[CRIU] Do anyone knows how to migrate a container with web app
Pavel Emelyanov
xemul at virtuozzo.com
Wed May 4 08:20:18 PDT 2016
On 05/03/2016 08:00 PM, Weicheng SUN wrote:
> Thanks a lot! I try that way, it actually can complete the restore progress!
> However, without doing bind(), the container's exposed port doesn't work.
> I will keep on finding a way to solve it, do you have some idea?
You can try to modify ciru images with crit and substitute old address with
new one.
https://criu.org/CRIT
> Regards,
>
> David Sun 孙炜程
> School of Software Engineering, Shanghai Jiaotong University
>
> Mobile: 15921638078
>
> E-mail: SunWeicheng0001 at gmail.com <mailto:SunWeicheng0001 at gmail.com>
>
>
> 2016-05-04 0:25 GMT+08:00 Ross Boucher <rboucher at gmail.com <mailto:rboucher at gmail.com>>:
>
> I have not provided the modified CRIU in that release. This is a very hacky way to simply drop sockets you can try: https://github.com/boucher/criu/commit/0539fbc68228903ad4a2cae2b3737c6e888ab93d
>
>
> On Tue, May 3, 2016 at 12:19 PM Weicheng SUN <sunweicheng0001 at gmail.com <mailto:sunweicheng0001 at gmail.com>> wrote:
>
> Thankfully, You understand what I mean. I know that I should request a same IP address and the CRIU I use is the release you give in cr-combined(I guess this is the modified CRIU you mentioned).
> The problem is I do not know how to request a container with specific IP address via docker command or RESTful API. I know there is docker run --ip for later than docker v1.10, but the latest release of cr-combined doesn't support this flag.
> I tried to modified the source code of docker v1.10, but it always hangs on without any response while running, :(.
> Do you know how to request such a container with the release version you give?
>
> Regards,
>
> David Sun 孙炜程
> School of Software Engineering, Shanghai Jiaotong University
>
> Mobile: 15921638078
>
> E-mail: SunWeicheng0001 at gmail.com <mailto:SunWeicheng0001 at gmail.com>
>
>
> 2016-05-04 0:09 GMT+08:00 Ross Boucher <rboucher at gmail.com <mailto:rboucher at gmail.com>>:
>
> What we've done is modified the CRIU source to simply drop these unrestorable connections, rather than error out. Perhaps that could be turned into an option.
>
> On Tue, May 3, 2016 at 12:08 PM Ross Boucher <rboucher at gmail.com <mailto:rboucher at gmail.com>> wrote:
>
> You should be able to request the same IP when creating the new docker container. Similarly, you could do the same for any linked containers.
>
> On Tue, May 3, 2016 at 12:07 PM Weicheng SUN <sunweicheng0001 at gmail.com <mailto:sunweicheng0001 at gmail.com>> wrote:
>
> I know what you mean. But I just want to migrate some containers to another host, all of those application can deal tcp reconnection.
> You say if there are some packets cannot deliver into new container's location, the restore will broken.
> So, If there is*a method to skip this progress, just to bind the old ip address to the container on the new host.*
> Everytime I checkpoint a container with tcp connection, scp to another host, then restore, the restore log always say that
>
> (00.294516) 1: Found id pipe:[6392267] (fd 1) in inherit fd list
> (00.294520) 1: File pipe:[6392267] will be restored from fd 3 dumped from inherit fd 1
> (00.294535) 1: Found fd 1 (id pipe:[6392267]) in inherit fd list (caller inherit_fd_resolve_clash)
> (00.294538) 1: Inherit fd 1 moved to 3 to resolve clash
> (00.294541) 1: Create fd for 1
> (00.294544) 1: Restoring fd 2 (state -> create)
> (00.294545) 1: Creating pipe pipe_id=0x6189cc id=0x3
> (00.294547) 1: Found id pipe:[6392268] (fd 2) in inherit fd list
> (00.294548) 1: File pipe:[6392268] will be restored from fd 4 dumped from inherit fd 2
> (00.294554) 1: Found fd 2 (id pipe:[6392268]) in inherit fd list (caller inherit_fd_resolve_clash)
> (00.294555) 1: Inherit fd 2 moved to 4 to resolve clash
> (00.294558) 1: Create fd for 2
> (00.294560) 1: Restoring fd 4 (state -> create)
> (00.294569) 1: Restore: family 10 type 1 proto 6 port 6379 state 10 src_addr ::
> (00.294592) 1: 5 restore sndbuf 16384 rcv buf 87380
