SlideShare uma empresa Scribd logo

Docker Container Checkpoint and Restore with CRIU

Saied Kazemi
Saied Kazemi

This talk was presented at the Linux Plumbers Conference in Dusseldorf, Germany (http://www.linuxplumbersconf.org/2014/ocw/sessions/1899).

Software
1 de 16
Baixar para ler offline
An Experiment in Checkpointing and Restoring Docker Containers with CRIU Linux Plumbers Conference October 17, 2014 Saied Kazemi (saied@)
Motivation ● Container migration through native Checkpoint and Restore (C/R) Docker Meetup 9/17/14 support in Docker using CRIU host A docker checkpoint <id> host B docker restore <id>
Docker Meetup 9/17/14 Docker Client, Server, and Containers client server docker run ... docker -d init grandchild Global Namespace Private Namespace container 1 container 2
criu container # criu dump ... # criu restore ...
Docker Meetup 9/17/14 External C/R Issues ● Manual Set Up ○ Filesystem, cgroups ● Container State ○ After checkpoint, Docker thinks the container has finished and exited ○ After restore, Docker doesn’t know container has resumed ● Process Tree Ownership ○ Restored process tree is a child of system-wide init, not the Docker daemon ● Other “Plumbing” Issues ○ docker stop, docker kill, etc.
container Native C/R exec driver nsinit libcontainer criu External C/R # criu dump ... # criu restore ... docker # docker checkpoint ... # docker restore ...
Docker Meetup 9/17/14 CRIU and Docker Containers ● There were a number of issues C/R’ing Docker containers ○ See backup slides for details ● Excellent support from upstream CRIU developers and community ● With CRIU 1.3, now possible to C/R ○ Works with AUFS (default) as well as VFS and UnionFS ○ Device Mapper not tested ● No container migration yet
Docker Meetup 9/17/14 Checkpoint and Restore Demo ● Using docker_cr.sh helper script (external) ● Using nsinit binary (external) ● Using Docker (native, proof of concept)
Docker Meetup 9/17/14 Backup Slides
Docker Meetup 9/17/14 Docker C/R Options ● There are two options to checkpoint and restore: A) The Docker daemon and (all) its containers and B) An individual container (without the Docker daemon) ● Option A isn’t currently possible with CRIU due to nested namespaces ○ Option B is possible today on the same machine ○ Will look into adding migration support
Docker Meetup 9/17/14 Issues and Solutions ● Issue: nested PID namespaces ○ two ways to start a container: interactive ($ docker run -i ...) or detached ($ docker run -d ...) ○ in both cases the process is a child of the docker daemon (not the docker client) running in global PID namespace ○ CRIU does not support nested PID namespaces ● Solution: C/R is done on process tree without Docker
Docker Meetup 9/17/14 Issues and Solutions ● Issue: external bind mounts ○ /etc/{hosts,hostname} from container’s config dir ○ /etc/resolv.conf from container’s config dir (or /etc/resolv.conf in older versions) ○ /.dockerinit from Docker’s init dir in older versions ○ bind mount paths for files in /etc can be obtained with docker inspect, but not for /.dockerinit ● Solution: external bind mount support with --ext-mount-map
Docker Meetup 9/17/14 Issues and Solutions ● Issue: /dev/null bind mount over /proc/kcore ○ appeared in Docker 0.10.0, caused dump failure ● Solution: patch 494c044 ● Issue: dumpable flag ○ appeared in Docker 0.11.1 (libcontainer dropping all capabilities, keeping those specified in config) ○ value is set to 2 by which cannot be restored ● Solution: patch 8870aa1
Docker Meetup 9/17/14 Issues and Solutions ● Issue: restoring cgroups subdirs and properties ○ after checkpointing, Docker daemon would remove container’s cgroups subdirs (because the container has “exited”) ○ after restoring subdirs, properties were not restored ● Solution: cgroups restoration support with --manage-cgroups
Docker Meetup 9/17/14 Issues and Solutions ● Issue: stdin in detached mode ○ container’s stdin set to the global /dev/null in detached mode $ docker run -d … ● Solution: fixed in Docker ○ use --evasive-devices for older Docker versions
Docker Meetup 9/17/14 Issues and Solutions ● Issue: AUFS ○ /proc/<pid>/map_files symbolic link paths point inside AUFS branches ○ CRIU gets confused seeing the same file in its physical location (in the branch) and its logical location (from the root of mount namespace) ○ fixing the kernel is the right solution but time-consuming to roll out ● Solution: ○ fixed in AUFS (but will take time to be available in all distros) ○ in the meantime, CRIU patch d8b41b6 will compensate for the problem

