[CRIU] Checkpoint/Restore LXC container with CRIU on a raspberry pi 2
Pavel Emelyanov
xemul at virtuozzo.com
Tue Jun 14 04:34:53 PDT 2016
On 06/09/2016 06:53 PM, alex vk wrote:
> Hi everyone,
>
> I'm now trying to checkpoint and restore an LXC container on a raspberry PI 2. (Criu 2.0 is working fine with the kernel 3.18, and LXC 2.0 works as well on the RPI2)
> Checkpointing a container apparently succeeds after disabling seccomp and adding these lines to the container config (according to the wiki):
Cc-ing Tycho for LXC help :)
> lxc.seccomp =
> # hax for criu
> lxc.console = none
> lxc.tty = 0
> lxc.cgroup.devices.deny = c 5:1 rwm
>
> However restoring fails with this message : "lxc-checkpoint: criu.c: exec_criu: 305 lxc.console configured on source host but not target"
>
> I'read on this post (https://lists.linuxcontainers.org/pipermail/lxc-devel/2016-March/013856.html) not to pass the --ext-mount-map option when console=none.
> In this case, I have another error : "1: Error (mount.c:3381): mnt: New root and old root are the same"
>
> Interestingly, I have another error when trying to restore, if i run all the container creation, start, dump and restore with sudo (not directly in root):
>
> pie: 1: Error (pie/restorer.c:888): Can't restore ticks/time for timer>
> pie: 1: fd - 0
> pie: 1: Error (pie/restorer.c:1408): Can't restore timerfd -22
>
> I've put the full log of dumping and restoring, as well as the container config attached below, if anyone has any ideas ?
>
> Thanks for your help,
> Alex
>
>
> ----------------------------------------------------------------------------------------------------
> Here is what i get from the restore :
>
> root at pi-desktop:/home/pi/checkpoint# lxc-checkpoint -r -D /home/pi/checkpoint/ -n test-container --logfile=debug_restore --logpriority=DEBUG
> lxc-checkpoint: criu.c: do_restore: 705 criu process exited 1, output:
> lxc-checkpoint: criu.c: exec_criu: 305 lxc.console configured on source host but not target
>
>
> lxc-checkpoint: cgfsng.c: recursive_destroy: 983 Error destroying /sys/fs/cgroup/systemd//lxc/test-container
> lxc-checkpoint: cgfsng.c: recursive_destroy: 983 Error destroying /sys/fs/cgroup/blkio//lxc/test-container
> lxc-checkpoint: cgfsng.c: recursive_destroy: 983 Error destroying /sys/fs/cgroup/freezer//lxc/test-container
> lxc-checkpoint: cgfsng.c: recursive_destroy: 983 Error destroying /sys/fs/cgroup/debug//lxc/test-container
> lxc-checkpoint: cgfsng.c: recursive_destroy: 983 Error destroying /sys/fs/cgroup/cpu//lxc/test-container
> lxc-checkpoint: cgfsng.c: recursive_destroy: 983 Error destroying /sys/fs/cgroup/devices//lxc/test-container
> lxc-checkpoint: cgfsng.c: recursive_destroy: 983 Error destroying /sys/fs/cgroup/perf_event//lxc/test-container
> lxc-checkpoint: cgfsng.c: recursive_destroy: 983 Error destroying /sys/fs/cgroup/cpuset//lxc/test-container
> lxc-checkpoint: cgfsng.c: recursive_destroy: 983 Error destroying /sys/fs/cgroup/net_cls//lxc/test-container
> lxc-checkpoint: criu.c: __criu_restore: 953 restore process died
> Restoring test-container failed.
>
> ----------------------------------------------------------------------------------------------------
> Here is the log of the dumping created with the lxc-checkpoint -s --logfile=debug_dump :
> root at pi-desktop:/home/pi/checkpoint# lxc-checkpoint -s -D /home/pi/checkpoint/ -n test-container --logfile=debug_dump --logpriority=DEBUG
> root at pi-desktop:/home/pi/checkpoint# cat debug_dump
> lxc-checkpoint 20160609165234.776 WARN lxc_confile - confile.c:config_pivotdir:1879 - lxc.pivotdir is ignored. It will soon become an error.
