Difference between revisions of "Podman"
m (Add note about root containers) |
|||
| (3 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
| − | This article | + | This article provides an overview of CRIU integration with Podman and explains how to use it. For more detailed information on the available Podman options, please refer to the [https://podman.io/docs/checkpoint documentation] and [https://docs.podman.io/en/latest/markdown/podman-container-checkpoint.1.html man pages]. |
| + | |||
| + | {{Note|Podman checkpoint/restore currently supports only root containers. Therefore, you have to run the example container as root.}} | ||
== Container Checkpoint/Restore == | == Container Checkpoint/Restore == | ||
| Line 5: | Line 7: | ||
Podman supports checkpointing and restoring since version 0.10.1 (October 2018). This initial support only supports checkpointing and restoring containers on the same host: | Podman supports checkpointing and restoring since version 0.10.1 (October 2018). This initial support only supports checkpointing and restoring containers on the same host: | ||
| − | + | $ sudo podman run -d --name looper busybox /bin/sh -c \ | |
'i=0; while true; do echo $i; i=$(expr $i + 1); sleep 1; done' | 'i=0; while true; do echo $i; i=$(expr $i + 1); sleep 1; done' | ||
You can verify that the container is running by observing its logs: | You can verify that the container is running by observing its logs: | ||
| − | + | $ sudo podman logs -l | |
Or by running <code>podman ps</code>. | Or by running <code>podman ps</code>. | ||
| Line 16: | Line 18: | ||
If you do this a few times you will notice that the integers are increasing. Now the container can be checkpointed: | If you do this a few times you will notice that the integers are increasing. Now the container can be checkpointed: | ||
| − | + | $ sudo podman container checkpoint -l | |
Once the container is checkpointed it will be no longer visible in <code>podman ps</code>. | Once the container is checkpointed it will be no longer visible in <code>podman ps</code>. | ||
| Line 22: | Line 24: | ||
The following command can be used to restore the container: | The following command can be used to restore the container: | ||
| − | + | $ sudo podman container restore -l | |
Using <code>podman logs -l</code> or <code>podman ps</code> it can be verified that the container was restored and that it continued running from the point in time when it was checkpointed. | Using <code>podman logs -l</code> or <code>podman ps</code> it can be verified that the container was restored and that it continued running from the point in time when it was checkpointed. | ||
| Line 36: | Line 38: | ||
To be actually able to migrate a container from one system to another at least Podman version 1.4.0 (June 2019) is required. With version 1.4.0 Podman is now able to export a complete checkpoint which can then be transferred: | To be actually able to migrate a container from one system to another at least Podman version 1.4.0 (June 2019) is required. With version 1.4.0 Podman is now able to export a complete checkpoint which can then be transferred: | ||
| − | + | $ sudo podman run -d --name looper busybox /bin/sh -c \ | |
'i=0; while true; do echo $i; i=$(expr $i + 1); sleep 1; done' | 'i=0; while true; do echo $i; i=$(expr $i + 1); sleep 1; done' | ||
| − | + | $ sudo podman container checkpoint -l --export=/tmp/chkpt.tar.gz | |
| − | + | $ sudo scp /tmp/chkpt.tar.gz <destination-host>:/tmp | |
Once the checkpoint archive has been transferred to the destination system the container can there be restored from the checkpoint archive: | Once the checkpoint archive has been transferred to the destination system the container can there be restored from the checkpoint archive: | ||
| − | + | $ sudo podman container restore --import=/tmp/chkpt.tar.gz | |
Now the container continues to run from the same point where it was previously checkpointed on the source system. | Now the container continues to run from the same point where it was previously checkpointed on the source system. | ||
| Line 49: | Line 51: | ||
From a checkpoint archive it is also possible to restore multiple copies of a container with different names: | From a checkpoint archive it is also possible to restore multiple copies of a container with different names: | ||
| − | + | $ sudo podman container restore --import=/tmp/chkpt.tar.gz -n looper1 | |