Recomendados

2015 08-20-criu support-in_docker_for_native_checkpoint_and_restore
2015 08-20-criu support-in_docker_for_native_checkpoint_and_restore2015 08-20-criu support-in_docker_for_native_checkpoint_and_restore
2015 08-20-criu support-in_docker_for_native_checkpoint_and_restoreSaied Kazemi
 
containerd and CRI
containerd and CRIcontainerd and CRI
containerd and CRIDocker, Inc.
 
Containerd Project Update: FOSDEM 2018
Containerd Project Update: FOSDEM 2018Containerd Project Update: FOSDEM 2018
Containerd Project Update: FOSDEM 2018Phil Estes
 
Docker Athens: Docker Engine Evolution & Containerd Use Cases
Docker Athens: Docker Engine Evolution & Containerd Use CasesDocker Athens: Docker Engine Evolution & Containerd Use Cases
Docker Athens: Docker Engine Evolution & Containerd Use CasesPhil Estes
 
An Open Source Story: Open Containers & Open Communities
An Open Source Story: Open Containers & Open CommunitiesAn Open Source Story: Open Containers & Open Communities
An Open Source Story: Open Containers & Open CommunitiesPhil Estes
 
Docker Workshop for beginner
Docker Workshop for beginnerDocker Workshop for beginner
Docker Workshop for beginnerJirayut Nimsaeng
 
Docker and Go: why did we decide to write Docker in Go?
Docker and Go: why did we decide to write Docker in Go?Docker and Go: why did we decide to write Docker in Go?
Docker and Go: why did we decide to write Docker in Go?Jérôme Petazzoni
 
Introduction to docker
Introduction to dockerIntroduction to docker
Introduction to dockerMarcelo Cenerino
 

Recomendados

2015 08-20-criu support-in_docker_for_native_checkpoint_and_restore
2015 08-20-criu support-in_docker_for_native_checkpoint_and_restore2015 08-20-criu support-in_docker_for_native_checkpoint_and_restore
2015 08-20-criu support-in_docker_for_native_checkpoint_and_restoreSaied Kazemi
 
containerd and CRI
containerd and CRIcontainerd and CRI
containerd and CRIDocker, Inc.
 
Containerd Project Update: FOSDEM 2018
Containerd Project Update: FOSDEM 2018Containerd Project Update: FOSDEM 2018
Containerd Project Update: FOSDEM 2018Phil Estes
 
Docker Athens: Docker Engine Evolution & Containerd Use Cases
Docker Athens: Docker Engine Evolution & Containerd Use CasesDocker Athens: Docker Engine Evolution & Containerd Use Cases
Docker Athens: Docker Engine Evolution & Containerd Use CasesPhil Estes
 
An Open Source Story: Open Containers & Open Communities
An Open Source Story: Open Containers & Open CommunitiesAn Open Source Story: Open Containers & Open Communities
An Open Source Story: Open Containers & Open CommunitiesPhil Estes
 
Docker Workshop for beginner
Docker Workshop for beginnerDocker Workshop for beginner
Docker Workshop for beginnerJirayut Nimsaeng
 
Docker and Go: why did we decide to write Docker in Go?
Docker and Go: why did we decide to write Docker in Go?Docker and Go: why did we decide to write Docker in Go?
Docker and Go: why did we decide to write Docker in Go?Jérôme Petazzoni
 
Introduction to docker
Introduction to dockerIntroduction to docker
Introduction to dockerMarcelo Cenerino
 
Mobycraft:Docker in 8-bit (Meetup at Docker HQ 4/7)
Mobycraft:Docker in 8-bit (Meetup at Docker HQ 4/7)Mobycraft:Docker in 8-bit (Meetup at Docker HQ 4/7)
Mobycraft:Docker in 8-bit (Meetup at Docker HQ 4/7)Docker, Inc.
 
