<div dir="ltr">Hello Andrew,<div><br></div><div>I don't have a precise use case.</div><div>I just wanted to test the CRIU live migration feature.</div><div><br></div><div>I thought it was possible to dump any level of the processes tree.</div>
<div>I mean if i wanted to migrate only the varnish process i thought it was feasable.</div><div><br></div><div>Actually i very new to namespaces i tried different levels of the following tree :</div><div><br></div><div><div>
init(1)-+-collectdmon(<b>12847</b>)---collectd(12849)-+-{collectd}(12854)</div><div> | |-{collectd}(12855)</div><div> | |-{collectd}(12856)</div>
<div> | |-{collectd}(12857)</div><div> | |-{collectd}(12858)</div><div> | `-{collectd}(12860)</div>
<div> |-docker(<b>5802</b>)-+-lxc-start(<b>15502</b>)---sh(<b>15510</b>)-+-bash(15536)---sshd(16187)</div><div> | | |-cc-node(15674)---{cc-node}(15677)</div><div> | | |-collectdmon(15722)---collectd(15723)-+-{collectd}(15725)</div>
<div> | | | |-{collectd}(15726)</div><div> | | | |-{collectd}(15727)</div>
<div> | | | |-{collectd}(15728)</div><div> | | | |-{collectd}(15729)</div>
<div> | | | `-{collectd}(15730)</div><div> | | |-rsyslogd(15546)-+-{rsyslogd}(15547)</div>
<div> | | | |-{rsyslogd}(15548)</div><div> | | | `-{rsyslogd}(15549)</div><div> | | |-ruby(15744)---{ruby}(17173)</div>
<div> | | `-varnishd(15694)---varnishd(15695)-+-{</div></div><div><br></div><div><br></div><div>i got different errors :<br><br></div><div><div>criu dump --tree<b> 15510</b> --images-dir /data --leave-stopped</div>
<div>(00.105553) Error (cr-dump.c:1472): A session leader of 15510(1) is outside of its pid namespace</div><div>(00.106356) Error (cr-dump.c:1811): Dumping FAILED.</div><div><br></div><div>criu dump --tree <b>15502</b> --images-dir /data --leave-stopped</div>
<div>(00.009229) Error (namespaces.c:155): Can't dump nested pid namespace for 15510</div><div>(00.009272) Error (namespaces.c:321): Can't make pidns id</div><div>(00.009546) Error (cr-dump.c:1811): Dumping FAILED.</div>
<div><br></div><div>criu dump --tree <b>5802</b> --images-dir /data --leave-stopped</div><div>(00.012216) Error (namespaces.c:155): Can't dump nested pid namespace for 15510</div><div>(00.012253) Error (namespaces.c:321): Can't make pidns id</div>
<div>(00.012553) Error (cr-dump.c:1811): Dumping FAILED.</div><div><br></div><div>criu dump --tree <b>12847</b> --images-dir /data --leave-stopped</div><div>(00.027698) Error (sk-inet.c:139): Connected TCP socket, consider using tcp-established option.</div>
<div>(00.027742) Error (cr-dump.c:1491): Dump files (pid: 12849) failed with -1</div><div>(00.028319) Error (cr-dump.c:1811): Dumping FAILED.</div></div><div><br></div><div>Maybe you could guide me, what kind of tests could i do please ?</div>
<div><br></div><div>Regards,</div><div>Smana</div></div><div class="gmail_extra"><br><br><div class="gmail_quote">2014/1/22 Andrew Vagin <span dir="ltr"><<a href="mailto:avagin@parallels.com" target="_blank">avagin@parallels.com</a>></span><br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi Smain,<br>
<div class="im"><br>
On Wed, Jan 22, 2014 at 10:06:12AM +0100, Smain Kahlouch wrote:<br>
