SlideShare a Scribd company logo

Docker Container Checkpoint and Restore with CRIU

Saied Kazemi
Saied Kazemi

This talk was presented at the Linux Plumbers Conference in Dusseldorf, Germany (http://www.linuxplumbersconf.org/2014/ocw/sessions/1899).

Software
1 of 16
Download to read offline
An Experiment in Checkpointing and Restoring Docker Containers with CRIU Linux Plumbers Conference October 17, 2014 Saied Kazemi (saied@)
Motivation ● Container migration through native Checkpoint and Restore (C/R) Docker Meetup 9/17/14 support in Docker using CRIU host A docker checkpoint <id> host B docker restore <id>
Docker Meetup 9/17/14 Docker Client, Server, and Containers client server docker run ... docker -d init grandchild Global Namespace Private Namespace container 1 container 2
criu container # criu dump ... # criu restore ...
Docker Meetup 9/17/14 External C/R Issues ● Manual Set Up ○ Filesystem, cgroups ● Container State ○ After checkpoint, Docker thinks the container has finished and exited ○ After restore, Docker doesn’t know container has resumed ● Process Tree Ownership ○ Restored process tree is a child of system-wide init, not the Docker daemon ● Other “Plumbing” Issues ○ docker stop, docker kill, etc.
container Native C/R exec driver nsinit libcontainer criu External C/R # criu dump ... # criu restore ... docker # docker checkpoint ... # docker restore ...
Docker Meetup 9/17/14 CRIU and Docker Containers ● There were a number of issues C/R’ing Docker containers ○ See backup slides for details ● Excellent support from upstream CRIU developers and community ● With CRIU 1.3, now possible to C/R ○ Works with AUFS (default) as well as VFS and UnionFS ○ Device Mapper not tested ● No container migration yet
Docker Meetup 9/17/14 Checkpoint and Restore Demo ● Using docker_cr.sh helper script (external) ● Using nsinit binary (external) ● Using Docker (native, proof of concept)
Docker Meetup 9/17/14 Backup Slides
Docker Meetup 9/17/14 Docker C/R Options ● There are two options to checkpoint and restore: A) The Docker daemon and (all) its containers and B) An individual container (without the Docker daemon) ● Option A isn’t currently possible with CRIU due to nested namespaces ○ Option B is possible today on the same machine ○ Will look into adding migration support
Docker Meetup 9/17/14 Issues and Solutions ● Issue: nested PID namespaces ○ two ways to start a container: interactive ($ docker run -i ...) or detached ($ docker run -d ...) ○ in both cases the process is a child of the docker daemon (not the docker client) running in global PID namespace ○ CRIU does not support nested PID namespaces ● Solution: C/R is done on process tree without Docker
Docker Meetup 9/17/14 Issues and Solutions ● Issue: external bind mounts ○ /etc/{hosts,hostname} from container’s config dir ○ /etc/resolv.conf from container’s config dir (or /etc/resolv.conf in older versions) ○ /.dockerinit from Docker’s init dir in older versions ○ bind mount paths for files in /etc can be obtained with docker inspect, but not for /.dockerinit ● Solution: external bind mount support with --ext-mount-map
Docker Meetup 9/17/14 Issues and Solutions ● Issue: /dev/null bind mount over /proc/kcore ○ appeared in Docker 0.10.0, caused dump failure ● Solution: patch 494c044 ● Issue: dumpable flag ○ appeared in Docker 0.11.1 (libcontainer dropping all capabilities, keeping those specified in config) ○ value is set to 2 by which cannot be restored ● Solution: patch 8870aa1
Docker Meetup 9/17/14 Issues and Solutions ● Issue: restoring cgroups subdirs and properties ○ after checkpointing, Docker daemon would remove container’s cgroups subdirs (because the container has “exited”) ○ after restoring subdirs, properties were not restored ● Solution: cgroups restoration support with --manage-cgroups
Docker Meetup 9/17/14 Issues and Solutions ● Issue: stdin in detached mode ○ container’s stdin set to the global /dev/null in detached mode $ docker run -d … ● Solution: fixed in Docker ○ use --evasive-devices for older Docker versions
Docker Meetup 9/17/14 Issues and Solutions ● Issue: AUFS ○ /proc/<pid>/map_files symbolic link paths point inside AUFS branches ○ CRIU gets confused seeing the same file in its physical location (in the branch) and its logical location (from the root of mount namespace) ○ fixing the kernel is the right solution but time-consuming to roll out ● Solution: ○ fixed in AUFS (but will take time to be available in all distros) ○ in the meantime, CRIU patch d8b41b6 will compensate for the problem

Recommended

2015 08-20-criu support-in_docker_for_native_checkpoint_and_restore
2015 08-20-criu support-in_docker_for_native_checkpoint_and_restore2015 08-20-criu support-in_docker_for_native_checkpoint_and_restore
2015 08-20-criu support-in_docker_for_native_checkpoint_and_restoreSaied Kazemi
 
containerd and CRI
containerd and CRIcontainerd and CRI
containerd and CRIDocker, Inc.
 