Surveillance on slam technology
Surveillance on slam technologySurveillance on slam technology
Surveillance on slam technologyGMO-Z.com Vietnam Lab Center
 
To Russia with Love: Deploying Kubernetes in Exotic Locations On Prem
To Russia with Love: Deploying Kubernetes in Exotic Locations On PremTo Russia with Love: Deploying Kubernetes in Exotic Locations On Prem
To Russia with Love: Deploying Kubernetes in Exotic Locations On PremCloudOps2005
 
Docker e git lab
Docker e git labDocker e git lab
Docker e git labGianluca Padovani
 
Integration kubernetes with docker private registry
Integration kubernetes with docker private registryIntegration kubernetes with docker private registry
Integration kubernetes with docker private registryHungWei Chiu
 
Why Go Lang?
Why Go Lang?Why Go Lang?
Why Go Lang?Sathish VJ
 
All Things Containers - Docker, Kubernetes, Helm, Istio, GitOps and more
All Things Containers - Docker, Kubernetes, Helm, Istio, GitOps and moreAll Things Containers - Docker, Kubernetes, Helm, Istio, GitOps and more
All Things Containers - Docker, Kubernetes, Helm, Istio, GitOps and moreAll Things Open
 
Docker and the Linux Kernel
Docker and the Linux KernelDocker and the Linux Kernel
Docker and the Linux KernelDocker, Inc.
 
Docker at Flux7
Docker at Flux7Docker at Flux7
Docker at Flux7Aater Suleman
 
Kubernetes with docker
Kubernetes with dockerKubernetes with docker
Kubernetes with dockerDocker, Inc.
 
The relationship between Docker, Kubernetes and CRI
The relationship between Docker, Kubernetes and CRIThe relationship between Docker, Kubernetes and CRI
The relationship between Docker, Kubernetes and CRIHungWei Chiu
 
Introduction to CRI and OCI
Introduction to CRI and OCIIntroduction to CRI and OCI
Introduction to CRI and OCIHungWei Chiu
 
Immutable kubernetes architecture by linuxkit
Immutable kubernetes architecture by linuxkitImmutable kubernetes architecture by linuxkit
Immutable kubernetes architecture by linuxkit어형 이
 
Bucketbench: Benchmarking Container Runtime Performance
Bucketbench: Benchmarking Container Runtime PerformanceBucketbench: Benchmarking Container Runtime Performance
Bucketbench: Benchmarking Container Runtime PerformancePhil Estes
 
Container Runtimes: Comparing and Contrasting Today's Engines
Container Runtimes: Comparing and Contrasting Today's EnginesContainer Runtimes: Comparing and Contrasting Today's Engines
Container Runtimes: Comparing and Contrasting Today's EnginesPhil Estes
 
Making kubernetes simple for developers
Making kubernetes simple for developersMaking kubernetes simple for developers
Making kubernetes simple for developersSuraj Deshmukh
 
How to debug the pod which is hard to debug (디버그 하기 어려운 POD 디버그 하기)
How to debug the pod which is hard to debug (디버그 하기 어려운 POD 디버그 하기)How to debug the pod which is hard to debug (디버그 하기 어려운 POD 디버그 하기)
How to debug the pod which is hard to debug (디버그 하기 어려운 POD 디버그 하기)어형 이
 
Container Orchestration from Theory to Practice
Container Orchestration from Theory to PracticeContainer Orchestration from Theory to Practice
Container Orchestration from Theory to PracticeDocker, Inc.
 
Docker - a lot changed in a year
Docker - a lot changed in a yearDocker - a lot changed in a year
Docker - a lot changed in a yearChris Swan
 
Driving containerd operations with gRPC
Driving containerd operations with gRPCDriving containerd operations with gRPC
Driving containerd operations with gRPCDocker, Inc.
 
