SlideShare a Scribd company logo

Docker Container Checkpoint and Restore with CRIU

Saied Kazemi
Saied Kazemi

This talk was presented at the Linux Plumbers Conference in Dusseldorf, Germany (http://www.linuxplumbersconf.org/2014/ocw/sessions/1899).

Software
1 of 16
Download to read offline
An Experiment in Checkpointing and Restoring Docker Containers with CRIU Linux Plumbers Conference October 17, 2014 Saied Kazemi (saied@)
Motivation ● Container migration through native Checkpoint and Restore (C/R) Docker Meetup 9/17/14 support in Docker using CRIU host A docker checkpoint <id> host B docker restore <id>
Docker Meetup 9/17/14 Docker Client, Server, and Containers client server docker run ... docker -d init grandchild Global Namespace Private Namespace container 1 container 2
criu container # criu dump ... # criu restore ...
Docker Meetup 9/17/14 External C/R Issues ● Manual Set Up ○ Filesystem, cgroups ● Container State ○ After checkpoint, Docker thinks the container has finished and exited ○ After restore, Docker doesn’t know container has resumed ● Process Tree Ownership ○ Restored process tree is a child of system-wide init, not the Docker daemon ● Other “Plumbing” Issues ○ docker stop, docker kill, etc.
container Native C/R exec driver nsinit libcontainer criu External C/R # criu dump ... # criu restore ... docker # docker checkpoint ... # docker restore ...
Docker Meetup 9/17/14 CRIU and Docker Containers ● There were a number of issues C/R’ing Docker containers ○ See backup slides for details ● Excellent support from upstream CRIU developers and community ● With CRIU 1.3, now possible to C/R ○ Works with AUFS (default) as well as VFS and UnionFS ○ Device Mapper not tested ● No container migration yet
Docker Meetup 9/17/14 Checkpoint and Restore Demo ● Using docker_cr.sh helper script (external) ● Using nsinit binary (external) ● Using Docker (native, proof of concept)
Docker Meetup 9/17/14 Backup Slides
Docker Meetup 9/17/14 Docker C/R Options ● There are two options to checkpoint and restore: A) The Docker daemon and (all) its containers and B) An individual container (without the Docker daemon) ● Option A isn’t currently possible with CRIU due to nested namespaces ○ Option B is possible today on the same machine ○ Will look into adding migration support
Docker Meetup 9/17/14 Issues and Solutions ● Issue: nested PID namespaces ○ two ways to start a container: interactive ($ docker run -i ...) or detached ($ docker run -d ...) ○ in both cases the process is a child of the docker daemon (not the docker client) running in global PID namespace ○ CRIU does not support nested PID namespaces ● Solution: C/R is done on process tree without Docker
Docker Meetup 9/17/14 Issues and Solutions ● Issue: external bind mounts ○ /etc/{hosts,hostname} from container’s config dir ○ /etc/resolv.conf from container’s config dir (or /etc/resolv.conf in older versions) ○ /.dockerinit from Docker’s init dir in older versions ○ bind mount paths for files in /etc can be obtained with docker inspect, but not for /.dockerinit ● Solution: external bind mount support with --ext-mount-map
Docker Meetup 9/17/14 Issues and Solutions ● Issue: /dev/null bind mount over /proc/kcore ○ appeared in Docker 0.10.0, caused dump failure ● Solution: patch 494c044 ● Issue: dumpable flag ○ appeared in Docker 0.11.1 (libcontainer dropping all capabilities, keeping those specified in config) ○ value is set to 2 by which cannot be restored ● Solution: patch 8870aa1
Docker Meetup 9/17/14 Issues and Solutions ● Issue: restoring cgroups subdirs and properties ○ after checkpointing, Docker daemon would remove container’s cgroups subdirs (because the container has “exited”) ○ after restoring subdirs, properties were not restored ● Solution: cgroups restoration support with --manage-cgroups
Docker Meetup 9/17/14 Issues and Solutions ● Issue: stdin in detached mode ○ container’s stdin set to the global /dev/null in detached mode $ docker run -d … ● Solution: fixed in Docker ○ use --evasive-devices for older Docker versions
Docker Meetup 9/17/14 Issues and Solutions ● Issue: AUFS ○ /proc/<pid>/map_files symbolic link paths point inside AUFS branches ○ CRIU gets confused seeing the same file in its physical location (in the branch) and its logical location (from the root of mount namespace) ○ fixing the kernel is the right solution but time-consuming to roll out ● Solution: ○ fixed in AUFS (but will take time to be available in all distros) ○ in the meantime, CRIU patch d8b41b6 will compensate for the problem

Recommended

2015 08-20-criu support-in_docker_for_native_checkpoint_and_restore
2015 08-20-criu support-in_docker_for_native_checkpoint_and_restore2015 08-20-criu support-in_docker_for_native_checkpoint_and_restore
2015 08-20-criu support-in_docker_for_native_checkpoint_and_restore
Saied Kazemi
 
containerd and CRI
containerd and CRIcontainerd and CRI
containerd and CRI
Docker, Inc.
 