> Hello all and thank you for your answer.<br>
><br>
> my "unshare" version doesn't support the same options as you<br>
<br>
</div>You can update util-linux from<br>
<a href="https://git.kernel.org/cgit/utils/util-linux/util-linux.git/" target="_blank">https://git.kernel.org/cgit/utils/util-linux/util-linux.git/</a><br>
<br>
BTW: Is your container is executed in a separate user namespace?<br>
<div class="im"><br>
><br>
> unshare --help<br>
><br>
> Usage:<br>
> unshare [options] <program> [args...]<br>
><br>
> Options:<br>
> -h, --help usage information (this)<br>
> -m, --mount unshare mounts namespace<br>
> -u, --uts unshare UTS namespace (hostname etc)<br>
> -i, --ipc unshare System V IPC namespace<br>
> -n, --net unshare network namespace<br>
><br>
> Anyway i'll wait for a next criu version which will hopefully support<br>
> namespaces :)<br>
<br>
</div>I thought a while and understood that I need more information about<br>
your use-case.<br>
<br>
CRIU supports pidns, but only if it's dumped with all tasks.<br>
<br>
e.g: "criu dump --tree 4601" will dump pidns and all processes of your<br>
LXC container.<br>
<br>
You try to dump a sub-tree of processes from CT, and you do this from the<br>
host system. In this case CT's pidns is an external resource.<br>
<br>
<a href="http://criu.org/What_cannot_be_checkpointed#External_resources" target="_blank">http://criu.org/What_cannot_be_checkpointed#External_resources</a><br>
<br>
Each external resource must be handled separately. And before adding<br>
support of one more type of external resources in CRIU, we want to be<br>
sure, that we have a real use-case for it.<br>
<br>
So could you describe your use-case in details?<br>
<br>
Thanks.<br>
<div class="HOEnZb"><div class="h5"><br>
><br>
> Regards,<br>
><br>
><br>
> 2014/1/22 Andrew Vagin <<a href="mailto:avagin@parallels.com">avagin@parallels.com</a>><br>
><br>
> On Tue, Jan 21, 2014 at 02:40:16PM +0100, Smain Kahlouch wrote:<br>
> > Hello guys,<br>
> ><br>
> > I don't know if it's the right place to post this issue but I didn't find<br>
> > another way to contact you.<br>
> ><br>
> > I'm currently testing lxc features ("docker" to be precise) and I'm<br>
> facing the<br>
> > following message when I try to use criu :<br>
> ><br>
> ><br>
> > 1 - check if CRIU is working with my kernel :<br>
> ><br>
> > criu check --ms<br>
> > (00.012246) Warn (tun.c:55): Skipping tun support check<br>
> > Looks good.<br>
> ><br>
> > 2 - Identify what i want to dump, for example varnish:<br>
> ><br>
> > init,1<br>
> > ├─acpid,3886<br>
> > ├─atd,3648<br>
> > ├─auditd,3591<br>
> > │ ├─audispd,3593<br>
> > │ │ └─{audispd},3598<br>
> > │ └─{auditd},3592<br>
> > ├─cron,3781<br>
> > ├─dbus-daemon,3883 --system<br>
> > ├─docker,3732 -d -p /var/run/docker.pid -r=false -s devicemapper<br>
> > │ ├─lxc-start,4592 -n<br>
> > 9f81f7bc33c83fc1369b9355c959b6f0d8c87c6758bb75af3ae726ba2bad053a -f...<br>
> > │ │ └─sh,4601 -c /bin/bash -c '/usr/local/sbin/runservices.sh; /usr<br>
> /sbin/<br>
> > sshd -D'<br>
> > │ │ ├─bash,4685 -c /usr/local/sbin/runservices.sh; /usr/sbin/<br>
> sshd -D<br>
> > │ │ │ └─sshd,5022 -D<br>
