275
edits
Changes
Jump to navigation
Jump to search
mLine 1:
Line 1: − + − − == Introduction == − − Docker wants to manage the full lifecycle of processes running inside one if its containers, which makes it important for CRIU and Docker to work closely together when trying to checkpoint and restore a container. This is being achieved by adding the ability to checkpoint and restore directly into Docker itself, powered under the hood by CRIU. This integration is a work in progress, and its status will be outlined below. − Checkpoint & Restore is now available in the ''experimental'' runtime mode for Docker. It is available since Docker 1.13, so every later version (like Docker 17.03) has it.+ + Line 14:
Line 11: − === Dependencies ===+ − − Line 64:
Line 59: + + + + + + + + Line 93:
Line 96: − − == Integration Status == − − CRIU has already been integrated into the lower level components that power Docker, namely '''runc''' and '''containerd'''. The final step in the process is to integrate with Docker itself. You can track the status of that process in [https://github.com/docker/docker/pull/22049 this pull request]. Line 104:
Line 103: − + + Line 148:
Line 148: − + − − {{Note| External C/R was done as proof-of-concept. Its use is highly discouraged.}} − +
→TTY: Update info about support for checkpointing of an interactive container
This HOWTO page describes how to checkpoint and restore a Docker container.
This article describes the status of CRIU integration with Docker, and how to use it.
== Docker Experimental ==
== Docker Experimental ==
Naturally, Docker wants to manage the full lifecycle of processes running inside its containers, so CRIU should be run by Docker (rather than separately).
This feature is available in the ''experimental'' mode for Docker (since Docker 1.13, so every later version, like Docker 17.03, should work).
To enable experimental features (incl. CRIU), you need to do something like this:
To enable experimental features (incl. CRIU), you need to do something like this:
systemctl restart docker
systemctl restart docker
In addition to having a recent version of Docker, you need '''CRIU''' 2.0 or later installed on your system (see [[Installation]] for more info).
In addition to installing version 1.13+ of Docker, you need '''CRIU''' 2.0 or later installed on your system (see [[Installation]] for more info).
=== checkpoint ===
=== checkpoint ===
You should be able to print the logs from <code>looper-clone</code> and see that they start from wherever the logs of <code>looper</code> end.
You should be able to print the logs from <code>looper-clone</code> and see that they start from wherever the logs of <code>looper</code> end.
=== Passing additional options ===
[[Configuration files]] can be used to set additional CRIU options when performing checkpoint/restore of Docker containers. These options should be added in the file <code>/etc/criu/runc.conf</code> (in order to '''overwrite''' the ones set by runc/Docker). Note that the options stored in <code>~/.criu/default.conf</code> or <code>/etc/criu/default.conf</code> will be '''overwritten''' by the ones set via [[RPC]] by Docker.
For example, in order to checkpoint and restore a container with established TCP connections CRIU requires the <code>--tcp-established</code> option to be set. However, this option is set to false by default and it is currently not possible to change this behaviour via the command-line interface of Docker. This feature can be enabled by adding <code>tcp-established</code> in the file <code>/etc/criu/runc.conf</code>. Note that for this functionality to work, the version of [[https://github.com/opencontainers/runc runc]] must be recent enough to have the commit [[https://github.com/opencontainers/runc/commit/e157963054e1be28bcd6612f15df1ea561c62571 e157963]] applied.
An alternative solution is to use [https://podman.io/ Podman] which has support to specify <code>--tcp-established</code> on the command-line.
=== Synopsis ===
=== Synopsis ===
--help Print usage
--help Print usage
-i, --interactive Attach container's STDIN
-i, --interactive Attach container's STDIN
== Compatibility Notes ==
== Compatibility Notes ==
=== TTY ===
=== TTY ===
Checkpointing an interactive container is currently not supported.
Checkpointing an interactive container is supported by CRIU, runc and containerd, but not yet enabled in Docker.
(See [[https://github.com/moby/moby/pull/38405 PR 38405]] for more information.)
=== Seccomp ===
=== Seccomp ===
* {{torvalds.git|e4a0d3e720}} by Pavel Emelyanov
* {{torvalds.git|e4a0d3e720}} by Pavel Emelyanov
== External Checkpoint Restore ==
== External checkpoint/restore ==
Although it's not recommended, you can also learn more about using CRIU without integrating with docker: [[Docker_External]].
Although it's not recommended, you can also learn more about using CRIU without integrating with Docker. See [[Docker External]] for more info.