Containerd Project Update: FOSDEM 2018
Containerd Project Update: FOSDEM 2018Containerd Project Update: FOSDEM 2018
Containerd Project Update: FOSDEM 2018
Phil Estes
 
Docker Athens: Docker Engine Evolution & Containerd Use Cases
Docker Athens: Docker Engine Evolution & Containerd Use CasesDocker Athens: Docker Engine Evolution & Containerd Use Cases
Docker Athens: Docker Engine Evolution & Containerd Use Cases
Phil Estes
 
An Open Source Story: Open Containers & Open Communities
An Open Source Story: Open Containers & Open CommunitiesAn Open Source Story: Open Containers & Open Communities
An Open Source Story: Open Containers & Open Communities
Phil Estes
 
Docker Workshop for beginner
Docker Workshop for beginnerDocker Workshop for beginner
Docker Workshop for beginner
Jirayut Nimsaeng
 
Docker and Go: why did we decide to write Docker in Go?
Docker and Go: why did we decide to write Docker in Go?Docker and Go: why did we decide to write Docker in Go?
Docker and Go: why did we decide to write Docker in Go?
Jérôme Petazzoni
 
Introduction to docker
Introduction to dockerIntroduction to docker
Introduction to docker
Marcelo Cenerino
 

Recommended

2015 08-20-criu support-in_docker_for_native_checkpoint_and_restore
2015 08-20-criu support-in_docker_for_native_checkpoint_and_restore2015 08-20-criu support-in_docker_for_native_checkpoint_and_restore
2015 08-20-criu support-in_docker_for_native_checkpoint_and_restore
Saied Kazemi
 
containerd and CRI
containerd and CRIcontainerd and CRI
containerd and CRI
Docker, Inc.
 
Containerd Project Update: FOSDEM 2018
Containerd Project Update: FOSDEM 2018Containerd Project Update: FOSDEM 2018
Containerd Project Update: FOSDEM 2018
Phil Estes
 
Docker Athens: Docker Engine Evolution & Containerd Use Cases
Docker Athens: Docker Engine Evolution & Containerd Use CasesDocker Athens: Docker Engine Evolution & Containerd Use Cases
Docker Athens: Docker Engine Evolution & Containerd Use Cases
Phil Estes
 
An Open Source Story: Open Containers & Open Communities
An Open Source Story: Open Containers & Open CommunitiesAn Open Source Story: Open Containers & Open Communities
An Open Source Story: Open Containers & Open Communities
Phil Estes
 
Docker Workshop for beginner
Docker Workshop for beginnerDocker Workshop for beginner
Docker Workshop for beginner
Jirayut Nimsaeng
 
Docker and Go: why did we decide to write Docker in Go?
Docker and Go: why did we decide to write Docker in Go?Docker and Go: why did we decide to write Docker in Go?
Docker and Go: why did we decide to write Docker in Go?
Jérôme Petazzoni
 
Introduction to docker
Introduction to dockerIntroduction to docker
Introduction to docker
Marcelo Cenerino
 
Mobycraft:Docker in 8-bit (Meetup at Docker HQ 4/7)
Mobycraft:Docker in 8-bit (Meetup at Docker HQ 4/7)Mobycraft:Docker in 8-bit (Meetup at Docker HQ 4/7)
Mobycraft:Docker in 8-bit (Meetup at Docker HQ 4/7)
Docker, Inc.
 
Surveillance on slam technology
Surveillance on slam technologySurveillance on slam technology
Surveillance on slam technology
GMO-Z.com Vietnam Lab Center
 
To Russia with Love: Deploying Kubernetes in Exotic Locations On Prem
To Russia with Love: Deploying Kubernetes in Exotic Locations On PremTo Russia with Love: Deploying Kubernetes in Exotic Locations On Prem
To Russia with Love: Deploying Kubernetes in Exotic Locations On Prem
CloudOps2005
 
Docker e git lab
Docker e git labDocker e git lab
Docker e git lab
Gianluca Padovani
 
Integration kubernetes with docker private registry
Integration kubernetes with docker private registryIntegration kubernetes with docker private registry
Integration kubernetes with docker private registry
HungWei Chiu
 
Why Go Lang?
Why Go Lang?Why Go Lang?
Why Go Lang?
Sathish VJ
 
All Things Containers - Docker, Kubernetes, Helm, Istio, GitOps and more
All Things Containers - Docker, Kubernetes, Helm, Istio, GitOps and moreAll Things Containers - Docker, Kubernetes, Helm, Istio, GitOps and more
All Things Containers - Docker, Kubernetes, Helm, Istio, GitOps and more
All Things Open
 
Docker and the Linux Kernel
Docker and the Linux KernelDocker and the Linux Kernel
Docker and the Linux Kernel
Docker, Inc.
 
Docker at Flux7
Docker at Flux7Docker at Flux7
Docker at Flux7
Aater Suleman
 
Kubernetes with docker
Kubernetes with dockerKubernetes with docker
Kubernetes with docker
Docker, Inc.
 