Introducing & playing with Docker | Manel Martinez | 1st Docker Crete Meetup
Introducing & playing with Docker | Manel Martinez | 1st Docker Crete MeetupIntroducing & playing with Docker | Manel Martinez | 1st Docker Crete Meetup
Introducing & playing with Docker | Manel Martinez | 1st Docker Crete MeetupAlexandra Karapidaki
 
Build and run applications in a dockerless kubernetes world
Build and run applications in a dockerless kubernetes worldBuild and run applications in a dockerless kubernetes world
Build and run applications in a dockerless kubernetes worldJorge Morales
 

Mais conteúdo relacionado

Mais procurados

Mobycraft:Docker in 8-bit (Meetup at Docker HQ 4/7)
Mobycraft:Docker in 8-bit (Meetup at Docker HQ 4/7)Mobycraft:Docker in 8-bit (Meetup at Docker HQ 4/7)
Mobycraft:Docker in 8-bit (Meetup at Docker HQ 4/7)Docker, Inc.
 
To Russia with Love: Deploying Kubernetes in Exotic Locations On Prem
To Russia with Love: Deploying Kubernetes in Exotic Locations On PremTo Russia with Love: Deploying Kubernetes in Exotic Locations On Prem
To Russia with Love: Deploying Kubernetes in Exotic Locations On PremCloudOps2005
 
Integration kubernetes with docker private registry
Integration kubernetes with docker private registryIntegration kubernetes with docker private registry
Integration kubernetes with docker private registryHungWei Chiu
 
All Things Containers - Docker, Kubernetes, Helm, Istio, GitOps and more
All Things Containers - Docker, Kubernetes, Helm, Istio, GitOps and moreAll Things Containers - Docker, Kubernetes, Helm, Istio, GitOps and more
All Things Containers - Docker, Kubernetes, Helm, Istio, GitOps and moreAll Things Open
 
Docker and the Linux Kernel
Docker and the Linux KernelDocker and the Linux Kernel
Docker and the Linux KernelDocker, Inc.
 
Kubernetes with docker
Kubernetes with dockerKubernetes with docker
Kubernetes with dockerDocker, Inc.
 
The relationship between Docker, Kubernetes and CRI
The relationship between Docker, Kubernetes and CRIThe relationship between Docker, Kubernetes and CRI
The relationship between Docker, Kubernetes and CRIHungWei Chiu
 
Introduction to CRI and OCI
Introduction to CRI and OCIIntroduction to CRI and OCI
Introduction to CRI and OCIHungWei Chiu
 
Immutable kubernetes architecture by linuxkit
Immutable kubernetes architecture by linuxkitImmutable kubernetes architecture by linuxkit
Immutable kubernetes architecture by linuxkit어형 이
 
Bucketbench: Benchmarking Container Runtime Performance
Bucketbench: Benchmarking Container Runtime PerformanceBucketbench: Benchmarking Container Runtime Performance
Bucketbench: Benchmarking Container Runtime PerformancePhil Estes
 
Container Runtimes: Comparing and Contrasting Today's Engines
Container Runtimes: Comparing and Contrasting Today's EnginesContainer Runtimes: Comparing and Contrasting Today's Engines
Container Runtimes: Comparing and Contrasting Today's EnginesPhil Estes
 
Making kubernetes simple for developers
Making kubernetes simple for developersMaking kubernetes simple for developers
Making kubernetes simple for developersSuraj Deshmukh
 
How to debug the pod which is hard to debug (디버그 하기 어려운 POD 디버그 하기)
How to debug the pod which is hard to debug (디버그 하기 어려운 POD 디버그 하기)How to debug the pod which is hard to debug (디버그 하기 어려운 POD 디버그 하기)
How to debug the pod which is hard to debug (디버그 하기 어려운 POD 디버그 하기)어형 이
 
Container Orchestration from Theory to Practice
Container Orchestration from Theory to PracticeContainer Orchestration from Theory to Practice
Container Orchestration from Theory to PracticeDocker, Inc.
 
Docker - a lot changed in a year
Docker - a lot changed in a yearDocker - a lot changed in a year
Docker - a lot changed in a yearChris Swan
 
Driving containerd operations with gRPC
Driving containerd operations with gRPCDriving containerd operations with gRPC
Driving containerd operations with gRPCDocker, Inc.
 