> lxc-checkpoint 20160609165234.777 WARN lxc_confile - confile.c:config_personality:1117 - unsupported personality 'armhf'
> lxc-checkpoint 20160609165234.784 DEBUG lxc_commands - commands.c:lxc_cmd_get_state:579 - 'test-container' is in 'RUNNING' state
> lxc-checkpoint 20160609165234.799 INFO lxc_criu - criu.c:exec_criu:387 - execing: /usr/local/sbin/criu dump --tcp-established --file-locks --link-remap --manage-cgroups --ext-mount-map auto --enable-external-sharing --enable-external-masters --enable-fs hugetlbfs --enable-fs tracefs -D /home/pi/checkpoint/ -o /home/pi/checkpoint//dump.log -t 4617 --freeze-cgroup /sys/fs/cgroup/freezer///lxc/test-container --force-irmap
> -------------------------------------------------------------------------------------------
>
> And here is the dump.log :
> root at pi-desktop:/home/pi/checkpoint# cat dump.log
> Warn (autofs.c:77): Failed to find pipe_ino option (old kernel?)
> Detected FS_EVENT_ON_CHILD bit in mask (will be ignored on restore)
> tar: ./systemd/journal/socket: socket ignored
> tar: ./systemd/journal/stdout: socket ignored
> tar: ./systemd/journal/syslog: socket ignored
> tar: ./systemd/journal/dev-log: socket ignored
> tar: ./systemd/private: socket ignored
> tar: ./systemd/notify: socket ignored
>
> ----------------------------------------------------------------------------------------------------
>
> Here is the log created with lxc-checkpoint -r --logfile :
>
> root at pi-desktop:/home/pi/checkpoint# cat debug_restore
> lxc-checkpoint 20160609165308.055 WARN lxc_confile - confile.c:config_pivotdir:1879 - lxc.pivotdir is ignored. It will soon become an error.
> lxc-checkpoint 20160609165308.056 WARN lxc_confile - confile.c:config_personality:1117 - unsupported personality 'armhf'
> lxc-checkpoint 20160609165308.075 INFO lxc_lsm - lsm/lsm.c:lsm_init:48 - LSM security driver nop
> lxc-checkpoint 20160609165308.076 DEBUG lxc_start - start.c:setup_signal_fd:289 - sigchild handler set
> lxc-checkpoint 20160609165308.076 INFO lxc_start - start.c:lxc_init:488 - 'test-container' is initialized
> lxc-checkpoint 20160609165308.076 INFO lxc_cgroup - cgroup.c:cgroup_init:68 - cgroup driver cgroupfs-ng initing for test-container
> lxc-checkpoint 20160609165308.087 ERROR lxc_criu - criu.c:exec_criu:305 - lxc.console configured on source host but not target
> lxc-checkpoint 20160609165308.115 INFO lxc_conf - conf.c:run_script_argv:367 - Executing script '/usr/share/lxcfs/lxc.reboot.hook' for container 'test-container', config section 'lxc'
> lxc-checkpoint 20160609165308.686 ERROR lxc_criu - criu.c:do_restore:705 - criu process exited 1, output:
> lxc-checkpoint: criu.c: exec_criu: 305 lxc.console configured on source host but not target
>
>
> lxc-checkpoint 20160609165308.689 INFO lxc_conf - conf.c:run_script_argv:367 - Executing script '/usr/share/lxcfs/lxc.reboot.hook' for container 'test-container', config section 'lxc'
> lxc-checkpoint 20160609165309.206 ERROR lxc_cgfsng - cgfsng.c:recursive_destroy:983 - Error destroying /sys/fs/cgroup/systemd//lxc/test-container
> lxc-checkpoint 20160609165309.208 ERROR lxc_cgfsng - cgfsng.c:recursive_destroy:983 - Error destroying /sys/fs/cgroup/blkio//lxc/test-container
> lxc-checkpoint 20160609165309.209 ERROR lxc_cgfsng - cgfsng.c:recursive_destroy:983 - Error destroying /sys/fs/cgroup/freezer//lxc/test-container
> lxc-checkpoint 20160609165309.211 ERROR lxc_cgfsng - cgfsng.c:recursive_destroy:983 - Error destroying /sys/fs/cgroup/debug//lxc/test-container
> lxc-checkpoint 20160609165309.212 ERROR lxc_cgfsng - cgfsng.c:recursive_destroy:983 - Error destroying /sys/fs/cgroup/cpu//lxc/test-container
> lxc-checkpoint 20160609165309.213 ERROR lxc_cgfsng - cgfsng.c:recursive_destroy:983 - Error destroying /sys/fs/cgroup/devices//lxc/test-container
> lxc-checkpoint 20160609165309.214 ERROR lxc_cgfsng - cgfsng.c:recursive_destroy:983 - Error destroying /sys/fs/cgroup/perf_event//lxc/test-container
