[CRIU] Do anyone knows how to migrate a container with web app
Marcos Lilljedahl
marcosnils at gmail.com
Wed May 4 08:29:58 PDT 2016
On Wed, May 4, 2016 at 12:20 PM, Pavel Emelyanov <xemul at virtuozzo.com>
wrote:
> On 05/03/2016 08:00 PM, Weicheng SUN wrote:
> > Thanks a lot! I try that way, it actually can complete the restore
> progress!
> > However, without doing bind(), the container's exposed port doesn't work.
> > I will keep on finding a way to solve it, do you have some idea?
>
> You can try to modify ciru images with crit and substitute old address with
> new one.
>
> https://criu.org/CRIT
Nice trick :)
>
>
> > Regards,
> >
> > David Sun 孙炜程
> > School of Software Engineering, Shanghai Jiaotong University
> >
> > Mobile: 15921638078
> >
> > E-mail: SunWeicheng0001 at gmail.com <mailto:SunWeicheng0001 at gmail.com>
> >
> >
> > 2016-05-04 0:25 GMT+08:00 Ross Boucher <rboucher at gmail.com <mailto:
> rboucher at gmail.com>>:
> >
> > I have not provided the modified CRIU in that release. This is a
> very hacky way to simply drop sockets you can try:
> https://github.com/boucher/criu/commit/0539fbc68228903ad4a2cae2b3737c6e888ab93d
> >
> >
> > On Tue, May 3, 2016 at 12:19 PM Weicheng SUN <
> sunweicheng0001 at gmail.com <mailto:sunweicheng0001 at gmail.com>> wrote:
> >
> > Thankfully, You understand what I mean. I know that I should
> request a same IP address and the CRIU I use is the release you give in
> cr-combined(I guess this is the modified CRIU you mentioned).
> > The problem is I do not know how to request a container with
> specific IP address via docker command or RESTful API. I know there is
> docker run --ip for later than docker v1.10, but the latest release of
> cr-combined doesn't support this flag.
> > I tried to modified the source code of docker v1.10, but it
> always hangs on without any response while running, :(.
> > Do you know how to request such a container with the release
> version you give?
> >
> > Regards,
> >
> > David Sun 孙炜程
> > School of Software Engineering, Shanghai Jiaotong University
> >
> > Mobile: 15921638078
> >
> > E-mail: SunWeicheng0001 at gmail.com <mailto:
> SunWeicheng0001 at gmail.com>
> >
> >
> > 2016-05-04 0:09 GMT+08:00 Ross Boucher <rboucher at gmail.com
> <mailto:rboucher at gmail.com>>:
> >
> > What we've done is modified the CRIU source to simply drop
> these unrestorable connections, rather than error out. Perhaps that could
> be turned into an option.
> >
> > On Tue, May 3, 2016 at 12:08 PM Ross Boucher <
> rboucher at gmail.com <mailto:rboucher at gmail.com>> wrote:
> >
> > You should be able to request the same IP when creating
> the new docker container. Similarly, you could do the same for any linked
> containers.
> >
> > On Tue, May 3, 2016 at 12:07 PM Weicheng SUN <
> sunweicheng0001 at gmail.com <mailto:sunweicheng0001 at gmail.com>> wrote:
> >
> > I know what you mean. But I just want to migrate
> some containers to another host, all of those application can deal tcp
> reconnection.
> > You say if there are some packets cannot deliver
> into new container's location, the restore will broken.
> > So, If there is*a method to skip this progress, just
> to bind the old ip address to the container on the new host.*
> > Everytime I checkpoint a container with tcp
> connection, scp to another host, then restore, the restore log always say
> that
> >
> > (00.294516) 1: Found id pipe:[6392267] (fd 1)
> in inherit fd list
> > (00.294520) 1: File pipe:[6392267] will be
> restored from fd 3 dumped from inherit fd 1
> > (00.294535) 1: Found fd 1 (id pipe:[6392267])
> in inherit fd list (caller inherit_fd_resolve_clash)
> > (00.294538) 1: Inherit fd 1 moved to 3 to
> resolve clash
> > (00.294541) 1: Create fd for 1
> > (00.294544) 1: Restoring fd 2 (state ->
> create)
> > (00.294545) 1: Creating pipe
> pipe_id=0x6189cc id=0x3
> > (00.294547) 1: Found id pipe:[6392268] (fd 2)
> in inherit fd list
> > (00.294548) 1: File pipe:[6392268] will be
> restored from fd 4 dumped from inherit fd 2
> > (00.294554) 1: Found fd 2 (id pipe:[6392268])
> in inherit fd list (caller inherit_fd_resolve_clash)
> > (00.294555) 1: Inherit fd 2 moved to 4 to
> resolve clash
> > (00.294558) 1: Create fd for 2
> > (00.294560) 1: Restoring fd 4 (state ->
> create)
> > (00.294569) 1: Restore: family 10 type 1
> proto 6 port 6379 state 10 src_addr ::
> > (00.294592) 1: 5 restore sndbuf 16384 rcv buf
> 87380
> > (00.294595) 1: restore priority 0 for socket
> > (00.294596) 1: restore rcvlowat 1 for socket