Mais procurados (20)

Mobycraft:Docker in 8-bit (Meetup at Docker HQ 4/7)
Mobycraft:Docker in 8-bit (Meetup at Docker HQ 4/7)Mobycraft:Docker in 8-bit (Meetup at Docker HQ 4/7)
Mobycraft:Docker in 8-bit (Meetup at Docker HQ 4/7)
 
Surveillance on slam technology
Surveillance on slam technologySurveillance on slam technology
Surveillance on slam technology
 
To Russia with Love: Deploying Kubernetes in Exotic Locations On Prem
To Russia with Love: Deploying Kubernetes in Exotic Locations On PremTo Russia with Love: Deploying Kubernetes in Exotic Locations On Prem
To Russia with Love: Deploying Kubernetes in Exotic Locations On Prem
 
Docker e git lab
Docker e git labDocker e git lab
Docker e git lab
 
Integration kubernetes with docker private registry
Integration kubernetes with docker private registryIntegration kubernetes with docker private registry
Integration kubernetes with docker private registry
 
Why Go Lang?
Why Go Lang?Why Go Lang?
Why Go Lang?
 
All Things Containers - Docker, Kubernetes, Helm, Istio, GitOps and more
All Things Containers - Docker, Kubernetes, Helm, Istio, GitOps and moreAll Things Containers - Docker, Kubernetes, Helm, Istio, GitOps and more
All Things Containers - Docker, Kubernetes, Helm, Istio, GitOps and more
 
Docker and the Linux Kernel
Docker and the Linux KernelDocker and the Linux Kernel
Docker and the Linux Kernel
 
Docker at Flux7
Docker at Flux7Docker at Flux7
Docker at Flux7
 
Kubernetes with docker
Kubernetes with dockerKubernetes with docker
Kubernetes with docker
 
The relationship between Docker, Kubernetes and CRI
The relationship between Docker, Kubernetes and CRIThe relationship between Docker, Kubernetes and CRI
The relationship between Docker, Kubernetes and CRI
 
Introduction to CRI and OCI
Introduction to CRI and OCIIntroduction to CRI and OCI
Introduction to CRI and OCI
 
Immutable kubernetes architecture by linuxkit
Immutable kubernetes architecture by linuxkitImmutable kubernetes architecture by linuxkit
Immutable kubernetes architecture by linuxkit
 
Bucketbench: Benchmarking Container Runtime Performance
Bucketbench: Benchmarking Container Runtime PerformanceBucketbench: Benchmarking Container Runtime Performance
Bucketbench: Benchmarking Container Runtime Performance
 
Container Runtimes: Comparing and Contrasting Today's Engines
Container Runtimes: Comparing and Contrasting Today's EnginesContainer Runtimes: Comparing and Contrasting Today's Engines
Container Runtimes: Comparing and Contrasting Today's Engines
 
Making kubernetes simple for developers
Making kubernetes simple for developersMaking kubernetes simple for developers
Making kubernetes simple for developers
 
How to debug the pod which is hard to debug (디버그 하기 어려운 POD 디버그 하기)
How to debug the pod which is hard to debug (디버그 하기 어려운 POD 디버그 하기)How to debug the pod which is hard to debug (디버그 하기 어려운 POD 디버그 하기)
How to debug the pod which is hard to debug (디버그 하기 어려운 POD 디버그 하기)
 
Container Orchestration from Theory to Practice
Container Orchestration from Theory to PracticeContainer Orchestration from Theory to Practice
Container Orchestration from Theory to Practice
 
Docker - a lot changed in a year
Docker - a lot changed in a yearDocker - a lot changed in a year
Docker - a lot changed in a year
 
Driving containerd operations with gRPC
Driving containerd operations with gRPCDriving containerd operations with gRPC
Driving containerd operations with gRPC
 

Semelhante a Docker Container Checkpoint and Restore with CRIU

Introducing & playing with Docker | Manel Martinez | 1st Docker Crete Meetup
Introducing & playing with Docker | Manel Martinez | 1st Docker Crete MeetupIntroducing & playing with Docker | Manel Martinez | 1st Docker Crete Meetup
Introducing & playing with Docker | Manel Martinez | 1st Docker Crete MeetupAlexandra Karapidaki
 
