If you have AutoFS mount inside the container, you need to know some tricks.
AutoFS migration is supported by CRIU starting from version ...
Another requirement is linux kernel with version 4.6 or higher.
CRIU supports both direct (offset) and indirect AutoFS mount points migration.
But CRIU reconstructs AutoFS mount point on restore with different device ID and root inode number. This leads to some limitations in migrating of Autofs.
The root of these limitations is that AutoFS master (process, serving AutoFS requests from kernel side) can save AutoFS mount point device ID (and root inode number) in its internals and then compare saved value(s) with received ones on each kernel request. If these values do not match, it can ignore the request. In user world it means that any access to such an AutoFS mount point will stuck.
Known Autofs masters:
systemd: AutoFS-based services
- Systemd saves AutoFS mount point device ID in its internals.
- Restart of the service solves this issue.
automount: Direct (offset) mounts
- Automount saves AutoFS mount point device ID and root inode number for direct (offset) monuts in its internals.
- Killing automount with SIGKILL and restarting it solves this issue.
systemd-autofs-restart.sh action script was introduced. It can be found in
scripts directory in CRIU sources.
This script is aimed to be used with CRIU option
--action-script on restore to fix the issue for those systemd services, which can be painlessly restarted.
It can be used like this:
criu restore ... --action-script /usr/libexec/criu/scripts/systemd-autofs-restart.sh
Currently, it only restarts one service,
proc-sys-fs-binfmt_misc.automount. Surely, it can be easily extended to support any other.
The logic of the script is the following:
- Mount aside the file system, located on top of autofs (if any)
- Restart systemd service
- Unmount new file system, appeared on top of restarted autofs (if any)
- Move original file system on top of autofs mount point
Please, note, that the sequence above works only for direct (offset) autofs mount points, when autofs mount point is being overmounted by the desired one. In case of indirect autofs mount point the content (any mounted file system) will be lost.
Tricks vs Mount namespaces without propagation
There is a problem with systemd service restart in case of nested mount namespaces without propagation from parent (with private mounts).
Nested mount namespace can have mount point with the same superblock, as the original mount point in parent mount namespace.
But after service restart it won't be like this anymore: mount point in master namespace will be changed, but not propagated to nested mount namespace. Moreover, mount point in nested mount namespace will become catatonic.
Thus, in case ot nested mount namespaces with disabled propagation one have to choose either:
- Do not run the script, but keep all the mounts structure as it was (and broken systemd autofs services),
- or use the script, but the price is catatonic autofs mounts in nested mount namespaces without propagation.