> > │ │ ├─cc-node,4774 /usr/bin/cc-node -d -p /var/run/cc-node.pid<br>
> > │ │ │ └─{cc-node},4776<br>
> > │ │ ├─collectdmon,4820 -P /var/run/collectdmon.pid -- -C /etc/<br>
> > collectd/collectd.conf<br>
> > │ │ │ └─collectd,4822 -C /etc/collectd/collectd.conf -f<br>
> > │ │ │ ├─{collectd},4823<br>
> > │ │ │ ├─{collectd},4824<br>
> > │ │ │ ├─{collectd},4825<br>
> > │ │ │ ├─{collectd},4826<br>
> > │ │ │ ├─{collectd},4827<br>
> > │ │ │ └─{collectd},4828<br>
> > │ │ ├─rsyslogd,4729 -c5<br>
> > │ │ │ ├─{rsyslogd},4737<br>
> > │ │ │ ├─{rsyslogd},4738<br>
> > │ │ │ └─{rsyslogd},4739<br>
> > │ │ ├─ruby,4837 /usr/bin/collectd-interface-daemon -p 5000 -l /<br>
> var/<br>
> > log -P /var/run -I ...<br>
> > │ │ │ └─{ruby},7084<br>
> > │ │ └─varnishd,4792 -P /var/run/varnishd.pid -a :8000 -T :6082<br>
> -f /<br>
> > etc/varnish/default.vcl -p ...<br>
> > │ │ └─varnishd,4794 -P /var/run/varnishd.pid -a :8000 -T<br>
> :6082 -f<br>
> > /etc/varnish/default.vcl -p ...<br>
> > │ │ ├─{varnishd},4795<br>
> > │ │ ├─{varnishd},4796<br>
> > │ │ ├─{varnishd},4797<br>
> > │ │ ├─{varnishd},4798<br>
> > │ │ ├─{varnishd},4800<br>
> > │ │ ├─{varnishd},4801<br>
> > │ │ ├─{varnishd},4802<br>
> > │ │ ├─{varnishd},4803<br>
> > │ │ ├─{varnishd},4804<br>
> > │ │ ├─{varnishd},4805<br>
> > │ │ ├─{varnishd},4806<br>
> > │ │ ├─{varnishd},4807<br>
> > │ │ ├─{varnishd},4808<br>
> > │ │ ├─{varnishd},4809<br>
> > │ │ ├─{varnishd},4810<br>
> > │ │ ├─{varnishd},4811<br>
> > │ │ ├─{varnishd},4812<br>
> > │ │ └─{varnishd},4813<br>
> ><br>
> > 3 - try to dump<br>
> ><br>
> > criu dump --tree 4792 --images-dir /data/ --leave-stopped<br>
> > pie: Error (pie/parasite.c:243): mount failed (-1)<br>
> > pie: Error (pie/parasite.c:474): Close the control socket for writing<br>
> > ><br>
> > (00.095409) Error (parasite-syscall.c:787): Can't retrieve FD from socket<br>
> > (00.095454) Error (parasite-syscall.c:297): Message reply from daemon is<br>
> > trimmed (12/0)<br>
> > (00.095468) Error (cr-dump.c:1441): Can't get proc fd (pid: 4792)<br>
> > (00.096172) Error (cr-dump.c:1811): Dumping FAILED.<br>
> ><br>
> ><br>
> > I built a custom kernel from 3.12.6 debian sources.<br>
> ><br>
> > I followed the instructions in your website<br>
> ><br>
> > Could you please help me to fix that.<br>
><br>
> You are trying to dump a task from another pidns. Unfortunately it's<br>
> unsupported by now. I'm going to fix that. I think it will not require too<br>
> much time. Thank you for the report.<br>
><br>
> Currently you can workaround this issue, if you enter in this pidns and<br>
> mount procfs in /proc.<br>
><br>
> unshare -m nsenter -p -t PID criu.sh<br>
><br>
> # cat criu.sh<br>
> set -e<br>
> mount -make-rprivate /<br>
> mount -t proc proc /proc<br>
> criu dump --tree PID --images-dir /data/ --leave-stopped<br>
><br>
> ><br>
> > Thanks,<br>
> > Smana<br>
><br>
> > _______________________________________________<br>
> > CRIU mailing list<br>
> > <a href="mailto:CRIU@openvz.org">CRIU@openvz.org</a><br>
> > <a href="https://lists.openvz.org/mailman/listinfo/criu" target="_blank">https://lists.openvz.org/mailman/listinfo/criu</a><br>
><br>
><br>
><br>
</div></div></blockquote></div><br></div>