Build and run applications in a dockerless kubernetes world
Build and run applications in a dockerless kubernetes worldBuild and run applications in a dockerless kubernetes world
Build and run applications in a dockerless kubernetes worldJorge Morales
 
Docker Up and Running Introduction
Docker Up and Running IntroductionDocker Up and Running Introduction
Docker Up and Running IntroductionMark Beacom
 
Data Science Workflows using Docker Containers
Data Science Workflows using Docker ContainersData Science Workflows using Docker Containers
Data Science Workflows using Docker ContainersAly Sivji
 
Perspectives on Docker
Perspectives on DockerPerspectives on Docker
Perspectives on DockerRightScale
 
The internals and the latest trends of container runtimes
The internals and the latest trends of container runtimesThe internals and the latest trends of container runtimes
The internals and the latest trends of container runtimesAkihiro Suda
 
CI with Docker in Docker
CI with Docker in DockerCI with Docker in Docker
CI with Docker in DockerMukta Aphale
 
Docker for Deep Learning (Andrea Panizza)
Docker for Deep Learning (Andrea Panizza)Docker for Deep Learning (Andrea Panizza)
Docker for Deep Learning (Andrea Panizza)MeetupDataScienceRoma
 
Powercoders · Docker · Fall 2021.pptx
Powercoders · Docker · Fall 2021.pptxPowercoders · Docker · Fall 2021.pptx
Powercoders · Docker · Fall 2021.pptxIgnacioTamayo2
 
Docker primer and tips
Docker primer and tipsDocker primer and tips
Docker primer and tipsSamuel Chow
 
Docker up and Running For Web Developers
Docker up and Running For Web DevelopersDocker up and Running For Web Developers
Docker up and Running For Web DevelopersBADR
 
Docker Up and Running for Web Developers
Docker Up and Running for Web DevelopersDocker Up and Running for Web Developers
Docker Up and Running for Web DevelopersAmr Fawzy
 
Magento Docker Setup.pdf
Magento Docker Setup.pdfMagento Docker Setup.pdf
Magento Docker Setup.pdfAbid Malik
 
Best Practices for Developing & Deploying Java Applications with Docker
Best Practices for Developing & Deploying Java Applications with DockerBest Practices for Developing & Deploying Java Applications with Docker
Best Practices for Developing & Deploying Java Applications with DockerEric Smalling
 
Start your container journey safely
Start your container journey safelyStart your container journey safely
Start your container journey safelyRachid Zarouali
 

Semelhante a Docker Container Checkpoint and Restore with CRIU (20)

Introducing & playing with Docker | Manel Martinez | 1st Docker Crete Meetup
Introducing & playing with Docker | Manel Martinez | 1st Docker Crete MeetupIntroducing & playing with Docker | Manel Martinez | 1st Docker Crete Meetup
Introducing & playing with Docker | Manel Martinez | 1st Docker Crete Meetup
 
Build and run applications in a dockerless kubernetes world
Build and run applications in a dockerless kubernetes worldBuild and run applications in a dockerless kubernetes world
Build and run applications in a dockerless kubernetes world
 
Docker Up and Running Introduction
Docker Up and Running IntroductionDocker Up and Running Introduction
Docker Up and Running Introduction
 
Data Science Workflows using Docker Containers
Data Science Workflows using Docker ContainersData Science Workflows using Docker Containers
Data Science Workflows using Docker Containers
 
Perspectives on Docker
Perspectives on DockerPerspectives on Docker
Perspectives on Docker
 
JOSA TechTalk: Introduction to docker
JOSA TechTalk: Introduction to dockerJOSA TechTalk: Introduction to docker
JOSA TechTalk: Introduction to docker
 
The internals and the latest trends of container runtimes
The internals and the latest trends of container runtimesThe internals and the latest trends of container runtimes
The internals and the latest trends of container runtimes
 
CI with Docker in Docker
CI with Docker in DockerCI with Docker in Docker
CI with Docker in Docker
 
Docker by Example - Quiz
Docker by Example - QuizDocker by Example - Quiz
Docker by Example - Quiz
 