The relationship between Docker, Kubernetes and CRI
The relationship between Docker, Kubernetes and CRIThe relationship between Docker, Kubernetes and CRI
The relationship between Docker, Kubernetes and CRI
HungWei Chiu
 
Introduction to CRI and OCI
Introduction to CRI and OCIIntroduction to CRI and OCI
Introduction to CRI and OCI
HungWei Chiu
 
Immutable kubernetes architecture by linuxkit
Immutable kubernetes architecture by linuxkitImmutable kubernetes architecture by linuxkit
Immutable kubernetes architecture by linuxkit
어형 이
 
Bucketbench: Benchmarking Container Runtime Performance
Bucketbench: Benchmarking Container Runtime PerformanceBucketbench: Benchmarking Container Runtime Performance
Bucketbench: Benchmarking Container Runtime Performance
Phil Estes
 
Container Runtimes: Comparing and Contrasting Today's Engines
Container Runtimes: Comparing and Contrasting Today's EnginesContainer Runtimes: Comparing and Contrasting Today's Engines
Container Runtimes: Comparing and Contrasting Today's Engines
Phil Estes
 
Making kubernetes simple for developers
Making kubernetes simple for developersMaking kubernetes simple for developers
Making kubernetes simple for developers
Suraj Deshmukh
 
How to debug the pod which is hard to debug (디버그 하기 어려운 POD 디버그 하기)
How to debug the pod which is hard to debug (디버그 하기 어려운 POD 디버그 하기)How to debug the pod which is hard to debug (디버그 하기 어려운 POD 디버그 하기)
How to debug the pod which is hard to debug (디버그 하기 어려운 POD 디버그 하기)
어형 이
 
Container Orchestration from Theory to Practice
Container Orchestration from Theory to PracticeContainer Orchestration from Theory to Practice
Container Orchestration from Theory to Practice
Docker, Inc.
 
Docker - a lot changed in a year
Docker - a lot changed in a yearDocker - a lot changed in a year
Docker - a lot changed in a year
Chris Swan
 
Driving containerd operations with gRPC
Driving containerd operations with gRPCDriving containerd operations with gRPC
Driving containerd operations with gRPC
Docker, Inc.
 
Introducing & playing with Docker | Manel Martinez | 1st Docker Crete Meetup
Introducing & playing with Docker | Manel Martinez | 1st Docker Crete MeetupIntroducing & playing with Docker | Manel Martinez | 1st Docker Crete Meetup
Introducing & playing with Docker | Manel Martinez | 1st Docker Crete Meetup
Alexandra Karapidaki
 
Build and run applications in a dockerless kubernetes world
Build and run applications in a dockerless kubernetes worldBuild and run applications in a dockerless kubernetes world
Build and run applications in a dockerless kubernetes world
Jorge Morales
 

More Related Content

What's hot

Mobycraft:Docker in 8-bit (Meetup at Docker HQ 4/7)
Mobycraft:Docker in 8-bit (Meetup at Docker HQ 4/7)Mobycraft:Docker in 8-bit (Meetup at Docker HQ 4/7)
Mobycraft:Docker in 8-bit (Meetup at Docker HQ 4/7)
Docker, Inc.
 
Surveillance on slam technology
Surveillance on slam technologySurveillance on slam technology
Surveillance on slam technology
GMO-Z.com Vietnam Lab Center
 
To Russia with Love: Deploying Kubernetes in Exotic Locations On Prem
To Russia with Love: Deploying Kubernetes in Exotic Locations On PremTo Russia with Love: Deploying Kubernetes in Exotic Locations On Prem
To Russia with Love: Deploying Kubernetes in Exotic Locations On Prem
CloudOps2005
 
Docker e git lab
Docker e git labDocker e git lab
Docker e git lab
Gianluca Padovani
 
Integration kubernetes with docker private registry
Integration kubernetes with docker private registryIntegration kubernetes with docker private registry
Integration kubernetes with docker private registry
HungWei Chiu
 
Why Go Lang?
Why Go Lang?Why Go Lang?
Why Go Lang?
Sathish VJ
 
All Things Containers - Docker, Kubernetes, Helm, Istio, GitOps and more
All Things Containers - Docker, Kubernetes, Helm, Istio, GitOps and moreAll Things Containers - Docker, Kubernetes, Helm, Istio, GitOps and more
All Things Containers - Docker, Kubernetes, Helm, Istio, GitOps and more
All Things Open
 
Docker and the Linux Kernel
Docker and the Linux KernelDocker and the Linux Kernel
Docker and the Linux Kernel
Docker, Inc.
 
Docker at Flux7
Docker at Flux7Docker at Flux7
Docker at Flux7
Aater Suleman
 
Kubernetes with docker
Kubernetes with dockerKubernetes with docker
Kubernetes with docker
Docker, Inc.
 
The relationship between Docker, Kubernetes and CRI
The relationship between Docker, Kubernetes and CRIThe relationship between Docker, Kubernetes and CRI
The relationship between Docker, Kubernetes and CRI
HungWei Chiu
 
Introduction to CRI and OCI
Introduction to CRI and OCIIntroduction to CRI and OCI
Introduction to CRI and OCI
HungWei Chiu
 
Immutable kubernetes architecture by linuxkit
Immutable kubernetes architecture by linuxkitImmutable kubernetes architecture by linuxkit
Immutable kubernetes architecture by linuxkit
어형 이
 
Bucketbench: Benchmarking Container Runtime Performance
Bucketbench: Benchmarking Container Runtime PerformanceBucketbench: Benchmarking Container Runtime Performance
Bucketbench: Benchmarking Container Runtime Performance
Phil Estes
 
Container Runtimes: Comparing and Contrasting Today's Engines
Container Runtimes: Comparing and Contrasting Today's EnginesContainer Runtimes: Comparing and Contrasting Today's Engines
Container Runtimes: Comparing and Contrasting Today's Engines
Phil Estes
 
Making kubernetes simple for developers
Making kubernetes simple for developersMaking kubernetes simple for developers
Making kubernetes simple for developers
Suraj Deshmukh
 
How to debug the pod which is hard to debug (디버그 하기 어려운 POD 디버그 하기)
How to debug the pod which is hard to debug (디버그 하기 어려운 POD 디버그 하기)How to debug the pod which is hard to debug (디버그 하기 어려운 POD 디버그 하기)
How to debug the pod which is hard to debug (디버그 하기 어려운 POD 디버그 하기)
어형 이
 
Container Orchestration from Theory to Practice
Container Orchestration from Theory to PracticeContainer Orchestration from Theory to Practice
Container Orchestration from Theory to Practice
Docker, Inc.
 