Containerd Project Update: FOSDEM 2018
Containerd Project Update: FOSDEM 2018Containerd Project Update: FOSDEM 2018
Containerd Project Update: FOSDEM 2018Phil Estes
 
Docker Athens: Docker Engine Evolution & Containerd Use Cases
Docker Athens: Docker Engine Evolution & Containerd Use CasesDocker Athens: Docker Engine Evolution & Containerd Use Cases
Docker Athens: Docker Engine Evolution & Containerd Use CasesPhil Estes
 
An Open Source Story: Open Containers & Open Communities
An Open Source Story: Open Containers & Open CommunitiesAn Open Source Story: Open Containers & Open Communities
An Open Source Story: Open Containers & Open CommunitiesPhil Estes
 
Docker Workshop for beginner
Docker Workshop for beginnerDocker Workshop for beginner
Docker Workshop for beginnerJirayut Nimsaeng
 
Docker and Go: why did we decide to write Docker in Go?
Docker and Go: why did we decide to write Docker in Go?Docker and Go: why did we decide to write Docker in Go?
Docker and Go: why did we decide to write Docker in Go?Jérôme Petazzoni
 
Introduction to docker
Introduction to dockerIntroduction to docker
Introduction to dockerMarcelo Cenerino
 

Recommended

2015 08-20-criu support-in_docker_for_native_checkpoint_and_restore
2015 08-20-criu support-in_docker_for_native_checkpoint_and_restore2015 08-20-criu support-in_docker_for_native_checkpoint_and_restore
2015 08-20-criu support-in_docker_for_native_checkpoint_and_restoreSaied Kazemi
 
containerd and CRI
containerd and CRIcontainerd and CRI
containerd and CRIDocker, Inc.
 
Containerd Project Update: FOSDEM 2018
Containerd Project Update: FOSDEM 2018Containerd Project Update: FOSDEM 2018
Containerd Project Update: FOSDEM 2018Phil Estes
 
Docker Athens: Docker Engine Evolution & Containerd Use Cases
Docker Athens: Docker Engine Evolution & Containerd Use CasesDocker Athens: Docker Engine Evolution & Containerd Use Cases
Docker Athens: Docker Engine Evolution & Containerd Use CasesPhil Estes
 
An Open Source Story: Open Containers & Open Communities
An Open Source Story: Open Containers & Open CommunitiesAn Open Source Story: Open Containers & Open Communities
An Open Source Story: Open Containers & Open CommunitiesPhil Estes
 
Docker Workshop for beginner
Docker Workshop for beginnerDocker Workshop for beginner
Docker Workshop for beginnerJirayut Nimsaeng
 
Docker and Go: why did we decide to write Docker in Go?
Docker and Go: why did we decide to write Docker in Go?Docker and Go: why did we decide to write Docker in Go?
Docker and Go: why did we decide to write Docker in Go?Jérôme Petazzoni
 
Introduction to docker
Introduction to dockerIntroduction to docker
Introduction to dockerMarcelo Cenerino
 
Mobycraft:Docker in 8-bit (Meetup at Docker HQ 4/7)
Mobycraft:Docker in 8-bit (Meetup at Docker HQ 4/7)Mobycraft:Docker in 8-bit (Meetup at Docker HQ 4/7)
Mobycraft:Docker in 8-bit (Meetup at Docker HQ 4/7)Docker, Inc.
 
Surveillance on slam technology
Surveillance on slam technologySurveillance on slam technology
Surveillance on slam technologyGMO-Z.com Vietnam Lab Center
 
To Russia with Love: Deploying Kubernetes in Exotic Locations On Prem
To Russia with Love: Deploying Kubernetes in Exotic Locations On PremTo Russia with Love: Deploying Kubernetes in Exotic Locations On Prem
To Russia with Love: Deploying Kubernetes in Exotic Locations On PremCloudOps2005
 
Docker e git lab
Docker e git labDocker e git lab
Docker e git labGianluca Padovani
 
Integration kubernetes with docker private registry
Integration kubernetes with docker private registryIntegration kubernetes with docker private registry
Integration kubernetes with docker private registryHungWei Chiu
 
Why Go Lang?
Why Go Lang?Why Go Lang?
Why Go Lang?Sathish VJ
 
All Things Containers - Docker, Kubernetes, Helm, Istio, GitOps and more
All Things Containers - Docker, Kubernetes, Helm, Istio, GitOps and moreAll Things Containers - Docker, Kubernetes, Helm, Istio, GitOps and more
All Things Containers - Docker, Kubernetes, Helm, Istio, GitOps and moreAll Things Open
 
Docker and the Linux Kernel
Docker and the Linux KernelDocker and the Linux Kernel
Docker and the Linux KernelDocker, Inc.
 
Docker at Flux7
Docker at Flux7Docker at Flux7
Docker at Flux7Aater Suleman
 
Kubernetes with docker
Kubernetes with dockerKubernetes with docker
Kubernetes with dockerDocker, Inc.
 
