 is in a version of docker we have access to *and* we've updated kube/openshift to use this new docker feature.

--- Additional comment from Justin Pierce on 2016-11-04 14:17:20 EDT ---

Perhaps you have considered it already, but if all you need is the pid, why not use the exec websocket to emulate stdout < echo "THIS IS THE SH PID($$)" ?

You could await a line with that pattern and extract the PID. The web console user would not need to see this output line.

--- Additional comment from Andy Goldstein on 2016-11-04 14:19:37 EDT ---

There is no mechanism for an external client such as the web console to send a "kill pid <x>" request. This has to be managed by the component responsible for spawning the exec session, which is currently the node.

--- Additional comment from Justin Pierce on 2016-11-04 14:51:35 EDT ---

Just so I'm clear, why wouldn't another exec API call do the job?   ...exec?command=kill&command=-9&command=[pid]&...

This appears to work in my environment.

--- Additional comment from Andy Goldstein on 2016-11-04 14:55:59 EDT ---

Yes, you could do that, but you shouldn't have to.

--- Additional comment from Jessica Forrester on 2016-12-07 16:38:18 EST ---

Andy is there anything the UI will actually need to do for this or is kube going to handle killing the PID that was launched for the exec when the exec closes?  Should I just transfer this bug to you guys?

--- Additional comment from Andy Goldstein on 2016-12-07 16:40:24 EST ---

Yeah, I would send this to Derek's team.

--- Additional comment from Seth Jennings on 2017-01-04 14:14:48 EST ---

FYI https://github.com/docker/docker/pull/27470 has merged targeted for docker 1.13.

--- Additional comment from Derek Carr on 2017-01-18 10:57:00 EST ---

marked upcoming release as we wait for docker 1.13

--- Additional comment from Seth Jennings on 2017-03-09 14:44:27 EST ---

still waiting on docker 1.13
Comment 2 Derek Carr 2017-04-12 14:47:49 UTC 
any update on this?
Comment 3 Daniel Walsh 2017-04-13 18:43:46 UTC 
We have docker-latest at 1.13 in rhel7.3.4, the question is will OpenSHift/k8s be able to run on docker-1.13 by default in rhel7.3.5?  Or do you want us to back port this fix if possible to docker-1.12?
Comment 6 Daniel Walsh 2017-06-02 18:24:47 UTC 
Antonio can you look into this?
Comment 7 Antonio Murdaca 2017-06-02 18:37:53 UTC 
Yup, I'm trying to backport the fix as we speak (Jhon pinged me also). Just note backport isn't trivial.
Comment 8 Antonio Murdaca 2017-06-03 10:06:47 UTC 
Backported to docker-1.12.6, make sure to rebuild containerd from latest commit in projectatomic/containerd @ docker-1.12.6 branch (cause the backport is both docker and containerd).

docker: https://github.com/projectatomic/docker/commit/3a6eaeb209498521fc875d9f0b0e3b09d1e8ab6c
containerd: https://github.com/projectatomic/containerd/commit/a31a1e73c1fa649253d5a4471403523ee084869f

Did a smoke test as well and verified the exec'd pid is exposed through the REST API at "/exec/{ execID }/json" (you just need to gather _execID_ from docker inspect as described in the original upstream PR).
Comment 11 errata-xmlrpc 2017-09-05 10:35:14 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2017:2599