> lxc-checkpoint 20160609165309.215 ERROR lxc_cgfsng - cgfsng.c:recursive_destroy:983 - Error destroying /sys/fs/cgroup/cpuset//lxc/test-container
> lxc-checkpoint 20160609165309.217 ERROR lxc_cgfsng - cgfsng.c:recursive_destroy:983 - Error destroying /sys/fs/cgroup/net_cls//lxc/test-container
> lxc-checkpoint 20160609165309.220 ERROR lxc_criu - criu.c:__criu_restore:953 - restore process died
>
>
> ----------------------------------------------------------------------------------------------------
>
> The log without --ext-mount-map
>
> /usr/local/sbin/criu restore --tcp-established --file-locks --link-remap --manage-cgroups --ext-mount-map auto --enable-external-sharing --enable-external-masters --enable-fs hugetlbfs --enable-fs tracefs -D /home/pi/checkpoint -o /home/pi/checkpoint/restore.log --root /usr/lib/arm-linux-gnueabihf/lxc --restore-detached --restore-sibling --pidfile /tmp/filet0XGku --cgroup-root /lxc/test-container console: --veth-pair eth0=vethINVTTV at lxcbr0
>
> root at pi-desktop:/home/pi/checkpoint# cat restore.log
> Warn (cr-restore.c:812): Set CLONE_PARENT | CLONE_NEWPID but it might cause restore problem,because not all kernels support such clone flags combinations!
> RTNETLINK answers: File exists
> RTNETLINK answers: File exists
> RTNETLINK answers: File exists
> RTNETLINK answers: File exists
> 1: Warn (autofs.c:77): Failed to find pipe_ino option (old kernel?)
> 1: Error (mount.c:3381): mnt: New root and old root are the same
> Error (cr-restore.c:988): 5521 killed by signal 9: Killed
> Error (cr-restore.c:1867): Restoring FAILED.
>
> ----------------------------------------------------------------------------------------------------
>
> As a normal user, with sudo :
>
> pi at pi-desktop:~/checkpoint$ cat debug_restore
> lxc-checkpoint 20160609171247.434 WARN lxc_confile - confile.c:config_pivotdir:1879 - lxc.pivotdir is ignored. It will soon become an error.
> lxc-checkpoint 20160609171247.435 WARN lxc_confile - confile.c:config_personality:1117 - unsupported personality 'armhf'
> lxc-checkpoint 20160609171247.454 INFO lxc_lsm - lsm/lsm.c:lsm_init:48 - LSM security driver nop
> lxc-checkpoint 20160609171247.455 DEBUG lxc_start - start.c:setup_signal_fd:289 - sigchild handler set
> lxc-checkpoint 20160609171247.455 INFO lxc_start - start.c:lxc_init:488 - 'test-container' is initialized
> lxc-checkpoint 20160609171247.455 INFO lxc_cgroup - cgroup.c:cgroup_init:68 - cgroup driver cgroupfs-ng initing for test-container
> lxc-checkpoint 20160609171247.456 ERROR lxc_cgfsng - cgfsng.c:cgfsng_create:1072 - No such file or directory - Failed to create /sys/fs/cgroup/systemd//lxc/test-container: No such file or directory
> lxc-checkpoint 20160609171247.466 INFO lxc_criu - criu.c:exec_criu:387 - execing: /usr/local/sbin/criu restore --tcp-established --file-locks --link-remap --manage-cgroups --ext-mount-map auto --enable-external-sharing --enable-external-masters --enable-fs hugetlbfs --enable-fs tracefs -D /home/pi/checkpoint -o /home/pi/checkpoint/restore.log --root /usr/lib/arm-linux-gnueabihf/lxc --restore-detached --restore-sibling --pidfile /tmp/file8x1eFF --cgroup-root /lxc/test-container-1 --ext-mount-map console: --veth-pair eth0=veth6AHNY2 at lxcbr0
> lxc-checkpoint 20160609171248.456 ERROR lxc_criu - criu.c:do_restore:705 - criu process exited 1, output:
>
>
> lxc-checkpoint 20160609171248.458 INFO lxc_conf - conf.c:run_script_argv:367 - Executing script '/usr/share/lxcfs/lxc.reboot.hook' for container 'test-container', config section 'lxc'
> lxc-checkpoint 20160609171248.984 ERROR lxc_criu - criu.c:__criu_restore:953 - restore process died
>
> ----------------------------------
>
> The restore.log as a normal user, with sudo :
>
> pi at pi-desktop:~/checkpoint$ sudo cat restore.log
> Warn (cr-restore.c:812): Set CLONE_PARENT | CLONE_NEWPID but it might cause restore problem,because not all kernels support such clone flags combinations!
