Changes

2,115 bytes added ,  13:38, 18 September 2012
Make normal general description
Line 49: Line 49:  
  $ lxc-start -n test-lxc
 
  $ lxc-start -n test-lxc
   −
= Dump/Restore a Linux Container =
+
= Checkpoint and restore an LXC Container =
==[[Installation]]==
+
== Preparations ==
The installation process is described [[Installation | here]].
+
You only need to [[Installation | install]] the crtools.
==Example==
+
 
 +
== Dump and restore ==
 +
Dumping and restoring an LXC contianer means -- dumping a subtree of processes starting from container init plus all kinds of namespaces.
 +
Restoring is symmetrical. The way LXC container works imposes some more requirements on crtools usage.
 +
 
 +
* You need to use the <code>--evasive-devices</code> option to handle <code>/dev/log</code> users (there's a bug in LXC code)
 +
* In order to properly isolate container from unwanted networking communication during checkpoint/restore you should provide a script for locking/unlocking the container network (see below)
 +
* When restoring a container with veth device you may specify a name for the host-side veth device
 +
* In order to checkpoint and restore alive TCP connections you should use the <code>--tcp-established</code> option
 +
 
 +
Typically a container dump command will look like
 +
<pre>
 +
crtools dump
 +
    --evasive-devices                # handle /dev/log usage bug
 +
    --tcp-established                # allow for TCP connections dump
 +
    -n net -n mnt -n ipc -n pid      # dump all the namespaces container uses
 +
    --action-script "net-script.sh"  # use net-script.sh to lock/unlock networking
 +
    -D dump/ -o dump.log            # set images dir to dump/ and put logs into dump.log file
 +
    -t ${init-pid}                  # start dumping from task ${init-pid}. It should be container's init
 +
</pre>
 +
and restore command like
 +
<pre>
 +
crtools restore
 +
  --evasive-devices
 +
  --tcp-established
 +
  -n net -n mnt -n ipc -n pid
 +
  --action-script "net-script.sh"
 +
  --veth-pair eth0=${veth-name}    # when restoring a veth link use ${veth-name} for host-side device end
 +
  --root ${path}                    # path to container root. It should be a root of a (bind)mount
 +
  -D data/ -o restore.log
 +
  -t ${init-pid}
 +
</pre>
 +
 
 +
We also find it useful to use the <code>--restore-detached</code> option for restore to make contianer reparent to init rather than hanging on a crtools process launched from shell. Another useful option is the <code>--pidfile</code> one -- you will be able to find out the host-side pid of a container init after restore.
 +
 
 +
== Example ==
 
We have [http://git.criu.org/?p=crtools.git;a=tree;f=test/app-emu/lxc;hb=HEAD an application test] to test dump/restore of a Linux Container.
 
We have [http://git.criu.org/?p=crtools.git;a=tree;f=test/app-emu/lxc;hb=HEAD an application test] to test dump/restore of a Linux Container.
  
Anonymous user