| − | + | $ sudo podman container restore --import=/tmp/chkpt.tar.gz -n looper2 | |
| − | + | $ sudo podman container restore --import=/tmp/chkpt.tar.gz -n looper3 | |
Each of these restored containers will be running from the point in time the container was checkpointed. | Each of these restored containers will be running from the point in time the container was checkpointed. | ||
| Line 70: | Line 72: | ||
Example: | Example: | ||
| − | + | $ sudo podman run -d --name looper busybox /bin/sh -c 'i=0; while true; do echo $i; i=$(expr $i + 1); sleep 1; done' | |
| − | + | $ sudo podman container checkpoint --create-image checkpoint-image-1 looper | |
You can verify that the image has been created as follows: | You can verify that the image has been created as follows: | ||
| − | + | $ sudo podman image ls | |
You can restore a container from checkpoint image as follows: | You can restore a container from checkpoint image as follows: | ||
| − | + | $ sudo podman container restore <image> | |
Example: | Example: | ||
| − | + | $ sudo podman container restore checkpoint-image-1 | |
Note that creating a checkpoint would not remove the container and it is not possible to have two containers with the same name. Thus, it might be necessary to restore the container with a different name: | Note that creating a checkpoint would not remove the container and it is not possible to have two containers with the same name. Thus, it might be necessary to restore the container with a different name: | ||
| − | + | $ sudo podman container restore --name looper-2 checkpoint-image-1 | |
Or to remove the existing container before restore: | Or to remove the existing container before restore: | ||
| − | + | $ sudo podman rm looper | |
A checkpoint image can be pushed to a container registry: | A checkpoint image can be pushed to a container registry: | ||
| − | + | $ sudo podman login quay.io | |
| − | + | $ sudo podman container checkpoint --create-image quay.io/<username>/<reponame> looper | |
| − | + | $ sudo podman push quay.io/<username>/<reponame> | |
The content of the image layer is in the same format as a checkpoint archive created with the <code>--export</code> option. | The content of the image layer is in the same format as a checkpoint archive created with the <code>--export</code> option. | ||
| Line 106: | Line 108: | ||
And pulled and restored on a different system: | And pulled and restored on a different system: | ||
| − | + | $ sudo podman pull quay.io/<username>/<reponame> | |
| − | + | $ sudo podman container restore quay.io/<username>/<reponame> | |
| − | |||
Restoring multiple containers at the same time can be achieved as follows: | Restoring multiple containers at the same time can be achieved as follows: | ||
| − | + | $ sudo podman run -d --name looper-1 busybox /bin/sh -c 'i=0; while true; do echo $i; i=$(expr $i + 1); sleep 1; done' | |
| − | + | $ sudo podman run -d --name looper-2 busybox /bin/sh -c 'i=0; while true; do echo $i; i=$(expr $i + 1); sleep 1; done' | |
| − | + | $ sudo podman container checkpoint --create-image checkpoint-1 looper-1 | |
| − | + | $ sudo podman container checkpoint --create-image checkpoint-2 looper-2 | |
| − | + | $ sudo podman rm looper-1 looper-2 | |
| − | + | $ sudo podman container restore checkpoint-1 checkpoint-2 | |
Latest revision as of 16:36, 19 November 2024
This article provides an overview of CRIU integration with Podman and explains how to use it. For more detailed information on the available Podman options, please refer to the documentation and man pages.
|
Note: Podman checkpoint/restore currently supports only root containers. Therefore, you have to run the example container as root. |
Container Checkpoint/Restore[edit]
Podman supports checkpointing and restoring since version 0.10.1 (October 2018). This initial support only supports checkpointing and restoring containers on the same host:
$ sudo podman run -d --name looper busybox /bin/sh -c \
'i=0; while true; do echo $i; i=$(expr $i + 1); sleep 1; done'
You can verify that the container is running by observing its logs:
$ sudo podman logs -l
Or by running podman ps.
If you do this a few times you will notice that the integers are increasing. Now the container can be checkpointed:
$ sudo podman container checkpoint -l
Once the container is checkpointed it will be no longer visible in podman ps.