> RTNETLINK answers: File exists
> RTNETLINK answers: File exists
> RTNETLINK answers: File exists
> RTNETLINK answers: File exists
> 1: Warn (autofs.c:77): Failed to find pipe_ino option (old kernel?)
> 1: Warn (sk-unix.c:1292): sk unix: Can't unlink stale socket 0x88b4 peer 0 (name /run/systemd/notify dir -)
> 1: Warn (sk-unix.c:1292): sk unix: Can't unlink stale socket 0x88b6 peer 0 (name /run/systemd/private dir -)
> 1: Warn (sk-unix.c:1292): sk unix: Can't unlink stale socket 0x88ba peer 0 (name /run/systemd/journal/dev-log dir -)
> 1: Warn (sk-unix.c:1292): sk unix: Can't unlink stale socket 0x8285 peer 0 (name /run/systemd/journal/stdout dir -)
> 1: Warn (sk-unix.c:1292): sk unix: Can't unlink stale socket 0x8287 peer 0 (name /run/systemd/journal/socket dir -)
> 1: Warn (sk-unix.c:1292): sk unix: Can't unlink stale socket 0x88d0 peer 0 (name /run/systemd/journal/syslog dir -)
> 1: Warn (sk-unix.c:1292): sk unix: Can't unlink stale socket 0x83cc peer 0x83cb (name /run/systemd/journal/stdout dir -)
> 1: Warn (sk-unix.c:1292): sk unix: Can't unlink stale socket 0x83fc peer 0x8dfa (name /run/systemd/journal/stdout dir -)
> pie: 1: Error (pie/restorer.c:888): Can't restore ticks/time for timer>
> pie: 1: fd - 0
> pie: 1: Error (pie/restorer.c:1408): Can't restore timerfd -22
> pie: 1: Error (pie/restorer.c:1506): Restorer fail 1
> Error (cr-restore.c:985): 6401 exited, status=1
> Error (cr-restore.c:1867): Restoring FAILED.
>
>
> -------------------------------
>
> Here is the config of the container : /var/lib/lxc/test-container/config
>
> # Template used to create this container: /usr/share/lxc/templates/lxc-ubuntu
> # Parameters passed to the template:
> # For additional config options, please look at lxc.container.conf(5)
>
> # Uncomment the following line to support nesting containers:
> #lxc.include = /usr/share/lxc/config/nesting.conf
> # (Be aware this has security implications)
>
>
> # Common configuration
> lxc.include = /usr/share/lxc/config/ubuntu.common.conf
>
> # Container specific configuration
> lxc.rootfs = /var/lib/lxc/test-container/rootfs
> lxc.rootfs.backend = dir
> lxc.utsname = test-container
> lxc.arch = armhf
>
> # Network configuration
> lxc.network.type = veth
> lxc.network.link = lxcbr0
> lxc.network.flags = up
> lxc.network.hwaddr = 00:16:3e:d5:62:a5
> lxc.seccomp =
> lxc.console = none
> lxc.tty = 0
> lxc.cgroup.devices.deny = c 5:1 rwm
>
>
> _______________________________________________
> CRIU mailing list
> CRIU at openvz.org
> https://lists.openvz.org/mailman/listinfo/criu
>
More information about the CRIU
mailing list