Docker by Example - Quiz
Docker by Example - QuizDocker by Example - Quiz
Docker by Example - Quiz
 
Docker for Deep Learning (Andrea Panizza)
Docker for Deep Learning (Andrea Panizza)Docker for Deep Learning (Andrea Panizza)
Docker for Deep Learning (Andrea Panizza)
 
Powercoders · Docker · Fall 2021.pptx
Powercoders · Docker · Fall 2021.pptxPowercoders · Docker · Fall 2021.pptx
Powercoders · Docker · Fall 2021.pptx
 
Docker primer and tips
Docker primer and tipsDocker primer and tips
Docker primer and tips
 
ABCs of docker
ABCs of dockerABCs of docker
ABCs of docker
 
Docker up and Running For Web Developers
Docker up and Running For Web DevelopersDocker up and Running For Web Developers
Docker up and Running For Web Developers
 
Docker Up and Running for Web Developers
Docker Up and Running for Web DevelopersDocker Up and Running for Web Developers
Docker Up and Running for Web Developers
 
Magento Docker Setup.pdf
Magento Docker Setup.pdfMagento Docker Setup.pdf
Magento Docker Setup.pdf
 
DOCKER-PIAIC-SLIDES
DOCKER-PIAIC-SLIDESDOCKER-PIAIC-SLIDES
DOCKER-PIAIC-SLIDES
 
Best Practices for Developing & Deploying Java Applications with Docker
Best Practices for Developing & Deploying Java Applications with DockerBest Practices for Developing & Deploying Java Applications with Docker
Best Practices for Developing & Deploying Java Applications with Docker
 
Start your container journey safely
Start your container journey safelyStart your container journey safely
Start your container journey safely
 

Último

Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVshikhaohhpro
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerThousandEyes
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdfWave PLM
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comFatema Valibhai
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsJhone kinadey
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️Delhi Call girls
 
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidDirect Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidPhilip Schwarz
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsAlberto González Trastoy
 
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...kalichargn70th171
 
Define the academic and professional writing..pdf
Define the academic and professional writing..pdfDefine the academic and professional writing..pdf
Define the academic and professional writing..pdfPearlKirahMaeRagusta1
 
Exploring the Best Video Editing App.pdf
Exploring the Best Video Editing App.pdfExploring the Best Video Editing App.pdf
Exploring the Best Video Editing App.pdfproinshot.com
 
10 Trends Likely to Shape Enterprise Technology in 2024
10 Trends Likely to Shape Enterprise Technology in 202410 Trends Likely to Shape Enterprise Technology in 2024
10 Trends Likely to Shape Enterprise Technology in 2024Mind IT Systems
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️Delhi Call girls
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Steffen Staab
 
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesAI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesVictorSzoltysek
 
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdfintroduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdfVishalKumarJha10
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providermohitmore19
 
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdf
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdfAzure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdf
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdfryanfarris8
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplatePresentation.STUDIO
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfkalichargn70th171
 

Último (20)

Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTV
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.com
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial Goals
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
 
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidDirect Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
 
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...
 
Define the academic and professional writing..pdf
Define the academic and professional writing..pdfDefine the academic and professional writing..pdf
Define the academic and professional writing..pdf
 
Exploring the Best Video Editing App.pdf
Exploring the Best Video Editing App.pdfExploring the Best Video Editing App.pdf
Exploring the Best Video Editing App.pdf
 
10 Trends Likely to Shape Enterprise Technology in 2024
10 Trends Likely to Shape Enterprise Technology in 202410 Trends Likely to Shape Enterprise Technology in 2024
10 Trends Likely to Shape Enterprise Technology in 2024
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
 
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesAI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
 
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdfintroduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service provider
 
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdf
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdfAzure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdf
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdf
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation Template
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
 