The relationship between Docker, Kubernetes and CRI
The relationship between Docker, Kubernetes and CRIThe relationship between Docker, Kubernetes and CRI
The relationship between Docker, Kubernetes and CRIHungWei Chiu
 
Introduction to CRI and OCI
Introduction to CRI and OCIIntroduction to CRI and OCI
Introduction to CRI and OCIHungWei Chiu
 
Immutable kubernetes architecture by linuxkit
Immutable kubernetes architecture by linuxkitImmutable kubernetes architecture by linuxkit
Immutable kubernetes architecture by linuxkit어형 이
 
Bucketbench: Benchmarking Container Runtime Performance
Bucketbench: Benchmarking Container Runtime PerformanceBucketbench: Benchmarking Container Runtime Performance
Bucketbench: Benchmarking Container Runtime PerformancePhil Estes
 
Container Runtimes: Comparing and Contrasting Today's Engines
Container Runtimes: Comparing and Contrasting Today's EnginesContainer Runtimes: Comparing and Contrasting Today's Engines
Container Runtimes: Comparing and Contrasting Today's EnginesPhil Estes
 
Making kubernetes simple for developers
Making kubernetes simple for developersMaking kubernetes simple for developers
Making kubernetes simple for developersSuraj Deshmukh
 
How to debug the pod which is hard to debug (디버그 하기 어려운 POD 디버그 하기)
How to debug the pod which is hard to debug (디버그 하기 어려운 POD 디버그 하기)How to debug the pod which is hard to debug (디버그 하기 어려운 POD 디버그 하기)
How to debug the pod which is hard to debug (디버그 하기 어려운 POD 디버그 하기)어형 이
 
Container Orchestration from Theory to Practice
Container Orchestration from Theory to PracticeContainer Orchestration from Theory to Practice
Container Orchestration from Theory to PracticeDocker, Inc.
 
Docker - a lot changed in a year
Docker - a lot changed in a yearDocker - a lot changed in a year
Docker - a lot changed in a yearChris Swan
 
Driving containerd operations with gRPC
Driving containerd operations with gRPCDriving containerd operations with gRPC
Driving containerd operations with gRPCDocker, Inc.
 
Introducing & playing with Docker | Manel Martinez | 1st Docker Crete Meetup
Introducing & playing with Docker | Manel Martinez | 1st Docker Crete MeetupIntroducing & playing with Docker | Manel Martinez | 1st Docker Crete Meetup
Introducing & playing with Docker | Manel Martinez | 1st Docker Crete MeetupAlexandra Karapidaki
 
Build and run applications in a dockerless kubernetes world
Build and run applications in a dockerless kubernetes worldBuild and run applications in a dockerless kubernetes world
Build and run applications in a dockerless kubernetes worldJorge Morales
 

More Related Content

What's hot

Mobycraft:Docker in 8-bit (Meetup at Docker HQ 4/7)
Mobycraft:Docker in 8-bit (Meetup at Docker HQ 4/7)Mobycraft:Docker in 8-bit (Meetup at Docker HQ 4/7)
Mobycraft:Docker in 8-bit (Meetup at Docker HQ 4/7)Docker, Inc.
 
To Russia with Love: Deploying Kubernetes in Exotic Locations On Prem
To Russia with Love: Deploying Kubernetes in Exotic Locations On PremTo Russia with Love: Deploying Kubernetes in Exotic Locations On Prem
To Russia with Love: Deploying Kubernetes in Exotic Locations On PremCloudOps2005
 
Integration kubernetes with docker private registry
Integration kubernetes with docker private registryIntegration kubernetes with docker private registry
Integration kubernetes with docker private registryHungWei Chiu
 
All Things Containers - Docker, Kubernetes, Helm, Istio, GitOps and more
All Things Containers - Docker, Kubernetes, Helm, Istio, GitOps and moreAll Things Containers - Docker, Kubernetes, Helm, Istio, GitOps and more
All Things Containers - Docker, Kubernetes, Helm, Istio, GitOps and moreAll Things Open
 
Docker and the Linux Kernel
Docker and the Linux KernelDocker and the Linux Kernel
Docker and the Linux KernelDocker, Inc.
 
Kubernetes with docker
Kubernetes with dockerKubernetes with docker
Kubernetes with dockerDocker, Inc.
 
The relationship between Docker, Kubernetes and CRI
The relationship between Docker, Kubernetes and CRIThe relationship between Docker, Kubernetes and CRI
The relationship between Docker, Kubernetes and CRIHungWei Chiu
 
Introduction to CRI and OCI
Introduction to CRI and OCIIntroduction to CRI and OCI
Introduction to CRI and OCIHungWei Chiu
 
Immutable kubernetes architecture by linuxkit
Immutable kubernetes architecture by linuxkitImmutable kubernetes architecture by linuxkit
Immutable kubernetes architecture by linuxkit어형 이
 
Bucketbench: Benchmarking Container Runtime Performance
Bucketbench: Benchmarking Container Runtime PerformanceBucketbench: Benchmarking Container Runtime Performance
Bucketbench: Benchmarking Container Runtime PerformancePhil Estes
 
Container Runtimes: Comparing and Contrasting Today's Engines
Container Runtimes: Comparing and Contrasting Today's EnginesContainer Runtimes: Comparing and Contrasting Today's Engines
Container Runtimes: Comparing and Contrasting Today's EnginesPhil Estes
 
Making kubernetes simple for developers
Making kubernetes simple for developersMaking kubernetes simple for developers
Making kubernetes simple for developersSuraj Deshmukh
 
How to debug the pod which is hard to debug (디버그 하기 어려운 POD 디버그 하기)
How to debug the pod which is hard to debug (디버그 하기 어려운 POD 디버그 하기)How to debug the pod which is hard to debug (디버그 하기 어려운 POD 디버그 하기)
How to debug the pod which is hard to debug (디버그 하기 어려운 POD 디버그 하기)어형 이
 
Container Orchestration from Theory to Practice
Container Orchestration from Theory to PracticeContainer Orchestration from Theory to Practice
Container Orchestration from Theory to PracticeDocker, Inc.
 