Docker - a lot changed in a year
Docker - a lot changed in a yearDocker - a lot changed in a year
Docker - a lot changed in a year
Chris Swan
 
Driving containerd operations with gRPC
Driving containerd operations with gRPCDriving containerd operations with gRPC
Driving containerd operations with gRPC
Docker, Inc.
 

What's hot (20)

Mobycraft:Docker in 8-bit (Meetup at Docker HQ 4/7)
Mobycraft:Docker in 8-bit (Meetup at Docker HQ 4/7)Mobycraft:Docker in 8-bit (Meetup at Docker HQ 4/7)
Mobycraft:Docker in 8-bit (Meetup at Docker HQ 4/7)
 
Surveillance on slam technology
Surveillance on slam technologySurveillance on slam technology
Surveillance on slam technology
 
To Russia with Love: Deploying Kubernetes in Exotic Locations On Prem
To Russia with Love: Deploying Kubernetes in Exotic Locations On PremTo Russia with Love: Deploying Kubernetes in Exotic Locations On Prem
To Russia with Love: Deploying Kubernetes in Exotic Locations On Prem
 
Docker e git lab
Docker e git labDocker e git lab
Docker e git lab
 
Integration kubernetes with docker private registry
Integration kubernetes with docker private registryIntegration kubernetes with docker private registry
Integration kubernetes with docker private registry
 
Why Go Lang?
Why Go Lang?Why Go Lang?
Why Go Lang?
 
All Things Containers - Docker, Kubernetes, Helm, Istio, GitOps and more
All Things Containers - Docker, Kubernetes, Helm, Istio, GitOps and moreAll Things Containers - Docker, Kubernetes, Helm, Istio, GitOps and more
All Things Containers - Docker, Kubernetes, Helm, Istio, GitOps and more
 
Docker and the Linux Kernel
Docker and the Linux KernelDocker and the Linux Kernel
Docker and the Linux Kernel
 
Docker at Flux7
Docker at Flux7Docker at Flux7
Docker at Flux7
 
Kubernetes with docker
Kubernetes with dockerKubernetes with docker
Kubernetes with docker
 
The relationship between Docker, Kubernetes and CRI
The relationship between Docker, Kubernetes and CRIThe relationship between Docker, Kubernetes and CRI
The relationship between Docker, Kubernetes and CRI
 
Introduction to CRI and OCI
Introduction to CRI and OCIIntroduction to CRI and OCI
Introduction to CRI and OCI
 
Immutable kubernetes architecture by linuxkit
Immutable kubernetes architecture by linuxkitImmutable kubernetes architecture by linuxkit
Immutable kubernetes architecture by linuxkit
 
Bucketbench: Benchmarking Container Runtime Performance
Bucketbench: Benchmarking Container Runtime PerformanceBucketbench: Benchmarking Container Runtime Performance
Bucketbench: Benchmarking Container Runtime Performance
 
Container Runtimes: Comparing and Contrasting Today's Engines
Container Runtimes: Comparing and Contrasting Today's EnginesContainer Runtimes: Comparing and Contrasting Today's Engines
Container Runtimes: Comparing and Contrasting Today's Engines
 
Making kubernetes simple for developers
Making kubernetes simple for developersMaking kubernetes simple for developers
Making kubernetes simple for developers
 
How to debug the pod which is hard to debug (디버그 하기 어려운 POD 디버그 하기)
How to debug the pod which is hard to debug (디버그 하기 어려운 POD 디버그 하기)How to debug the pod which is hard to debug (디버그 하기 어려운 POD 디버그 하기)
How to debug the pod which is hard to debug (디버그 하기 어려운 POD 디버그 하기)
 
Container Orchestration from Theory to Practice
Container Orchestration from Theory to PracticeContainer Orchestration from Theory to Practice
Container Orchestration from Theory to Practice
 
Docker - a lot changed in a year
Docker - a lot changed in a yearDocker - a lot changed in a year
Docker - a lot changed in a year
 
Driving containerd operations with gRPC
Driving containerd operations with gRPCDriving containerd operations with gRPC
Driving containerd operations with gRPC
 

Similar to Docker Container Checkpoint and Restore with CRIU

Introducing & playing with Docker | Manel Martinez | 1st Docker Crete Meetup
Introducing & playing with Docker | Manel Martinez | 1st Docker Crete MeetupIntroducing & playing with Docker | Manel Martinez | 1st Docker Crete Meetup
Introducing & playing with Docker | Manel Martinez | 1st Docker Crete Meetup
Alexandra Karapidaki
 
Build and run applications in a dockerless kubernetes world
Build and run applications in a dockerless kubernetes worldBuild and run applications in a dockerless kubernetes world
Build and run applications in a dockerless kubernetes world
Jorge Morales
 
Docker Up and Running Introduction
Docker Up and Running IntroductionDocker Up and Running Introduction
Docker Up and Running Introduction
Mark Beacom
 
Data Science Workflows using Docker Containers
Data Science Workflows using Docker ContainersData Science Workflows using Docker Containers
Data Science Workflows using Docker Containers
Aly Sivji
 
