Changes

3,382 bytes added , 20 May

m

no edit summary

Line 1: Line 1: −

This article ~~describes the status~~ of CRIU integration with [https://podman.io/ Podman], ~~and how~~ to ~~use it~~.

+

This article provides an overview of CRIU integration with Podman and explains how to use it. For more detailed information on the available Podman options, please refer to the [https://podman.io/docs/checkpoint documentation] and [https://docs.podman.io/en/latest/markdown/podman-container-checkpoint.1.html man pages].

+

{{Note|Podman checkpoint/restore currently supports only root containers. Therefore, you have to run the example container as root.}}

== Container Checkpoint/Restore ==

Line 5: Line 7:

Podman supports checkpointing and restoring since version 0.10.1 (October 2018). This initial support only supports checkpointing and restoring containers on the same host:

−

# podman run -d --name looper busybox /bin/sh -c \

+

$ sudo podman run -d --name looper busybox /bin/sh -c \

'i=0; while true; do echo $i; i=$(expr $i + 1); sleep 1; done'

You can verify that the container is running by observing its logs:

−

# podman logs -l

+

$ sudo podman logs -l

Or by running <code>podman ps</code>.

Line 16: Line 18:

If you do this a few times you will notice that the integers are increasing. Now the container can be checkpointed:

−

# podman container checkpoint -l

+

$ sudo podman container checkpoint -l

Once the container is checkpointed it will be no longer visible in <code>podman ps</code>.

Line 22: Line 24:

The following command can be used to restore the container:

−

# podman container restore -l

+

$ sudo podman container restore -l

Using <code>podman logs -l</code> or <code>podman ps</code> it can be verified that the container was restored and that it continued running from the point in time when it was checkpointed.

Line 36: Line 38:

To be actually able to migrate a container from one system to another at least Podman version 1.4.0 (June 2019) is required. With version 1.4.0 Podman is now able to export a complete checkpoint which can then be transferred:

−

# podman run -d --name looper busybox /bin/sh -c \

+

$ sudo podman run -d --name looper busybox /bin/sh -c \

'i=0; while true; do echo $i; i=$(expr $i + 1); sleep 1; done'

−

# podman container checkpoint -l --export=/tmp/chkpt.tar.gz

+

$ sudo podman container checkpoint -l --export=/tmp/chkpt.tar.gz

−

# scp /tmp/chkpt.tar.gz <destination-host>:/tmp

+

$ sudo scp /tmp/chkpt.tar.gz <destination-host>:/tmp

Once the checkpoint archive has been transferred to the destination system the container can there be restored from the checkpoint archive:

−

# podman container restore --import=/tmp/chkpt.tar.gz

+

$ sudo podman container restore --import=/tmp/chkpt.tar.gz

Now the container continues to run from the same point where it was previously checkpointed on the source system.

Line 49: Line 51:

From a checkpoint archive it is also possible to restore multiple copies of a container with different names:

−

# podman container restore --import=/tmp/chkpt.tar.gz -n looper1

+

$ sudo podman container restore --import=/tmp/chkpt.tar.gz -n looper1

−

# podman container restore --import=/tmp/chkpt.tar.gz -n looper2

+

$ sudo podman container restore --import=/tmp/chkpt.tar.gz -n looper2

−

# podman container restore --import=/tmp/chkpt.tar.gz -n looper3

+

$ sudo podman container restore --import=/tmp/chkpt.tar.gz -n looper3

Each of these restored containers will be running from the point in time the container was checkpointed.

−

One important limitation is that the container cannot modify the file-system. If a container modifies the file-system, these modified directories either have to be mounted into the container (<code>-v</code>) or these directories have to be marked as <code>--tmpfs</code>.

This requires at least CRIU 3.12 (3.13 for full SELinux support).

Line 63: Line 63:

* https://asciinema.org/a/249918

* https://asciinema.org/a/249922

+

== Checkpoint Images ==

+

In addition to the standard checkpoint/restore functionality described above, Podman supports checkpoint images to enable container migration across multiple systems with standard image distribution infrastructure (container registry).

+

A checkpoint image can be created with the <code>--create-image <image></code> option <code>podman container checkpoint</code>. This option instructs Podman to create a standard OCI container image with a single layer that contains all checkpoint files.

+

Example:

+

$ sudo podman run -d --name looper busybox /bin/sh -c 'i=0; while true; do echo $i; i=$(expr $i + 1); sleep 1; done'

+

$ sudo podman container checkpoint --create-image checkpoint-image-1 looper

+

You can verify that the image has been created as follows:

+

$ sudo podman image ls

+

You can restore a container from checkpoint image as follows:

+

$ sudo podman container restore <image>

+

Example:

+

$ sudo podman container restore checkpoint-image-1

+

Note that creating a checkpoint would not remove the container and it is not possible to have two containers with the same name. Thus, it might be necessary to restore the container with a different name:

+

$ sudo podman container restore --name looper-2 checkpoint-image-1

+

Or to remove the existing container before restore:

+

$ sudo podman rm looper

+

A checkpoint image can be pushed to a container registry:

+

$ sudo podman login quay.io

+

$ sudo podman container checkpoint --create-image quay.io/<username>/<reponame> looper

+

$ sudo podman push quay.io/<username>/<reponame>

+

The content of the image layer is in the same format as a checkpoint archive created with the <code>--export</code> option.

+

This allows to be exported locally with <code>podman image save</code> and restored with the <code>--import</code> option.

+

In addition, checkpoint images can be inspected with <code>podman inspect</code>. Inspecting a checkpoint image would display additional information, stored as annotations, about the host environment used to do the checkpoint.

+

And pulled and restored on a different system:

+

$ sudo podman pull quay.io/<username>/<reponame>

+

$ sudo podman container restore quay.io/<username>/<reponame>

+

Restoring multiple containers at the same time can be achieved as follows:

+

$ sudo podman run -d --name looper-1 busybox /bin/sh -c 'i=0; while true; do echo $i; i=$(expr $i + 1); sleep 1; done'

+

$ sudo podman run -d --name looper-2 busybox /bin/sh -c 'i=0; while true; do echo $i; i=$(expr $i + 1); sleep 1; done'

+

$ sudo podman container checkpoint --create-image checkpoint-1 looper-1

+

$ sudo podman container checkpoint --create-image checkpoint-2 looper-2

+

$ sudo podman rm looper-1 looper-2

+

$ sudo podman container restore checkpoint-1 checkpoint-2

+

== Container Pre-Checkpointing ==

+

The following example demonstrates how to use Podman's pre-checkpoint feature:

+

$ sudo podman run -d --name looper busybox /bin/sh -c 'i=0; while true; do echo $i; i=$(expr $i + 1); sleep 1; done'

+

$ sudo podman container checkpoint --pre-checkpoint -l -e /tmp/pre.tar

+

$ sudo podman container checkpoint --with-previous --export /tmp/test.tar.gz -l

+

$ sudo podman rm -l

+

$ sudo podman container restore --import /tmp/test.tar.gz --import-previous /tmp/pre.tar

Radostin

509

edits

Changes

Podman (edit)

Revision as of 17:05, 20 May 2025