Docker - a lot changed in a year
Docker - a lot changed in a yearDocker - a lot changed in a year
Docker - a lot changed in a yearChris Swan
 
Driving containerd operations with gRPC
Driving containerd operations with gRPCDriving containerd operations with gRPC
Driving containerd operations with gRPCDocker, Inc.
 

What's hot (20)

Mobycraft:Docker in 8-bit (Meetup at Docker HQ 4/7)
Mobycraft:Docker in 8-bit (Meetup at Docker HQ 4/7)Mobycraft:Docker in 8-bit (Meetup at Docker HQ 4/7)
Mobycraft:Docker in 8-bit (Meetup at Docker HQ 4/7)
 
Surveillance on slam technology
Surveillance on slam technologySurveillance on slam technology
Surveillance on slam technology
 
To Russia with Love: Deploying Kubernetes in Exotic Locations On Prem
To Russia with Love: Deploying Kubernetes in Exotic Locations On PremTo Russia with Love: Deploying Kubernetes in Exotic Locations On Prem
To Russia with Love: Deploying Kubernetes in Exotic Locations On Prem
 
Docker e git lab
Docker e git labDocker e git lab
Docker e git lab
 
Integration kubernetes with docker private registry
Integration kubernetes with docker private registryIntegration kubernetes with docker private registry
Integration kubernetes with docker private registry
 
Why Go Lang?
Why Go Lang?Why Go Lang?
Why Go Lang?
 
All Things Containers - Docker, Kubernetes, Helm, Istio, GitOps and more
All Things Containers - Docker, Kubernetes, Helm, Istio, GitOps and moreAll Things Containers - Docker, Kubernetes, Helm, Istio, GitOps and more
All Things Containers - Docker, Kubernetes, Helm, Istio, GitOps and more
 
Docker and the Linux Kernel
Docker and the Linux KernelDocker and the Linux Kernel
Docker and the Linux Kernel
 
Docker at Flux7
Docker at Flux7Docker at Flux7
Docker at Flux7
 
Kubernetes with docker
Kubernetes with dockerKubernetes with docker
Kubernetes with docker
 
The relationship between Docker, Kubernetes and CRI
The relationship between Docker, Kubernetes and CRIThe relationship between Docker, Kubernetes and CRI
The relationship between Docker, Kubernetes and CRI
 
Introduction to CRI and OCI
Introduction to CRI and OCIIntroduction to CRI and OCI
Introduction to CRI and OCI
 
Immutable kubernetes architecture by linuxkit
Immutable kubernetes architecture by linuxkitImmutable kubernetes architecture by linuxkit
Immutable kubernetes architecture by linuxkit
 
Bucketbench: Benchmarking Container Runtime Performance
Bucketbench: Benchmarking Container Runtime PerformanceBucketbench: Benchmarking Container Runtime Performance
Bucketbench: Benchmarking Container Runtime Performance
 
Container Runtimes: Comparing and Contrasting Today's Engines
Container Runtimes: Comparing and Contrasting Today's EnginesContainer Runtimes: Comparing and Contrasting Today's Engines
Container Runtimes: Comparing and Contrasting Today's Engines
 
Making kubernetes simple for developers
Making kubernetes simple for developersMaking kubernetes simple for developers
Making kubernetes simple for developers
 
How to debug the pod which is hard to debug (디버그 하기 어려운 POD 디버그 하기)
How to debug the pod which is hard to debug (디버그 하기 어려운 POD 디버그 하기)How to debug the pod which is hard to debug (디버그 하기 어려운 POD 디버그 하기)
How to debug the pod which is hard to debug (디버그 하기 어려운 POD 디버그 하기)
 
Container Orchestration from Theory to Practice
Container Orchestration from Theory to PracticeContainer Orchestration from Theory to Practice
Container Orchestration from Theory to Practice
 
Docker - a lot changed in a year
Docker - a lot changed in a yearDocker - a lot changed in a year
Docker - a lot changed in a year
 
Driving containerd operations with gRPC
Driving containerd operations with gRPCDriving containerd operations with gRPC
Driving containerd operations with gRPC
 

Similar to Docker Container Checkpoint and Restore with CRIU

Introducing & playing with Docker | Manel Martinez | 1st Docker Crete Meetup
Introducing & playing with Docker | Manel Martinez | 1st Docker Crete MeetupIntroducing & playing with Docker | Manel Martinez | 1st Docker Crete Meetup
Introducing & playing with Docker | Manel Martinez | 1st Docker Crete MeetupAlexandra Karapidaki
 
Build and run applications in a dockerless kubernetes world
Build and run applications in a dockerless kubernetes worldBuild and run applications in a dockerless kubernetes world
Build and run applications in a dockerless kubernetes worldJorge Morales
 