Perspectives on Docker
Perspectives on DockerPerspectives on Docker
Perspectives on Docker
RightScale
 
JOSA TechTalk: Introduction to docker
JOSA TechTalk: Introduction to dockerJOSA TechTalk: Introduction to docker
JOSA TechTalk: Introduction to docker
Jordan Open Source Association
 
The internals and the latest trends of container runtimes
The internals and the latest trends of container runtimesThe internals and the latest trends of container runtimes
The internals and the latest trends of container runtimes
Akihiro Suda
 
CI with Docker in Docker
CI with Docker in DockerCI with Docker in Docker
CI with Docker in Docker
Mukta Aphale
 
Docker by Example - Quiz
Docker by Example - QuizDocker by Example - Quiz
Docker by Example - Quiz
Ganesh Samarthyam
 
Docker by Example - Quiz
Docker by Example - QuizDocker by Example - Quiz
Docker by Example - Quiz
CodeOps Technologies LLP
 
Docker for Deep Learning (Andrea Panizza)
Docker for Deep Learning (Andrea Panizza)Docker for Deep Learning (Andrea Panizza)
Docker for Deep Learning (Andrea Panizza)
MeetupDataScienceRoma
 
Powercoders · Docker · Fall 2021.pptx
Powercoders · Docker · Fall 2021.pptxPowercoders · Docker · Fall 2021.pptx
Powercoders · Docker · Fall 2021.pptx
IgnacioTamayo2
 
Docker primer and tips
Docker primer and tipsDocker primer and tips
Docker primer and tips
Samuel Chow
 
ABCs of docker
ABCs of dockerABCs of docker
ABCs of docker
Sabyrzhan Tynybayev
 
Docker up and Running For Web Developers
Docker up and Running For Web DevelopersDocker up and Running For Web Developers
Docker up and Running For Web Developers
BADR
 
Docker Up and Running for Web Developers
Docker Up and Running for Web DevelopersDocker Up and Running for Web Developers
Docker Up and Running for Web Developers
Amr Fawzy
 
Magento Docker Setup.pdf
Magento Docker Setup.pdfMagento Docker Setup.pdf
Magento Docker Setup.pdf
Abid Malik
 
DOCKER-PIAIC-SLIDES
DOCKER-PIAIC-SLIDESDOCKER-PIAIC-SLIDES
DOCKER-PIAIC-SLIDES
MuhammadAhmed651877
 
Best Practices for Developing & Deploying Java Applications with Docker
Best Practices for Developing & Deploying Java Applications with DockerBest Practices for Developing & Deploying Java Applications with Docker
Best Practices for Developing & Deploying Java Applications with Docker
Eric Smalling
 
Start your container journey safely
Start your container journey safelyStart your container journey safely
Start your container journey safely
Rachid Zarouali
 

Similar to Docker Container Checkpoint and Restore with CRIU (20)

Introducing & playing with Docker | Manel Martinez | 1st Docker Crete Meetup
Introducing & playing with Docker | Manel Martinez | 1st Docker Crete MeetupIntroducing & playing with Docker | Manel Martinez | 1st Docker Crete Meetup
Introducing & playing with Docker | Manel Martinez | 1st Docker Crete Meetup
 
Build and run applications in a dockerless kubernetes world
Build and run applications in a dockerless kubernetes worldBuild and run applications in a dockerless kubernetes world
Build and run applications in a dockerless kubernetes world
 
Docker Up and Running Introduction
Docker Up and Running IntroductionDocker Up and Running Introduction
Docker Up and Running Introduction
 
Data Science Workflows using Docker Containers
Data Science Workflows using Docker ContainersData Science Workflows using Docker Containers
Data Science Workflows using Docker Containers
 
Perspectives on Docker
Perspectives on DockerPerspectives on Docker
Perspectives on Docker
 
JOSA TechTalk: Introduction to docker
JOSA TechTalk: Introduction to dockerJOSA TechTalk: Introduction to docker
JOSA TechTalk: Introduction to docker
 
The internals and the latest trends of container runtimes
The internals and the latest trends of container runtimesThe internals and the latest trends of container runtimes
The internals and the latest trends of container runtimes
 
CI with Docker in Docker
CI with Docker in DockerCI with Docker in Docker
CI with Docker in Docker
 
Docker by Example - Quiz
Docker by Example - QuizDocker by Example - Quiz
Docker by Example - Quiz
 
Docker by Example - Quiz
Docker by Example - QuizDocker by Example - Quiz
Docker by Example - Quiz
 
Docker for Deep Learning (Andrea Panizza)
Docker for Deep Learning (Andrea Panizza)Docker for Deep Learning (Andrea Panizza)
Docker for Deep Learning (Andrea Panizza)
 
Powercoders · Docker · Fall 2021.pptx
Powercoders · Docker · Fall 2021.pptxPowercoders · Docker · Fall 2021.pptx
Powercoders · Docker · Fall 2021.pptx
 
Docker primer and tips
Docker primer and tipsDocker primer and tips
Docker primer and tips
 
ABCs of docker
ABCs of dockerABCs of docker
ABCs of docker
 
Docker up and Running For Web Developers
Docker up and Running For Web DevelopersDocker up and Running For Web Developers
Docker up and Running For Web Developers
 
Docker Up and Running for Web Developers
Docker Up and Running for Web DevelopersDocker Up and Running for Web Developers
Docker Up and Running for Web Developers
 
