mirror of https://github.com/containers/podman.git
f7c8fd8a3d
runc uses CRIU to support checkpoint and restore of containers. This brings an initial checkpoint/restore implementation to podman. None of the additional runc flags are yet supported and container migration optimization (pre-copy/post-copy) is also left for the future. The current status is that it is possible to checkpoint and restore a container. I am testing on RHEL-7.x and as the combination of RHEL-7 and CRIU has seccomp troubles I have to create the container without seccomp. With the following steps I am able to checkpoint and restore a container: # podman run --security-opt="seccomp=unconfined" -d registry.fedoraproject.org/f27/httpd # curl -I 10.22.0.78:8080 HTTP/1.1 403 Forbidden # <-- this is actually a good answer # podman container checkpoint <container> # curl -I 10.22.0.78:8080 curl: (7) Failed connect to 10.22.0.78:8080; No route to host # podman container restore <container> # curl -I 10.22.0.78:8080 HTTP/1.1 403 Forbidden I am using CRIU, runc and conmon from git. All required changes for checkpoint/restore support in podman have been merged in the corresponding projects. To have the same IP address in the restored container as before checkpointing, CNI is told which IP address to use. If the saved network configuration cannot be found during restore, the container is restored with a new IP address. For CRIU to restore established TCP connections the IP address of the network namespace used for restore needs to be the same. For TCP connections in the listening state the IP address can change. During restore only one network interface with one IP address is handled correctly. Support to restore containers with more advanced network configuration will be implemented later. v2: * comment typo * print debug messages during cleanup of restore files * use createContainer() instead of createOCIContainer() * introduce helper CheckpointPath() * do not try to restore a container that is paused * use existing helper functions for cleanup * restructure code flow for better readability * do not try to restore if checkpoint/inventory.img is missing * git add checkpoint.go restore.go v3: * move checkpoint/restore under 'podman container' v4: * incorporated changes from latest reviews Signed-off-by: Adrian Reber <areber@redhat.com> |
||
|---|---|---|
| .. | ||
| common | ||
| driver | ||
| image | ||
| layers | ||
| testdata | ||
| boltdb_state.go | ||
| boltdb_state_internal.go | ||
| boltdb_state_linux.go | ||
| boltdb_state_unsupported.go | ||
| common_test.go | ||
| container.go | ||
| container_api.go | ||
| container_attach.go | ||
| container_commit.go | ||
| container_easyjson.go | ||
| container_graph.go | ||
| container_graph_test.go | ||
| container_inspect.go | ||
| container_internal.go | ||
| container_internal_linux.go | ||
| container_internal_test.go | ||
| container_internal_unsupported.go | ||
| container_linux.go | ||
| container_top_linux.go | ||
| container_top_unsupported.go | ||
| container_unsupported.go | ||
| diff.go | ||
| errors.go | ||
| in_memory_state.go | ||
| info.go | ||
| networking_linux.go | ||
| networking_unsupported.go | ||
| oci.go | ||
| oci_linux.go | ||
| oci_unsupported.go | ||
| options.go | ||
| pod.go | ||
| pod_api.go | ||
| pod_easyjson.go | ||
| pod_internal.go | ||
| pod_top_linux.go | ||
| pod_top_unsupported.go | ||
| runtime.go | ||
| runtime_ctr.go | ||
| runtime_img.go | ||
| runtime_img_test.go | ||
| runtime_pod.go | ||
| runtime_pod_infra_linux.go | ||
| runtime_pod_linux.go | ||
| runtime_pod_unsupported.go | ||
| state.go | ||
| state_test.go | ||
| stats.go | ||
| stats_config.go | ||
| stats_unsupported.go | ||
| storage.go | ||
| util.go | ||
| util_linux.go | ||
| util_test.go | ||
| util_unsupported.go | ||
| version.go | ||