Docker Up and Running Introduction
Docker Up and Running IntroductionDocker Up and Running Introduction
Docker Up and Running IntroductionMark Beacom
 
Data Science Workflows using Docker Containers
Data Science Workflows using Docker ContainersData Science Workflows using Docker Containers
Data Science Workflows using Docker ContainersAly Sivji
 
Perspectives on Docker
Perspectives on DockerPerspectives on Docker
Perspectives on DockerRightScale
 
The internals and the latest trends of container runtimes
The internals and the latest trends of container runtimesThe internals and the latest trends of container runtimes
The internals and the latest trends of container runtimesAkihiro Suda
 
CI with Docker in Docker
CI with Docker in DockerCI with Docker in Docker
CI with Docker in DockerMukta Aphale
 
Docker for Deep Learning (Andrea Panizza)
Docker for Deep Learning (Andrea Panizza)Docker for Deep Learning (Andrea Panizza)
Docker for Deep Learning (Andrea Panizza)MeetupDataScienceRoma
 
Powercoders · Docker · Fall 2021.pptx
Powercoders · Docker · Fall 2021.pptxPowercoders · Docker · Fall 2021.pptx
Powercoders · Docker · Fall 2021.pptxIgnacioTamayo2
 
Docker primer and tips
Docker primer and tipsDocker primer and tips
Docker primer and tipsSamuel Chow
 
Docker up and Running For Web Developers
Docker up and Running For Web DevelopersDocker up and Running For Web Developers
Docker up and Running For Web DevelopersBADR
 
Docker Up and Running for Web Developers
Docker Up and Running for Web DevelopersDocker Up and Running for Web Developers
Docker Up and Running for Web DevelopersAmr Fawzy
 
Magento Docker Setup.pdf
Magento Docker Setup.pdfMagento Docker Setup.pdf
Magento Docker Setup.pdfAbid Malik
 
Best Practices for Developing & Deploying Java Applications with Docker
Best Practices for Developing & Deploying Java Applications with DockerBest Practices for Developing & Deploying Java Applications with Docker
Best Practices for Developing & Deploying Java Applications with DockerEric Smalling
 
Start your container journey safely
Start your container journey safelyStart your container journey safely
Start your container journey safelyRachid Zarouali
 

Similar to Docker Container Checkpoint and Restore with CRIU (20)

Introducing & playing with Docker | Manel Martinez | 1st Docker Crete Meetup
Introducing & playing with Docker | Manel Martinez | 1st Docker Crete MeetupIntroducing & playing with Docker | Manel Martinez | 1st Docker Crete Meetup
Introducing & playing with Docker | Manel Martinez | 1st Docker Crete Meetup
 
Build and run applications in a dockerless kubernetes world
Build and run applications in a dockerless kubernetes worldBuild and run applications in a dockerless kubernetes world
Build and run applications in a dockerless kubernetes world
 
Docker Up and Running Introduction
Docker Up and Running IntroductionDocker Up and Running Introduction
Docker Up and Running Introduction
 
Data Science Workflows using Docker Containers
Data Science Workflows using Docker ContainersData Science Workflows using Docker Containers
Data Science Workflows using Docker Containers
 
Perspectives on Docker
Perspectives on DockerPerspectives on Docker
Perspectives on Docker
 
JOSA TechTalk: Introduction to docker
JOSA TechTalk: Introduction to dockerJOSA TechTalk: Introduction to docker
JOSA TechTalk: Introduction to docker
 
The internals and the latest trends of container runtimes
The internals and the latest trends of container runtimesThe internals and the latest trends of container runtimes
The internals and the latest trends of container runtimes
 
CI with Docker in Docker
CI with Docker in DockerCI with Docker in Docker
CI with Docker in Docker
 
Docker by Example - Quiz
Docker by Example - QuizDocker by Example - Quiz
Docker by Example - Quiz
 
Docker by Example - Quiz
Docker by Example - QuizDocker by Example - Quiz
Docker by Example - Quiz
 
Docker for Deep Learning (Andrea Panizza)
Docker for Deep Learning (Andrea Panizza)Docker for Deep Learning (Andrea Panizza)
Docker for Deep Learning (Andrea Panizza)
 
Powercoders · Docker · Fall 2021.pptx
Powercoders · Docker · Fall 2021.pptxPowercoders · Docker · Fall 2021.pptx
Powercoders · Docker · Fall 2021.pptx
 
Docker primer and tips
Docker primer and tipsDocker primer and tips
Docker primer and tips
 
ABCs of docker
ABCs of dockerABCs of docker
ABCs of docker
 
Docker up and Running For Web Developers
Docker up and Running For Web DevelopersDocker up and Running For Web Developers
Docker up and Running For Web Developers
 
Docker Up and Running for Web Developers
Docker Up and Running for Web DevelopersDocker Up and Running for Web Developers
Docker Up and Running for Web Developers
 
Magento Docker Setup.pdf
Magento Docker Setup.pdfMagento Docker Setup.pdf
Magento Docker Setup.pdf
 
DOCKER-PIAIC-SLIDES
DOCKER-PIAIC-SLIDESDOCKER-PIAIC-SLIDES
DOCKER-PIAIC-SLIDES
 
Best Practices for Developing & Deploying Java Applications with Docker
Best Practices for Developing & Deploying Java Applications with DockerBest Practices for Developing & Deploying Java Applications with Docker
Best Practices for Developing & Deploying Java Applications with Docker
 
