AutoFS
If you have AutoFS mount inside the container, you need to know some tricks.
Requirements
AutoFS migration is supported by CRIU starting from version ...
Another requirement is linux kernel with version 4.6 or higher.
Limitations
CRIU supports both direct (offset) and indirect AutoFS mount points migration.
However, there is a limitation in migrating of systemd services using AutoFS.
The root of the limitation is that systemd saves AutoFS mount point device ID in its internals and compares saved value with current one on each AutoFS-related request from kernel side, and if they do not match, it ignores the request.
CRIU reconstructs AutoFS mount point on restore with different device ID, thus systemd doesn't recognize it anymore.
In user world it means that any access to AutoFS mount point served by systemd will stuck. Restart of the service solves this issue.
Tricks
To overcome the above limitation, systemd-autofs-restart.sh
action script was introduced. It can be found in scripts
directory in CRIU sources.
This script is aimed to be used with CRIU option --action-script
on restore to fix the issue for those systemd services, which can be painlessly restarted.
It can be used like this:
criu restore ... --action-script /usr/libexec/criu/scripts/systemd-autofs-restart.sh
Currently, it only restarts one service, proc-sys-fs-binfmt_misc.automount
. Surely, it can be easily extended to support any other.
The logic of the script is the following:
- Mount aside the file system, located on top of autofs (if any)
- Restart systemd service
- Unmount new file system, appeared on top of restarted autofs (if any)
- Move original file system on top of autofs mount point
Please, note, that the sequence above works only for direct (offset) autofs mount points, when autofs mount point is being overmounted by the desired one. In case of indirect autofs mount point the content (any mounted file system) will be lost.
Tricks vs Mount namespaces without propagation
There is a problem with systemd service restart in case of nested mount namespaces without propagation from parent (with private mounts).
Nested mount namespace can have mount point with the same superblock, as the original mount point in parent mount namespace.
But after service restart it won't be like this anymore: mount point in master namespace will be changed, but not propagated to nested mount namespace. Moreover, mount point in nested mount namespace will become catatonic.
Thus, in case ot nested mount namespaces with disabled propagation one have to choose either:
- Do not run the script, but keep all the mounts structure as it was (and broken systemd autofs services),
- or use the script, but the price is catatonic autofs mounts in nested mount namespaces without propagation.