CLI
Since the tools and overall concept are still under heavy development, there are some known limitations applied, in particular only pure x86-64 environment is supported, no IA32 emulation allowed.
Synopsis
criu <command> -t <pid> [<options>]
Description
criu is command line utility to steer checkpoint and restore procedure.
Options
<command>:: One of the follwong commands * 'dump' to initiate checkpoint procedure * 'restore' to restore previously checkpointed processes * 'show' to decode binary dump files and show their contents in human readable format * 'check' to test whether the kernel support is up-to-date * 'exec' to execute a system call from another task's context * 'page-server' to launch a page-server * 'service' to start RPC service -c:: In case of 'show' command the dumped pages content will be shown in hex format. -D <path>:: Use path 'path' as a base directory where to look for dump files set. This commands allpies to any <command>. -s:: Leave tasks in stopped state after checkpoint instead of killing them. -f <file>:: This option is valid for 'show' command only and allows to see content of the <file> specified. -t <pid>:: Checkpoint the whole process tree starting from 'pid'. -d:: Detach criu itself once restore is complete. -n <ns>:: Checkpoint namespaces. Namespaces must be separated by comma. We now support all namespaces -- uts, ipc, net and mnt -o <file>:: Write logging messages to 'file'. -v <num>:: Set logging level to 'num'. Valid options are: 0 - (silent, error messages only), 1 - informative (default), 2 - debug messages.
Examples
First thing to do is to check the kernel support being up-to-date with the
# criu check
command. If it says "Looks good", then you can proceed, otherwise dump/restore may not work. If you are using the mainstream kernel, but not our one with some custom patches applied, you should try the
# criu check --ms
command instead. If will skip checking for some kernel functionality, that is known to be not yet merged upstream (criu knows how to work without it, though it's sometimes not correct).
To checkpoint a program with pid 1234 and write all image files into directory checkpoint one should type
# criu dump -D checkpoint -t 1234
To restore this program detaching criu itself, one should type
criu restore -d -D checkpoint
"Detaching" (the -d
option) here means, that criu will exit after restoring the processes
and the latter will get re-parent-ed to the init task.
To close a file descriptor number 1 in task with pid 1234 run
criu exec -t 1234 close 1
To open a file named /foo/bar for read-write in the task with pid 1234 run
criu exec -t 1234 open '&/foo/bar' 2
Security
Due to restrictions imposed by several kernel APIs CRIU uses, the tools can only work with run with root privileges. However, if the node administrator sets the +suid bit on the criu binary, or runs criu as an RPC service, criu will be able to work on behalf of regular user.
In the latter case, the following security restrictions would apply:
- criu will refuse to dump or restore processes whose
[se]?[ug]id
is not equal to the corresponding value of the calling user - criu will refuse to dump or restore any bits set in any capability set
Further reading
- Advanced usage article for more options
- Remote syscall execution article for 'exec' command info
- Category:HOWTO
- A set of articles about live migration:
- Statistics
- RPC API to C/R functionality