Magento Docker Setup.pdf
Magento Docker Setup.pdfMagento Docker Setup.pdf
Magento Docker Setup.pdf
 
DOCKER-PIAIC-SLIDES
DOCKER-PIAIC-SLIDESDOCKER-PIAIC-SLIDES
DOCKER-PIAIC-SLIDES
 
Best Practices for Developing & Deploying Java Applications with Docker
Best Practices for Developing & Deploying Java Applications with DockerBest Practices for Developing & Deploying Java Applications with Docker
Best Practices for Developing & Deploying Java Applications with Docker
 
Start your container journey safely
Start your container journey safelyStart your container journey safely
Start your container journey safely
 

Recently uploaded

DDS-Security 1.2 - What's New? Stronger security for long-running systems
DDS-Security 1.2 - What's New? Stronger security for long-running systemsDDS-Security 1.2 - What's New? Stronger security for long-running systems
DDS-Security 1.2 - What's New? Stronger security for long-running systems
Gerardo Pardo-Castellote
 
SMS API Integration in Saudi Arabia| Best SMS API Service
SMS API Integration in Saudi Arabia| Best SMS API ServiceSMS API Integration in Saudi Arabia| Best SMS API Service
SMS API Integration in Saudi Arabia| Best SMS API Service
Yara Milbes
 
Introducing Crescat - Event Management Software for Venues, Festivals and Eve...
Introducing Crescat - Event Management Software for Venues, Festivals and Eve...Introducing Crescat - Event Management Software for Venues, Festivals and Eve...
Introducing Crescat - Event Management Software for Venues, Festivals and Eve...
Crescat
 
Neo4j - Product Vision and Knowledge Graphs - GraphSummit Paris
Neo4j - Product Vision and Knowledge Graphs - GraphSummit ParisNeo4j - Product Vision and Knowledge Graphs - GraphSummit Paris
Neo4j - Product Vision and Knowledge Graphs - GraphSummit Paris
Neo4j
 
Unveiling the Advantages of Agile Software Development.pdf
Unveiling the Advantages of Agile Software Development.pdfUnveiling the Advantages of Agile Software Development.pdf
Unveiling the Advantages of Agile Software Development.pdf
brainerhub1
 
ALGIT - Assembly Line for Green IT - Numbers, Data, Facts
ALGIT - Assembly Line for Green IT - Numbers, Data, FactsALGIT - Assembly Line for Green IT - Numbers, Data, Facts
ALGIT - Assembly Line for Green IT - Numbers, Data, Facts
Green Software Development
 
8 Best Automated Android App Testing Tool and Framework in 2024.pdf
8 Best Automated Android App Testing Tool and Framework in 2024.pdf8 Best Automated Android App Testing Tool and Framework in 2024.pdf
8 Best Automated Android App Testing Tool and Framework in 2024.pdf
kalichargn70th171
 
Microservice Teams - How the cloud changes the way we work
Microservice Teams - How the cloud changes the way we workMicroservice Teams - How the cloud changes the way we work
Microservice Teams - How the cloud changes the way we work
Sven Peters
 
Revolutionizing Visual Effects Mastering AI Face Swaps.pdf
Revolutionizing Visual Effects Mastering AI Face Swaps.pdfRevolutionizing Visual Effects Mastering AI Face Swaps.pdf
Revolutionizing Visual Effects Mastering AI Face Swaps.pdf
Undress Baby
 
SWEBOK and Education at FUSE Okinawa 2024
SWEBOK and Education at FUSE Okinawa 2024SWEBOK and Education at FUSE Okinawa 2024
SWEBOK and Education at FUSE Okinawa 2024
Hironori Washizaki
 
KuberTENes Birthday Bash Guadalajara - Introducción a Argo CD
KuberTENes Birthday Bash Guadalajara - Introducción a Argo CDKuberTENes Birthday Bash Guadalajara - Introducción a Argo CD
KuberTENes Birthday Bash Guadalajara - Introducción a Argo CD
rodomar2
 
Automated software refactoring with OpenRewrite and Generative AI.pptx.pdf
Automated software refactoring with OpenRewrite and Generative AI.pptx.pdfAutomated software refactoring with OpenRewrite and Generative AI.pptx.pdf
Automated software refactoring with OpenRewrite and Generative AI.pptx.pdf
timtebeek1
 
socradar-q1-2024-aviation-industry-report.pdf
socradar-q1-2024-aviation-industry-report.pdfsocradar-q1-2024-aviation-industry-report.pdf
socradar-q1-2024-aviation-industry-report.pdf
SOCRadar
 
Atelier - Innover avec l’IA Générative et les graphes de connaissances
Atelier - Innover avec l’IA Générative et les graphes de connaissancesAtelier - Innover avec l’IA Générative et les graphes de connaissances
Atelier - Innover avec l’IA Générative et les graphes de connaissances
Neo4j
 
Empowering Growth with Best Software Development Company in Noida - Deuglo
Empowering Growth with Best Software Development Company in Noida - DeugloEmpowering Growth with Best Software Development Company in Noida - Deuglo
Empowering Growth with Best Software Development Company in Noida - Deuglo
Deuglo Infosystem Pvt Ltd
 
原版定制美国纽约州立大学奥尔巴尼分校毕业证学位证书原版一模一样
原版定制美国纽约州立大学奥尔巴尼分校毕业证学位证书原版一模一样原版定制美国纽约州立大学奥尔巴尼分校毕业证学位证书原版一模一样
原版定制美国纽约州立大学奥尔巴尼分校毕业证学位证书原版一模一样
mz5nrf0n
 