Start your container journey safely
Start your container journey safelyStart your container journey safely
Start your container journey safely
 

Recently uploaded

Malaysia E-Invoice digital signature docpptx
Malaysia E-Invoice digital signature docpptxMalaysia E-Invoice digital signature docpptx
Malaysia E-Invoice digital signature docpptxMok TH
 
The Strategic Impact of Buying vs Building in Test Automation
The Strategic Impact of Buying vs Building in Test AutomationThe Strategic Impact of Buying vs Building in Test Automation
The Strategic Impact of Buying vs Building in Test AutomationElement34
 
Workshop: Enabling GenAI Breakthroughs with Knowledge Graphs - GraphSummit Milan
Workshop: Enabling GenAI Breakthroughs with Knowledge Graphs - GraphSummit MilanWorkshop: Enabling GenAI Breakthroughs with Knowledge Graphs - GraphSummit Milan
Workshop: Enabling GenAI Breakthroughs with Knowledge Graphs - GraphSummit MilanNeo4j
 
Tree in the Forest - Managing Details in BDD Scenarios (live2test 2024)
Tree in the Forest - Managing Details in BDD Scenarios (live2test 2024)Tree in the Forest - Managing Details in BDD Scenarios (live2test 2024)
Tree in the Forest - Managing Details in BDD Scenarios (live2test 2024)Gáspár Nagy
 
Reinforcement Learning – a Rewards Based Approach to Machine Learning - Marko...
Reinforcement Learning – a Rewards Based Approach to Machine Learning - Marko...Reinforcement Learning – a Rewards Based Approach to Machine Learning - Marko...
Reinforcement Learning – a Rewards Based Approach to Machine Learning - Marko...Marko Lohert
 
The Evolution of Web App Testing_ An Ultimate Guide to Future Trends.pdf
The Evolution of Web App Testing_ An Ultimate Guide to Future Trends.pdfThe Evolution of Web App Testing_ An Ultimate Guide to Future Trends.pdf
The Evolution of Web App Testing_ An Ultimate Guide to Future Trends.pdfkalichargn70th171
 
Crafting the Perfect Measurement Sheet with PLM Integration
Crafting the Perfect Measurement Sheet with PLM IntegrationCrafting the Perfect Measurement Sheet with PLM Integration
Crafting the Perfect Measurement Sheet with PLM IntegrationWave PLM
 
Optimizing Operations by Aligning Resources with Strategic Objectives Using O...
Optimizing Operations by Aligning Resources with Strategic Objectives Using O...Optimizing Operations by Aligning Resources with Strategic Objectives Using O...
Optimizing Operations by Aligning Resources with Strategic Objectives Using O...OnePlan Solutions
 
KLARNA - Language Models and Knowledge Graphs: A Systems Approach
KLARNA - Language Models and Knowledge Graphs: A Systems ApproachKLARNA - Language Models and Knowledge Graphs: A Systems Approach
KLARNA - Language Models and Knowledge Graphs: A Systems ApproachNeo4j
 
OpenChain @ LF Japan Executive Briefing - May 2024
OpenChain @ LF Japan Executive Briefing - May 2024OpenChain @ LF Japan Executive Briefing - May 2024
OpenChain @ LF Japan Executive Briefing - May 2024Shane Coughlan
 
JustNaik Solution Deck (stage bus sector)
JustNaik Solution Deck (stage bus sector)JustNaik Solution Deck (stage bus sector)
JustNaik Solution Deck (stage bus sector)Max Lee
 
How to install and activate eGrabber JobGrabber
How to install and activate eGrabber JobGrabberHow to install and activate eGrabber JobGrabber
How to install and activate eGrabber JobGrabbereGrabber
 
Microsoft 365 Copilot; An AI tool changing the world of work _PDF.pdf
Microsoft 365 Copilot; An AI tool changing the world of work _PDF.pdfMicrosoft 365 Copilot; An AI tool changing the world of work _PDF.pdf
Microsoft 365 Copilot; An AI tool changing the world of work _PDF.pdfQ-Advise
 
Food Delivery Business App Development Guide 2024
Food Delivery Business App Development Guide 2024Food Delivery Business App Development Guide 2024
Food Delivery Business App Development Guide 2024Chirag Panchal
 
Salesforce Introduced Zero Copy Partner Network to Simplify the Process of In...
Salesforce Introduced Zero Copy Partner Network to Simplify the Process of In...Salesforce Introduced Zero Copy Partner Network to Simplify the Process of In...
Salesforce Introduced Zero Copy Partner Network to Simplify the Process of In...CloudMetic
 
Automate your OpenSIPS config tests - OpenSIPS Summit 2024
Automate your OpenSIPS config tests - OpenSIPS Summit 2024Automate your OpenSIPS config tests - OpenSIPS Summit 2024
Automate your OpenSIPS config tests - OpenSIPS Summit 2024Andreas Granig
 