> > (00.294598) 1: restore mark 0 for socket
> > (00.294611) 1: Found fd 4 (id pipe:[6392268])
> in inherit fd list (caller inherit_fd_resolve_clash)
> > (00.294616) 1: Inherit fd 4 moved to 6 to
> resolve clash
> > (00.294619) 1: Create fd for 4
> > (00.294622) 1: Restoring fd 5 (state ->
> create)
> > (00.294625) 1: Restore: family 2 type 1
> proto 6 port 6379 state 10 src_addr 0.0.0.0
> > (00.294633) 1: 5 restore sndbuf 16384 rcv buf
> 87380
> > (00.294635) 1: restore priority 0 for socket
> > (00.294636) 1: restore rcvlowat 1 for socket
> > (00.294638) 1: restore mark 0 for socket
> > (00.294640) 1: Create fd for 5
> > (00.294642) 1: Restoring fd 6 (state ->
> create)
> > (00.294644) 1: Restore: family 2 type 1
> proto 6 port 6379 state 1 src_addr 172.17.128.2
> > (00.294646) 1: Restoring TCP connection
> > (00.294649) 1: Restoring TCP connection id 7
> ino 619526
> > (00.294657) 1: Setting 1 queue seq to
> 2786935679 <tel:2786935679>
> > (00.294659) 1: Setting 2 queue seq to
> 919486667
> > (00.294679) 1: Error (sk-inet.c:721): Can't
> bind inet socket (id 7): Cannot assign requested address
> >
> > You see, 172.17.128.2 is the old ip, criu tried to
> bind this ip to new container, but failed.
> >
> > Regards,
> >
> > David Sun 孙炜程
> > School of Software Engineering, Shanghai Jiaotong
> University
> >
> > Mobile: 15921638078
> >
> > E-mail: SunWeicheng0001 at gmail.com <mailto:
> SunWeicheng0001 at gmail.com>
> >
> >
> > 2016-04-28 18:33 GMT+08:00 Pavel Emelyanov <
> xemul at virtuozzo.com <mailto:xemul at virtuozzo.com>>:
> >
> > On 04/28/2016 08:01 AM, Weicheng SUN wrote:
> > > Hi Everyone,
> > >
> > > The latest release of cr-combined said that it
> supports network. Then I do some experiments. I use
> > > 1. docker run -d -v demo:/data --name=redis
> redis:latest
> > > 2. docker run -d -e USE_REDIS_HOST=redis
> --link redis:redis -p 80:80 --name=app binocarlos/moby-counter:latest
> > > which is a demo of simple website and redis is
> its storage. I first run them on host A
> > >
> > > I try to checkpoint them and copy to another
> host(host B). I create two containers with same configuration
> > > of them and applied the change of file system
> to the new created container. Then I tried to restore them,
> > > which sometimes came out a wrong result.
> > > I notice that when redis and app have same ip
> address on host A and B, then the restore will success. But,
> > > when they have different IP on two hosts, the
> restore progress will certainly broken.
> > >
> > > The reason I guess is that the state of tcp
> connection in checkpoint image didn't match the new environment
> > > in host B. For example, redis in host A is
> 17.172.20.1 and app in host A is 17.172.20.2, then for app there
> > > is a connection whose remote host is
> 17.172.20.1. Then come to host B, if redis in host B is 17.172.20.3 and
> > > when I try to restore app, criu will confuse
> where is 17.172.20.1(redis)?
> >
> > After migration all the sockets get restored
> with the IP addresses they had on source node,
> > so if for some reason packets to former
> container IP cannot be delivered into container's
> > new location, the container would get broken.
> This is unavoidable limitation of TCP protocol
> > itself. There can be workarounds to this
> (DNAT-like for example), but this is out of CRIU's
> > scope and should be done on Docker level.
> >
> > > Generally, is there always a problem to
> checkpoint and restore a container, who has a link with other
> > > containers, on the another host?
> > >
> > > And who knows that how to use a specific IP
> address while start a new container? For the latest release of
> > > cr-combined doesn't support docker run --ip.
> Even --ip is supported, it requires a user defined network,
> > > default network is not supported.
> > >
> > > Hopes for your kindly response & wish all of
> you a great day!
> > >
> > > Regards,
> > >
> > > David Sun
> > >
> > >
> > >
> > > _______________________________________________
> > > CRIU mailing list
> > > CRIU at openvz.org <mailto:CRIU at openvz.org>
> > > https://lists.openvz.org/mailman/listinfo/criu
> > >
> >
> >
> >
> >
>
> _______________________________________________
> CRIU mailing list
> CRIU at openvz.org
> https://lists.openvz.org/mailman/listinfo/criu
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openvz.org/pipermail/criu/attachments/20160504/62d83ffa/attachment-0001.html>
More information about the CRIU
mailing list