OpenMetadata Community Meeting - 5th June 2024
OpenMetadata Community Meeting - 5th June 2024OpenMetadata Community Meeting - 5th June 2024
OpenMetadata Community Meeting - 5th June 2024
OpenMetadata
 
GraphSummit Paris - The art of the possible with Graph Technology
GraphSummit Paris - The art of the possible with Graph TechnologyGraphSummit Paris - The art of the possible with Graph Technology
GraphSummit Paris - The art of the possible with Graph Technology
Neo4j
 
Measures in SQL (SIGMOD 2024, Santiago, Chile)
Measures in SQL (SIGMOD 2024, Santiago, Chile)Measures in SQL (SIGMOD 2024, Santiago, Chile)
Measures in SQL (SIGMOD 2024, Santiago, Chile)
Julian Hyde
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
Safe Software
 

Recently uploaded (20)

DDS-Security 1.2 - What's New? Stronger security for long-running systems
DDS-Security 1.2 - What's New? Stronger security for long-running systemsDDS-Security 1.2 - What's New? Stronger security for long-running systems
DDS-Security 1.2 - What's New? Stronger security for long-running systems
 
SMS API Integration in Saudi Arabia| Best SMS API Service
SMS API Integration in Saudi Arabia| Best SMS API ServiceSMS API Integration in Saudi Arabia| Best SMS API Service
SMS API Integration in Saudi Arabia| Best SMS API Service
 
Introducing Crescat - Event Management Software for Venues, Festivals and Eve...
Introducing Crescat - Event Management Software for Venues, Festivals and Eve...Introducing Crescat - Event Management Software for Venues, Festivals and Eve...
Introducing Crescat - Event Management Software for Venues, Festivals and Eve...
 
Neo4j - Product Vision and Knowledge Graphs - GraphSummit Paris
Neo4j - Product Vision and Knowledge Graphs - GraphSummit ParisNeo4j - Product Vision and Knowledge Graphs - GraphSummit Paris
Neo4j - Product Vision and Knowledge Graphs - GraphSummit Paris
 
Unveiling the Advantages of Agile Software Development.pdf
Unveiling the Advantages of Agile Software Development.pdfUnveiling the Advantages of Agile Software Development.pdf
Unveiling the Advantages of Agile Software Development.pdf
 
ALGIT - Assembly Line for Green IT - Numbers, Data, Facts
ALGIT - Assembly Line for Green IT - Numbers, Data, FactsALGIT - Assembly Line for Green IT - Numbers, Data, Facts
ALGIT - Assembly Line for Green IT - Numbers, Data, Facts
 
8 Best Automated Android App Testing Tool and Framework in 2024.pdf
8 Best Automated Android App Testing Tool and Framework in 2024.pdf8 Best Automated Android App Testing Tool and Framework in 2024.pdf
8 Best Automated Android App Testing Tool and Framework in 2024.pdf
 
Microservice Teams - How the cloud changes the way we work
Microservice Teams - How the cloud changes the way we workMicroservice Teams - How the cloud changes the way we work
Microservice Teams - How the cloud changes the way we work
 
Revolutionizing Visual Effects Mastering AI Face Swaps.pdf
Revolutionizing Visual Effects Mastering AI Face Swaps.pdfRevolutionizing Visual Effects Mastering AI Face Swaps.pdf
Revolutionizing Visual Effects Mastering AI Face Swaps.pdf
 
SWEBOK and Education at FUSE Okinawa 2024
SWEBOK and Education at FUSE Okinawa 2024SWEBOK and Education at FUSE Okinawa 2024
SWEBOK and Education at FUSE Okinawa 2024
 
KuberTENes Birthday Bash Guadalajara - Introducción a Argo CD
KuberTENes Birthday Bash Guadalajara - Introducción a Argo CDKuberTENes Birthday Bash Guadalajara - Introducción a Argo CD
KuberTENes Birthday Bash Guadalajara - Introducción a Argo CD
 
Automated software refactoring with OpenRewrite and Generative AI.pptx.pdf
Automated software refactoring with OpenRewrite and Generative AI.pptx.pdfAutomated software refactoring with OpenRewrite and Generative AI.pptx.pdf
Automated software refactoring with OpenRewrite and Generative AI.pptx.pdf
 
socradar-q1-2024-aviation-industry-report.pdf
socradar-q1-2024-aviation-industry-report.pdfsocradar-q1-2024-aviation-industry-report.pdf
socradar-q1-2024-aviation-industry-report.pdf
 
Atelier - Innover avec l’IA Générative et les graphes de connaissances
Atelier - Innover avec l’IA Générative et les graphes de connaissancesAtelier - Innover avec l’IA Générative et les graphes de connaissances
Atelier - Innover avec l’IA Générative et les graphes de connaissances
 
Empowering Growth with Best Software Development Company in Noida - Deuglo
Empowering Growth with Best Software Development Company in Noida - DeugloEmpowering Growth with Best Software Development Company in Noida - Deuglo
Empowering Growth with Best Software Development Company in Noida - Deuglo
 
原版定制美国纽约州立大学奥尔巴尼分校毕业证学位证书原版一模一样
原版定制美国纽约州立大学奥尔巴尼分校毕业证学位证书原版一模一样原版定制美国纽约州立大学奥尔巴尼分校毕业证学位证书原版一模一样
原版定制美国纽约州立大学奥尔巴尼分校毕业证学位证书原版一模一样
 
