7

It has been stated that:

The shim allows for daemonless containers. It basically sits as the parent of the container's process to facilitate a few things.

It keeps the STDIO and other fds open for the container incase containerd and/or docker both die. If the shim was not running then the parent side of the pipes or the TTY master would be closed and the container would exit.

However from a process level, it appears that containerd spawns containerd-shim, so if containerd is down I would expect containerd-shim to go down too.

Can someone explain how containerd-shim can remain up if containerd/docker are down?

$ ps fxa | grep dockerd -A 3

     PID TTY      STAT   TIME COMMAND
 43449 pts/2    S+     0:00              \_ grep dockerd -A 3
117536 ?        Ssl  163:36 /usr/bin/containerd
 93633 ?        Sl     1:01  \_ containerd-shim -namespace moby -workdir /var/lib/containerd/io.containerd.runtime.v1.linux/moby/8f75a1b32bb09611430ea55958b11a482b6c83ba2a75f7ca727301eb49a2770f -address /run/containerd/containerd.sock -containerd-binary /usr/bin/containerd -runtime-root /var/run/docker/runtime-runc

$ pstree -lpTs
systemd(1)─┬─VGAuthService(45146)
           ├─accounts-daemon(1053)
           ├─agetty(104696)
           ├─agetty(104707)
           ├─agetty(104716)
           ├─atd(993)
           ├─containerd(117536)─┬─containerd-shim(8394)─┬─bash(8969)
           │                    │                       └─sh(8420)─┬─sshd(8512)
           │                    │                                  └─tail(8514)
           │                    ├─containerd-shim(13170)───bash(13198)
           │                    ├─containerd-shim(13545)───portainer(13577)
           │                    ├─containerd-shim(14156)───mysqld(14184)

...
 ├─dockerd(42320)─┬─docker-proxy(42700)
           │                ├─docker-proxy(42713)
           │                ├─docker-proxy(42725)
           │                ├─docker-proxy(42736)
           │                └─docker-proxy(42749)

UPDATE: Based on the explanation provided in the accepted answer: 

$ pstree -lpTs
systemd(1)─┬─VGAuthService(45146)
           ├─accounts-daemon(1053)
           ├─agetty(104696)
           ├─agetty(104707)
           ├─agetty(104716)
           ├─atd(993)
           ├─containerd(117536)─┬─containerd-shim(8394)─┬─bash(8969)
           │                    │                       └─sh(8420)─┬─sshd(8512)
           │                    │                                  └─tail(8514)
           │                    ├─containerd-shim(13170)───bash(13198)
           │                    ├─containerd-shim(13545)───portainer(13577)
           │                    ├─containerd-shim(14156)───mysqld(14184)

$ sudo kill -9 117536

$ pstree -lpTs
systemd(1)─┬─VGAuthService(45146)
           ├─accounts-daemon(1053)
           ├─agetty(104696)
           ├─agetty(104707)
           ├─agetty(104716)
           ├─atd(993)
           ├─containerd-shim(8394)─┬─bash(8969)
           │                       └─sh(8420)─┬─sshd(8512)
           │                                  └─tail(8514)
           ├─containerd-shim(13170)───bash(13198)
           ├─containerd-shim(13545)───portainer(13577)
           ├─containerd-shim(14156)───mysqld(14184)
user
  • 493
  • 6
  • 13

1 Answers1

7

However from a process level, it appears that containerd spawns containerd-shim, so if containerd is down I would expect containerd-shim to go down too.

Child processes don't automatically die when their parent dies, they are simply re-parented to PID 1. systemd takes over as parent and containerd-shim continues running.

John Kugelman
  • 349,597
  • 67
  • 533
  • 578