Docker Container Checkpoint and Restore with CRIU

  • 1. An Experiment in Checkpointing and Restoring Docker Containers with CRIU Linux Plumbers Conference October 17, 2014 Saied Kazemi (saied@)
  • 2. Motivation ● Container migration through native Checkpoint and Restore (C/R) Docker Meetup 9/17/14 support in Docker using CRIU host A docker checkpoint <id> host B docker restore <id>
  • 3. Docker Meetup 9/17/14 Docker Client, Server, and Containers client server docker run ... docker -d init grandchild Global Namespace Private Namespace container 1 container 2
  • 4. criu container # criu dump ... # criu restore ...
  • 5. Docker Meetup 9/17/14 External C/R Issues ● Manual Set Up ○ Filesystem, cgroups ● Container State ○ After checkpoint, Docker thinks the container has finished and exited ○ After restore, Docker doesn’t know container has resumed ● Process Tree Ownership ○ Restored process tree is a child of system-wide init, not the Docker daemon ● Other “Plumbing” Issues ○ docker stop, docker kill, etc.
  • 6. container Native C/R exec driver nsinit libcontainer criu External C/R # criu dump ... # criu restore ... docker # docker checkpoint ... # docker restore ...
  • 7. Docker Meetup 9/17/14 CRIU and Docker Containers ● There were a number of issues C/R’ing Docker containers ○ See backup slides for details ● Excellent support from upstream CRIU developers and community ● With CRIU 1.3, now possible to C/R ○ Works with AUFS (default) as well as VFS and UnionFS ○ Device Mapper not tested ● No container migration yet
  • 8. Docker Meetup 9/17/14 Checkpoint and Restore Demo ● Using docker_cr.sh helper script (external) ● Using nsinit binary (external) ● Using Docker (native, proof of concept)
  • 9. Docker Meetup 9/17/14 Backup Slides
  • 10. Docker Meetup 9/17/14 Docker C/R Options ● There are two options to checkpoint and restore: A) The Docker daemon and (all) its containers and B) An individual container (without the Docker daemon) ● Option A isn’t currently possible with CRIU due to nested namespaces ○ Option B is possible today on the same machine ○ Will look into adding migration support
  • 11. Docker Meetup 9/17/14 Issues and Solutions ● Issue: nested PID namespaces ○ two ways to start a container: interactive ($ docker run -i ...) or detached ($ docker run -d ...) ○ in both cases the process is a child of the docker daemon (not the docker client) running in global PID namespace ○ CRIU does not support nested PID namespaces ● Solution: C/R is done on process tree without Docker
  • 12. Docker Meetup 9/17/14 Issues and Solutions ● Issue: external bind mounts ○ /etc/{hosts,hostname} from container’s config dir ○ /etc/resolv.conf from container’s config dir (or /etc/resolv.conf in older versions) ○ /.dockerinit from Docker’s init dir in older versions ○ bind mount paths for files in /etc can be obtained with docker inspect, but not for /.dockerinit ● Solution: external bind mount support with --ext-mount-map
  • 13. Docker Meetup 9/17/14 Issues and Solutions ● Issue: /dev/null bind mount over /proc/kcore ○ appeared in Docker 0.10.0, caused dump failure ● Solution: patch 494c044 ● Issue: dumpable flag ○ appeared in Docker 0.11.1 (libcontainer dropping all capabilities, keeping those specified in config) ○ value is set to 2 by which cannot be restored ● Solution: patch 8870aa1
  • 14. Docker Meetup 9/17/14 Issues and Solutions ● Issue: restoring cgroups subdirs and properties ○ after checkpointing, Docker daemon would remove container’s cgroups subdirs (because the container has “exited”) ○ after restoring subdirs, properties were not restored ● Solution: cgroups restoration support with --manage-cgroups
  • 15. Docker Meetup 9/17/14 Issues and Solutions ● Issue: stdin in detached mode ○ container’s stdin set to the global /dev/null in detached mode $ docker run -d … ● Solution: fixed in Docker ○ use --evasive-devices for older Docker versions
  • 16. Docker Meetup 9/17/14 Issues and Solutions ● Issue: AUFS ○ /proc/<pid>/map_files symbolic link paths point inside AUFS branches ○ CRIU gets confused seeing the same file in its physical location (in the branch) and its logical location (from the root of mount namespace) ○ fixing the kernel is the right solution but time-consuming to roll out ● Solution: ○ fixed in AUFS (but will take time to be available in all distros) ○ in the meantime, CRIU patch d8b41b6 will compensate for the problem