OpenMetadata Community Meeting - 5th June 2024
OpenMetadata Community Meeting - 5th June 2024OpenMetadata Community Meeting - 5th June 2024
OpenMetadata Community Meeting - 5th June 2024
 
GraphSummit Paris - The art of the possible with Graph Technology
GraphSummit Paris - The art of the possible with Graph TechnologyGraphSummit Paris - The art of the possible with Graph Technology
GraphSummit Paris - The art of the possible with Graph Technology
 
Measures in SQL (SIGMOD 2024, Santiago, Chile)
Measures in SQL (SIGMOD 2024, Santiago, Chile)Measures in SQL (SIGMOD 2024, Santiago, Chile)
Measures in SQL (SIGMOD 2024, Santiago, Chile)
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
 

Docker Container Checkpoint and Restore with CRIU

  • 1. An Experiment in Checkpointing and Restoring Docker Containers with CRIU Linux Plumbers Conference October 17, 2014 Saied Kazemi (saied@)
  • 2. Motivation ● Container migration through native Checkpoint and Restore (C/R) Docker Meetup 9/17/14 support in Docker using CRIU host A docker checkpoint <id> host B docker restore <id>
  • 3. Docker Meetup 9/17/14 Docker Client, Server, and Containers client server docker run ... docker -d init grandchild Global Namespace Private Namespace container 1 container 2
  • 4. criu container # criu dump ... # criu restore ...
  • 5. Docker Meetup 9/17/14 External C/R Issues ● Manual Set Up ○ Filesystem, cgroups ● Container State ○ After checkpoint, Docker thinks the container has finished and exited ○ After restore, Docker doesn’t know container has resumed ● Process Tree Ownership ○ Restored process tree is a child of system-wide init, not the Docker daemon ● Other “Plumbing” Issues ○ docker stop, docker kill, etc.
  • 6. container Native C/R exec driver nsinit libcontainer criu External C/R # criu dump ... # criu restore ... docker # docker checkpoint ... # docker restore ...
  • 7. Docker Meetup 9/17/14 CRIU and Docker Containers ● There were a number of issues C/R’ing Docker containers ○ See backup slides for details ● Excellent support from upstream CRIU developers and community ● With CRIU 1.3, now possible to C/R ○ Works with AUFS (default) as well as VFS and UnionFS ○ Device Mapper not tested ● No container migration yet
  • 8. Docker Meetup 9/17/14 Checkpoint and Restore Demo ● Using docker_cr.sh helper script (external) ● Using nsinit binary (external) ● Using Docker (native, proof of concept)
  • 9. Docker Meetup 9/17/14 Backup Slides
  • 10. Docker Meetup 9/17/14 Docker C/R Options ● There are two options to checkpoint and restore: A) The Docker daemon and (all) its containers and B) An individual container (without the Docker daemon) ● Option A isn’t currently possible with CRIU due to nested namespaces ○ Option B is possible today on the same machine ○ Will look into adding migration support
  • 11. Docker Meetup 9/17/14 Issues and Solutions ● Issue: nested PID namespaces ○ two ways to start a container: interactive ($ docker run -i ...) or detached ($ docker run -d ...) ○ in both cases the process is a child of the docker daemon (not the docker client) running in global PID namespace ○ CRIU does not support nested PID namespaces ● Solution: C/R is done on process tree without Docker
  • 12. Docker Meetup 9/17/14 Issues and Solutions ● Issue: external bind mounts ○ /etc/{hosts,hostname} from container’s config dir ○ /etc/resolv.conf from container’s config dir (or /etc/resolv.conf in older versions) ○ /.dockerinit from Docker’s init dir in older versions ○ bind mount paths for files in /etc can be obtained with docker inspect, but not for /.dockerinit ● Solution: external bind mount support with --ext-mount-map
  • 13. Docker Meetup 9/17/14 Issues and Solutions ● Issue: /dev/null bind mount over /proc/kcore ○ appeared in Docker 0.10.0, caused dump failure ● Solution: patch 494c044 ● Issue: dumpable flag ○ appeared in Docker 0.11.1 (libcontainer dropping all capabilities, keeping those specified in config) ○ value is set to 2 by which cannot be restored ● Solution: patch 8870aa1
  • 14. Docker Meetup 9/17/14 Issues and Solutions ● Issue: restoring cgroups subdirs and properties ○ after checkpointing, Docker daemon would remove container’s cgroups subdirs (because the container has “exited”) ○ after restoring subdirs, properties were not restored ● Solution: cgroups restoration support with --manage-cgroups
  • 15. Docker Meetup 9/17/14 Issues and Solutions ● Issue: stdin in detached mode ○ container’s stdin set to the global /dev/null in detached mode $ docker run -d … ● Solution: fixed in Docker ○ use --evasive-devices for older Docker versions
  • 16. Docker Meetup 9/17/14 Issues and Solutions ● Issue: AUFS ○ /proc/<pid>/map_files symbolic link paths point inside AUFS branches ○ CRIU gets confused seeing the same file in its physical location (in the branch) and its logical location (from the root of mount namespace) ○ fixing the kernel is the right solution but time-consuming to roll out ● Solution: ○ fixed in AUFS (but will take time to be available in all distros) ○ in the meantime, CRIU patch d8b41b6 will compensate for the problem