OpenChain Webinar: AboutCode and Beyond - End-to-End SCA
OpenChain Webinar: AboutCode and Beyond - End-to-End SCAOpenChain Webinar: AboutCode and Beyond - End-to-End SCA
OpenChain Webinar: AboutCode and Beyond - End-to-End SCAShane Coughlan
 
The Impact of PLM Software on Fashion Production
The Impact of PLM Software on Fashion ProductionThe Impact of PLM Software on Fashion Production
The Impact of PLM Software on Fashion ProductionWave PLM
 

Recently uploaded (20)

Malaysia E-Invoice digital signature docpptx
Malaysia E-Invoice digital signature docpptxMalaysia E-Invoice digital signature docpptx
Malaysia E-Invoice digital signature docpptx
 
The Strategic Impact of Buying vs Building in Test Automation
The Strategic Impact of Buying vs Building in Test AutomationThe Strategic Impact of Buying vs Building in Test Automation
The Strategic Impact of Buying vs Building in Test Automation
 
Workshop: Enabling GenAI Breakthroughs with Knowledge Graphs - GraphSummit Milan
Workshop: Enabling GenAI Breakthroughs with Knowledge Graphs - GraphSummit MilanWorkshop: Enabling GenAI Breakthroughs with Knowledge Graphs - GraphSummit Milan
Workshop: Enabling GenAI Breakthroughs with Knowledge Graphs - GraphSummit Milan
 
Tree in the Forest - Managing Details in BDD Scenarios (live2test 2024)
Tree in the Forest - Managing Details in BDD Scenarios (live2test 2024)Tree in the Forest - Managing Details in BDD Scenarios (live2test 2024)
Tree in the Forest - Managing Details in BDD Scenarios (live2test 2024)
 
Reinforcement Learning – a Rewards Based Approach to Machine Learning - Marko...
Reinforcement Learning – a Rewards Based Approach to Machine Learning - Marko...Reinforcement Learning – a Rewards Based Approach to Machine Learning - Marko...
Reinforcement Learning – a Rewards Based Approach to Machine Learning - Marko...
 
The Evolution of Web App Testing_ An Ultimate Guide to Future Trends.pdf
The Evolution of Web App Testing_ An Ultimate Guide to Future Trends.pdfThe Evolution of Web App Testing_ An Ultimate Guide to Future Trends.pdf
The Evolution of Web App Testing_ An Ultimate Guide to Future Trends.pdf
 
Crafting the Perfect Measurement Sheet with PLM Integration
Crafting the Perfect Measurement Sheet with PLM IntegrationCrafting the Perfect Measurement Sheet with PLM Integration
Crafting the Perfect Measurement Sheet with PLM Integration
 
Optimizing Operations by Aligning Resources with Strategic Objectives Using O...
Optimizing Operations by Aligning Resources with Strategic Objectives Using O...Optimizing Operations by Aligning Resources with Strategic Objectives Using O...
Optimizing Operations by Aligning Resources with Strategic Objectives Using O...
 
KLARNA - Language Models and Knowledge Graphs: A Systems Approach
KLARNA - Language Models and Knowledge Graphs: A Systems ApproachKLARNA - Language Models and Knowledge Graphs: A Systems Approach
KLARNA - Language Models and Knowledge Graphs: A Systems Approach
 
OpenChain @ LF Japan Executive Briefing - May 2024
OpenChain @ LF Japan Executive Briefing - May 2024OpenChain @ LF Japan Executive Briefing - May 2024
OpenChain @ LF Japan Executive Briefing - May 2024
 
JustNaik Solution Deck (stage bus sector)
JustNaik Solution Deck (stage bus sector)JustNaik Solution Deck (stage bus sector)
JustNaik Solution Deck (stage bus sector)
 
How to install and activate eGrabber JobGrabber
How to install and activate eGrabber JobGrabberHow to install and activate eGrabber JobGrabber
How to install and activate eGrabber JobGrabber
 
5 Reasons Driving Warehouse Management Systems Demand
5 Reasons Driving Warehouse Management Systems Demand5 Reasons Driving Warehouse Management Systems Demand
5 Reasons Driving Warehouse Management Systems Demand
 
Microsoft 365 Copilot; An AI tool changing the world of work _PDF.pdf
Microsoft 365 Copilot; An AI tool changing the world of work _PDF.pdfMicrosoft 365 Copilot; An AI tool changing the world of work _PDF.pdf
Microsoft 365 Copilot; An AI tool changing the world of work _PDF.pdf
 
Food Delivery Business App Development Guide 2024
Food Delivery Business App Development Guide 2024Food Delivery Business App Development Guide 2024
Food Delivery Business App Development Guide 2024
 
Salesforce Introduced Zero Copy Partner Network to Simplify the Process of In...
Salesforce Introduced Zero Copy Partner Network to Simplify the Process of In...Salesforce Introduced Zero Copy Partner Network to Simplify the Process of In...
Salesforce Introduced Zero Copy Partner Network to Simplify the Process of In...
 