> (00.294595) 1: restore priority 0 for socket
> (00.294596) 1: restore rcvlowat 1 for socket
> (00.294598) 1: restore mark 0 for socket
> (00.294611) 1: Found fd 4 (id pipe:[6392268]) in inherit fd list (caller inherit_fd_resolve_clash)
> (00.294616) 1: Inherit fd 4 moved to 6 to resolve clash
> (00.294619) 1: Create fd for 4
> (00.294622) 1: Restoring fd 5 (state -> create)
> (00.294625) 1: Restore: family 2 type 1 proto 6 port 6379 state 10 src_addr 0.0.0.0
> (00.294633) 1: 5 restore sndbuf 16384 rcv buf 87380
> (00.294635) 1: restore priority 0 for socket
> (00.294636) 1: restore rcvlowat 1 for socket
> (00.294638) 1: restore mark 0 for socket
> (00.294640) 1: Create fd for 5
> (00.294642) 1: Restoring fd 6 (state -> create)
> (00.294644) 1: Restore: family 2 type 1 proto 6 port 6379 state 1 src_addr 172.17.128.2
> (00.294646) 1: Restoring TCP connection
> (00.294649) 1: Restoring TCP connection id 7 ino 619526
> (00.294657) 1: Setting 1 queue seq to 2786935679 <tel:2786935679>
> (00.294659) 1: Setting 2 queue seq to 919486667
> (00.294679) 1: Error (sk-inet.c:721): Can't bind inet socket (id 7): Cannot assign requested address
>
> You see, 172.17.128.2 is the old ip, criu tried to bind this ip to new container, but failed.
>
> Regards,
>
> David Sun 孙炜程
> School of Software Engineering, Shanghai Jiaotong University
>
> Mobile: 15921638078
>
> E-mail: SunWeicheng0001 at gmail.com <mailto:SunWeicheng0001 at gmail.com>
>
>
> 2016-04-28 18:33 GMT+08:00 Pavel Emelyanov <xemul at virtuozzo.com <mailto:xemul at virtuozzo.com>>:
>
> On 04/28/2016 08:01 AM, Weicheng SUN wrote:
> > Hi Everyone,
> >
> > The latest release of cr-combined said that it supports network. Then I do some experiments. I use
> > 1. docker run -d -v demo:/data --name=redis redis:latest
> > 2. docker run -d -e USE_REDIS_HOST=redis --link redis:redis -p 80:80 --name=app binocarlos/moby-counter:latest
> > which is a demo of simple website and redis is its storage. I first run them on host A
> >
> > I try to checkpoint them and copy to another host(host B). I create two containers with same configuration
> > of them and applied the change of file system to the new created container. Then I tried to restore them,
> > which sometimes came out a wrong result.
> > I notice that when redis and app have same ip address on host A and B, then the restore will success. But,
> > when they have different IP on two hosts, the restore progress will certainly broken.
> >
> > The reason I guess is that the state of tcp connection in checkpoint image didn't match the new environment
> > in host B. For example, redis in host A is 17.172.20.1 and app in host A is 17.172.20.2, then for app there
> > is a connection whose remote host is 17.172.20.1. Then come to host B, if redis in host B is 17.172.20.3 and
> > when I try to restore app, criu will confuse where is 17.172.20.1(redis)?
>
> After migration all the sockets get restored with the IP addresses they had on source node,
> so if for some reason packets to former container IP cannot be delivered into container's
> new location, the container would get broken. This is unavoidable limitation of TCP protocol
> itself. There can be workarounds to this (DNAT-like for example), but this is out of CRIU's
> scope and should be done on Docker level.
>
> > Generally, is there always a problem to checkpoint and restore a container, who has a link with other
> > containers, on the another host?
> >
> > And who knows that how to use a specific IP address while start a new container? For the latest release of
> > cr-combined doesn't support docker run --ip. Even --ip is supported, it requires a user defined network,
> > default network is not supported.
> >
> > Hopes for your kindly response & wish all of you a great day!
> >
> > Regards,
> >
> > David Sun
> >
> >
> >
> > _______________________________________________
> > CRIU mailing list
> > CRIU at openvz.org <mailto:CRIU at openvz.org>
> > https://lists.openvz.org/mailman/listinfo/criu
> >
>
>
>
>
More information about the CRIU
mailing list