The following command can be used to restore the container:
$ sudo podman container restore -l
Using podman logs -l or podman ps it can be verified that the container was restored and that it continued running from the point in time when it was checkpointed.
This requires at least CRIU 3.11.
There is one recording demonstrating Podman's checkpoint/restore support:
Container Live Migration[edit]
To be actually able to migrate a container from one system to another at least Podman version 1.4.0 (June 2019) is required. With version 1.4.0 Podman is now able to export a complete checkpoint which can then be transferred:
$ sudo podman run -d --name looper busybox /bin/sh -c \
'i=0; while true; do echo $i; i=$(expr $i + 1); sleep 1; done'
$ sudo podman container checkpoint -l --export=/tmp/chkpt.tar.gz
$ sudo scp /tmp/chkpt.tar.gz <destination-host>:/tmp
Once the checkpoint archive has been transferred to the destination system the container can there be restored from the checkpoint archive:
$ sudo podman container restore --import=/tmp/chkpt.tar.gz
Now the container continues to run from the same point where it was previously checkpointed on the source system.
From a checkpoint archive it is also possible to restore multiple copies of a container with different names:
$ sudo podman container restore --import=/tmp/chkpt.tar.gz -n looper1 $ sudo podman container restore --import=/tmp/chkpt.tar.gz -n looper2 $ sudo podman container restore --import=/tmp/chkpt.tar.gz -n looper3
Each of these restored containers will be running from the point in time the container was checkpointed.
This requires at least CRIU 3.12 (3.13 for full SELinux support).
There are two recordings demonstrating Podman's container migration feature:
Checkpoint Images[edit]
In addition to the standard checkpoint/restore functionality described above, Podman supports checkpoint images to enable container migration across multiple systems with standard image distribution infrastructure (container registry).
A checkpoint image can be created with the --create-image <image> option podman container checkpoint. This option instructs Podman to create a standard OCI container image with a single layer that contains all checkpoint files.
Example:
$ sudo podman run -d --name looper busybox /bin/sh -c 'i=0; while true; do echo $i; i=$(expr $i + 1); sleep 1; done' $ sudo podman container checkpoint --create-image checkpoint-image-1 looper
You can verify that the image has been created as follows:
$ sudo podman image ls
You can restore a container from checkpoint image as follows:
$ sudo podman container restore <image>
Example:
$ sudo podman container restore checkpoint-image-1
Note that creating a checkpoint would not remove the container and it is not possible to have two containers with the same name. Thus, it might be necessary to restore the container with a different name:
$ sudo podman container restore --name looper-2 checkpoint-image-1
Or to remove the existing container before restore:
$ sudo podman rm looper
A checkpoint image can be pushed to a container registry:
$ sudo podman login quay.io $ sudo podman container checkpoint --create-image quay.io/<username>/<reponame> looper $ sudo podman push quay.io/<username>/<reponame>
The content of the image layer is in the same format as a checkpoint archive created with the --export option.
This allows to be exported locally with podman image save and restored with the --import option.
In addition, checkpoint images can be inspected with podman inspect. Inspecting a checkpoint image would display additional information, stored as annotations, about the host environment used to do the checkpoint.
And pulled and restored on a different system:
$ sudo podman pull quay.io/<username>/<reponame> $ sudo podman container restore quay.io/<username>/<reponame>
Restoring multiple containers at the same time can be achieved as follows:
$ sudo podman run -d --name looper-1 busybox /bin/sh -c 'i=0; while true; do echo $i; i=$(expr $i + 1); sleep 1; done' $ sudo podman run -d --name looper-2 busybox /bin/sh -c 'i=0; while true; do echo $i; i=$(expr $i + 1); sleep 1; done' $ sudo podman container checkpoint --create-image checkpoint-1 looper-1 $ sudo podman container checkpoint --create-image checkpoint-2 looper-2 $ sudo podman rm looper-1 looper-2 $ sudo podman container restore checkpoint-1 checkpoint-2