Automate your OpenSIPS config tests - OpenSIPS Summit 2024
Automate your OpenSIPS config tests - OpenSIPS Summit 2024Automate your OpenSIPS config tests - OpenSIPS Summit 2024
Automate your OpenSIPS config tests - OpenSIPS Summit 2024
 
OpenChain Webinar: AboutCode and Beyond - End-to-End SCA
OpenChain Webinar: AboutCode and Beyond - End-to-End SCAOpenChain Webinar: AboutCode and Beyond - End-to-End SCA
OpenChain Webinar: AboutCode and Beyond - End-to-End SCA
 
The Impact of PLM Software on Fashion Production
The Impact of PLM Software on Fashion ProductionThe Impact of PLM Software on Fashion Production
The Impact of PLM Software on Fashion Production
 
What is an API Development- Definition, Types, Specifications, Documentation.pdf
What is an API Development- Definition, Types, Specifications, Documentation.pdfWhat is an API Development- Definition, Types, Specifications, Documentation.pdf
What is an API Development- Definition, Types, Specifications, Documentation.pdf
 

Docker Container Checkpoint and Restore with CRIU

  • 1. An Experiment in Checkpointing and Restoring Docker Containers with CRIU Linux Plumbers Conference October 17, 2014 Saied Kazemi (saied@)
  • 2. Motivation ● Container migration through native Checkpoint and Restore (C/R) Docker Meetup 9/17/14 support in Docker using CRIU host A docker checkpoint <id> host B docker restore <id>
  • 3. Docker Meetup 9/17/14 Docker Client, Server, and Containers client server docker run ... docker -d init grandchild Global Namespace Private Namespace container 1 container 2
  • 4. criu container # criu dump ... # criu restore ...
  • 5. Docker Meetup 9/17/14 External C/R Issues ● Manual Set Up ○ Filesystem, cgroups ● Container State ○ After checkpoint, Docker thinks the container has finished and exited ○ After restore, Docker doesn’t know container has resumed ● Process Tree Ownership ○ Restored process tree is a child of system-wide init, not the Docker daemon ● Other “Plumbing” Issues ○ docker stop, docker kill, etc.
  • 6. container Native C/R exec driver nsinit libcontainer criu External C/R # criu dump ... # criu restore ... docker # docker checkpoint ... # docker restore ...
  • 7. Docker Meetup 9/17/14 CRIU and Docker Containers ● There were a number of issues C/R’ing Docker containers ○ See backup slides for details ● Excellent support from upstream CRIU developers and community ● With CRIU 1.3, now possible to C/R ○ Works with AUFS (default) as well as VFS and UnionFS ○ Device Mapper not tested ● No container migration yet
  • 8. Docker Meetup 9/17/14 Checkpoint and Restore Demo ● Using docker_cr.sh helper script (external) ● Using nsinit binary (external) ● Using Docker (native, proof of concept)
  • 9. Docker Meetup 9/17/14 Backup Slides
  • 10. Docker Meetup 9/17/14 Docker C/R Options ● There are two options to checkpoint and restore: A) The Docker daemon and (all) its containers and B) An individual container (without the Docker daemon) ● Option A isn’t currently possible with CRIU due to nested namespaces ○ Option B is possible today on the same machine ○ Will look into adding migration support
  • 11. Docker Meetup 9/17/14 Issues and Solutions ● Issue: nested PID namespaces ○ two ways to start a container: interactive ($ docker run -i ...) or detached ($ docker run -d ...) ○ in both cases the process is a child of the docker daemon (not the docker client) running in global PID namespace ○ CRIU does not support nested PID namespaces ● Solution: C/R is done on process tree without Docker
  • 12. Docker Meetup 9/17/14 Issues and Solutions ● Issue: external bind mounts ○ /etc/{hosts,hostname} from container’s config dir ○ /etc/resolv.conf from container’s config dir (or /etc/resolv.conf in older versions) ○ /.dockerinit from Docker’s init dir in older versions ○ bind mount paths for files in /etc can be obtained with docker inspect, but not for /.dockerinit ● Solution: external bind mount support with --ext-mount-map
  • 13. Docker Meetup 9/17/14 Issues and Solutions ● Issue: /dev/null bind mount over /proc/kcore ○ appeared in Docker 0.10.0, caused dump failure ● Solution: patch 494c044 ● Issue: dumpable flag ○ appeared in Docker 0.11.1 (libcontainer dropping all capabilities, keeping those specified in config) ○ value is set to 2 by which cannot be restored ● Solution: patch 8870aa1
  • 14. Docker Meetup 9/17/14 Issues and Solutions ● Issue: restoring cgroups subdirs and properties ○ after checkpointing, Docker daemon would remove container’s cgroups subdirs (because the container has “exited”) ○ after restoring subdirs, properties were not restored ● Solution: cgroups restoration support with --manage-cgroups
  • 15. Docker Meetup 9/17/14 Issues and Solutions ● Issue: stdin in detached mode ○ container’s stdin set to the global /dev/null in detached mode $ docker run -d … ● Solution: fixed in Docker ○ use --evasive-devices for older Docker versions
  • 16. Docker Meetup 9/17/14 Issues and Solutions ● Issue: AUFS ○ /proc/<pid>/map_files symbolic link paths point inside AUFS branches ○ CRIU gets confused seeing the same file in its physical location (in the branch) and its logical location (from the root of mount namespace) ○ fixing the kernel is the right solution but time-consuming to roll out ● Solution: ○ fixed in AUFS (but will take time to be available in all distros) ○ in the meantime, CRIU patch d8b41b6 will compensate for the problem