[CRIU] Adding checkpoint/restore support to podman question

Wed Jul 18 16:25:09 MSK 2018

Hello Andrei,

after your latest rebase this patch does not apply at all. Any chance to
get the functionality to restore into an existing network namespace
back?

		Adrian

On Mon, Jul 02, 2018 at 08:45:44PM +0200, Adrian Reber wrote:
> Finally I had time to look at this again. Your patch works great. From
> my point of view it would be good to get merged. I have a small add-on
> patch for inherit_fd via RPC and the test script does only works if I
> create an additional _run.sh script, which seems to be missing.
> 
> I have runc patches on top of your CRIU patches which would can now
> restore a container into an existing network namespace which is defined
> like this:
> 
> 	"namespaces": [
> 		{
> 			"type": "network",
> 			"path": "/run/netns/test"
> 		}
> 	]
> 
> Will you merge it?
> 
> 		Adrian
> 
> 
> On Fri, May 04, 2018 at 02:01:08PM -0700, Andrei Vagin wrote:
> > On Thu, May 03, 2018 at 07:48:55PM +0200, Adrian Reber wrote:
> > > If you could implement the CRIU part that would be great. I have not
> > > started yet but I would then do the necessary changes in runc (and
> > > higher).
> > 
> > Here is a criu part:
> > https://github.com/avagin/criu/tree/netns_ext
> > 
> > Let me know if you will have any questions or comments.
> > 
> > Thanks,
> > Andrei
> > 
> > > 
> > > 		Adrian
> > > 
> > > On Thu, May 03, 2018 at 10:39:45AM -0700, Andrei Vagin wrote:
> > > > Hi Adrian,
> > > > 
> > > > Sorry for the late response. I think we already discussed this scheme
> > > > and decided that we need to add support for "external" net namespaces.
> > > > 
> > > > If you want, I can implement a criu part. Let me know if you will have
> > > > any other questions.
> > > > 
> > > > Thanks,
> > > > Andrei
> > > > 
> > > > On Fri, Apr 06, 2018 at 05:50:49PM +0200, Adrian Reber wrote:
> > > > > Currently I am trying to add checkpoint/restore support to podman:
> > > > > 
> > > > > https://github.com/projectatomic/libpod/pull/469
> > > > > 
> > > > > The good thing is, the basic functionality works. Right now I am trying
> > > > > to setup the network in podman to place the restored processes in a
> > > > > container with the same IP and I am confused by the network namespace.
> > > > > 
> > > > > I see CRIU has '--empty-ns' and '--join-ns' but I am not sure what is
> > > > > needed and correct.
> > > > > 
> > > > > My plan was to let podman set up a new network namespace with the same
> > > > > IP. That works. After restore I can ping the IP of the restored
> > > > > container, but the restored processes are now in a different namespace
> > > > > according to proc. So now I have the network namespace podman created
> > > > > with a working IP address and I have the network namespace which
> > > > > probably CRIU created during restore.
> > > > > 
> > > > > So right now I am confused at which levels the network namespace has to
> > > > > be handled. At podman or at runc, which is called by podman? Or at
> > > > > CRIU's level? Or do I tell CRIU to ignore the network namespace during
> > > > > checkpoint or restore?
> > > > > 
> > > > > If anybody has an idea what the right steps are to restore the network
> > > > > setup correctly that would be great! Thanks.
> > > > > 
> > > > > 		Adrian
> _______________________________________________
> CRIU mailing list
> CRIU at openvz.org
> https://lists.openvz.org/mailman/listinfo/criu

		Adrian

-- 
Adrian Reber <adrian at lisas.de>            http://lisas.de/~adrian/
	A manager went to the master programmer and showed him the requirements
document for a new application.  The manager asked the master: "How long will
it take to design this system if I assign five programmers to it?"
	"It will take one year," said the master promptly.
	"But we need this system immediately or even sooner!  How long will it
take it I assign ten programmers to it?"
	The master programmer frowned.  "In that case, it will take two years."
	"And what if I assign a hundred programmers to it?"
	The master programmer shrugged.  "Then the design will never be
completed," he said.
		-- Geoffrey James, "The Tao of Programming"