[CRIU] Adding checkpoint/restore support to podman question

Adrian Reber adrian at lisas.de
Mon Jul 2 21:45:44 MSK 2018 

Finally I had time to look at this again. Your patch works great. From
my point of view it would be good to get merged. I have a small add-on
patch for inherit_fd via RPC and the test script does only works if I
create an additional _run.sh script, which seems to be missing.

I have runc patches on top of your CRIU patches which would can now
restore a container into an existing network namespace which is defined
like this:

	"namespaces": [
		{
			"type": "network",
			"path": "/run/netns/test"
		}
	]

Will you merge it?

		Adrian


On Fri, May 04, 2018 at 02:01:08PM -0700, Andrei Vagin wrote:
> On Thu, May 03, 2018 at 07:48:55PM +0200, Adrian Reber wrote:
> > If you could implement the CRIU part that would be great. I have not
> > started yet but I would then do the necessary changes in runc (and
> > higher).
> 
> Here is a criu part:
> https://github.com/avagin/criu/tree/netns_ext
> 
> Let me know if you will have any questions or comments.
> 
> Thanks,
> Andrei
> 
> > 
> > 		Adrian
> > 
> > On Thu, May 03, 2018 at 10:39:45AM -0700, Andrei Vagin wrote:
> > > Hi Adrian,
> > > 
> > > Sorry for the late response. I think we already discussed this scheme
> > > and decided that we need to add support for "external" net namespaces.
> > > 
> > > If you want, I can implement a criu part. Let me know if you will have
> > > any other questions.
> > > 
> > > Thanks,
> > > Andrei
> > > 
> > > On Fri, Apr 06, 2018 at 05:50:49PM +0200, Adrian Reber wrote:
> > > > Currently I am trying to add checkpoint/restore support to podman:
> > > > 
> > > > https://github.com/projectatomic/libpod/pull/469
> > > > 
> > > > The good thing is, the basic functionality works. Right now I am trying
> > > > to setup the network in podman to place the restored processes in a
> > > > container with the same IP and I am confused by the network namespace.
> > > > 
> > > > I see CRIU has '--empty-ns' and '--join-ns' but I am not sure what is
> > > > needed and correct.
> > > > 
> > > > My plan was to let podman set up a new network namespace with the same
> > > > IP. That works. After restore I can ping the IP of the restored
> > > > container, but the restored processes are now in a different namespace
> > > > according to proc. So now I have the network namespace podman created
> > > > with a working IP address and I have the network namespace which
> > > > probably CRIU created during restore.
> > > > 
> > > > So right now I am confused at which levels the network namespace has to
> > > > be handled. At podman or at runc, which is called by podman? Or at
> > > > CRIU's level? Or do I tell CRIU to ignore the network namespace during
> > > > checkpoint or restore?
> > > > 
> > > > If anybody has an idea what the right steps are to restore the network
> > > > setup correctly that would be great! Thanks.
> > > > 
> > > > 		Adrian

More information about the CRIU mailing list