Difference between revisions of "LXC"

From CRIU
Jump to navigation Jump to search
 
(8 intermediate revisions by 4 users not shown)
Line 5: Line 5:
 
== Checkpointing and restoring a container ==
 
== Checkpointing and restoring a container ==
  
LXC upstream has begun to integrate checkpoint/restore support through the lxc-checkpoint tool. Although this functionality is not in any released version of LXC yet, you can check out the development version on Ubuntu by doing:
+
LXC upstream has begun to integrate checkpoint/restore support through the lxc-checkpoint tool. This functionality has been in the recent released version of LXC---LXC 1.1.0 , you can install the LXC 1.1.0 or you can check out the development version on Ubuntu by doing:  
 
+
<source lang="bash">
<pre>
 
 
sudo add-apt-repository ppa:ubuntu-lxc/daily
 
sudo add-apt-repository ppa:ubuntu-lxc/daily
 
sudo apt-get update
 
sudo apt-get update
 
sudo apt-get install lxc
 
sudo apt-get install lxc
</pre>
+
</source>
  
 
Next, create a container:
 
Next, create a container:
  
<pre>
+
<source lang="bash">
sudo lxc-create -t ubuntu -n u1 -- -r trusty -a amd64
+
sudo lxc-create -t ubuntu -n u1 -- -r trusty -a amd64
</pre>
+
</source>
  
 
And add the following lines (as above) to its config:
 
And add the following lines (as above) to its config:
  
<pre>
+
<source lang="bash">
 
cat | sudo tee -a /var/lib/lxc/u1/config << EOF
 
cat | sudo tee -a /var/lib/lxc/u1/config << EOF
 
# hax for criu
 
# hax for criu
lxc.console = none
+
lxc.console.path = none
lxc.tty = 0
+
lxc.tty.max = 0
 
lxc.cgroup.devices.deny = c 5:1 rwm
 
lxc.cgroup.devices.deny = c 5:1 rwm
 +
# on older lxc comment the above and uncomment the below
 +
# lxc.console = none
 +
# lxc.tty = 0
 +
# lxc.cgroup.devices.deny = c 5:1 rwm
 
EOF
 
EOF
</pre>
+
</source>
  
 
Finally, start, and checkpoint the container:
 
Finally, start, and checkpoint the container:
  
<pre>
+
<source lang="bash">
 
sudo lxc-start -n u1
 
sudo lxc-start -n u1
 
sleep 5s  # let the container get to a more interesting state
 
sleep 5s  # let the container get to a more interesting state
 
sudo lxc-checkpoint -s -D /tmp/checkpoint -n u1
 
sudo lxc-checkpoint -s -D /tmp/checkpoint -n u1
</pre>
+
</source>
  
 
At this point, the container's state is stored in /tmp/checkpoint, and the filesystem is in /var/lib/lxc/u1/rootfs. You can restore the container by doing:
 
At this point, the container's state is stored in /tmp/checkpoint, and the filesystem is in /var/lib/lxc/u1/rootfs. You can restore the container by doing:
  
<pre>
+
<source lang="bash">
 
sudo lxc-checkpoint -r -D /tmp/checkpoint -n u1
 
sudo lxc-checkpoint -r -D /tmp/checkpoint -n u1
</pre>
+
</source>
  
 
And then, get your container's IP and ssh in:
 
And then, get your container's IP and ssh in:
  
<pre>
+
<source lang="bash">
 
ssh ubuntu@$(sudo lxc-info -i -H -n u1)
 
ssh ubuntu@$(sudo lxc-info -i -H -n u1)
</pre>
+
</source>
  
===Troubleshooting===
+
== Troubleshooting ==
* <pre>Error (sk-netlink.c:77): The socket has data to read</pre>
 
Netlink sockets with pending messages are not supported. Usually if you run the dump again it will succeed.
 
 
   
 
   
* <pre>Error (mount.c:805): fusectl isn't empty: 8388625.</pre>
+
=== Error (mount.c:805): fusectl isn't empty: 8388625 ===
Dumping of fuse filesystems is currently not supported. Empty the container's /sys/fs/fuse/connections and try again.
+
 
 +
Dumping of fuse filesystems is currently not supported. Empty the container's <code>/sys/fs/fuse/connections</code> and try again.
 +
 
 +
=== Error (mount.c:517): Mount 58 (master_id: 12 shared_id: 0) has unreachable sharing ===
 +
 
 +
CRIU doesn't yet support shared mountpoints as LXC does; make sure your rootfs is on a non-shared mount.
 +
 
 +
== External links ==
  
* <pre>Error (mount.c:517): Mount 58 (master_id: 12 shared_id: 0) has unreachable sharing</pre>
+
* [https://www.youtube.com/watch?v=a9T2gcnQg2k&feature=youtu.be&t=18m8s The New New Thing: Turning Docker Tech into a Full Speed Hypervisor] - Talk of Tycho Andersen with demo of migration LXC container with Doom inside
criu doesn't yet support shared mountpoints as lxc does; make sure your rootfs is on a non-shared mount.
+
* [https://github.com/tych0/presentations/blob/master/ods2014.md Demo script]
  
 
[[Category: HOWTO]]
 
[[Category: HOWTO]]
 +
[[Category: Live migration]]

Latest revision as of 04:33, 1 July 2024

Requirements[edit]

You should have built and installed a recent (>= 1.3.1) version of CRIU.

Checkpointing and restoring a container[edit]

LXC upstream has begun to integrate checkpoint/restore support through the lxc-checkpoint tool. This functionality has been in the recent released version of LXC---LXC 1.1.0 , you can install the LXC 1.1.0 or you can check out the development version on Ubuntu by doing:

sudo add-apt-repository ppa:ubuntu-lxc/daily
sudo apt-get update
sudo apt-get install lxc

Next, create a container:

 sudo lxc-create -t ubuntu -n u1 -- -r trusty -a amd64

And add the following lines (as above) to its config:

cat | sudo tee -a /var/lib/lxc/u1/config << EOF
# hax for criu
lxc.console.path = none
lxc.tty.max = 0
lxc.cgroup.devices.deny = c 5:1 rwm
# on older lxc comment the above and uncomment the below
# lxc.console = none
# lxc.tty = 0
# lxc.cgroup.devices.deny = c 5:1 rwm
EOF

Finally, start, and checkpoint the container:

sudo lxc-start -n u1
sleep 5s  # let the container get to a more interesting state
sudo lxc-checkpoint -s -D /tmp/checkpoint -n u1

At this point, the container's state is stored in /tmp/checkpoint, and the filesystem is in /var/lib/lxc/u1/rootfs. You can restore the container by doing:

sudo lxc-checkpoint -r -D /tmp/checkpoint -n u1

And then, get your container's IP and ssh in:

ssh ubuntu@$(sudo lxc-info -i -H -n u1)

Troubleshooting[edit]

Error (mount.c:805): fusectl isn't empty: 8388625[edit]

Dumping of fuse filesystems is currently not supported. Empty the container's /sys/fs/fuse/connections and try again.

Error (mount.c:517): Mount 58 (master_id: 12 shared_id: 0) has unreachable sharing[edit]

CRIU doesn't yet support shared mountpoints as LXC does; make sure your rootfs is on a non-shared mount.

External links[edit]