jasder
/
runc
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
runc/restore.go

143 lines
4.0 KiB
Go
Raw Normal View History

Enable build on unsupported platforms Should compile now without errors but changes needed to be added for each system so it actually works. main_unsupported.go is a new file with all the unsupported commands Fixes #9 Signed-off-by: Marianna <mtesselh@gmail.com>
2015-06-30 07:49:13 +08:00
// +build linux
Initial commit of runc binary Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-06-22 10:31:12 +08:00
package main
import (
"os"
"github.com/opencontainers/runc/libcontainer"
Disable rootless mode except RootlessCgMgr when executed as the root in userns This PR decomposes `libcontainer/configs.Config.Rootless bool` into `RootlessEUID bool` and `RootlessCgroups bool`, so as to make "runc-in-userns" to be more compatible with "rootful" runc. `RootlessEUID` denotes that runc is being executed as a non-root user (euid != 0) in the current user namespace. `RootlessEUID` is almost identical to the former `Rootless` except cgroups stuff. `RootlessCgroups` denotes that runc is unlikely to have the full access to cgroups. `RootlessCgroups` is set to false if runc is executed as the root (euid == 0) in the initial namespace. Otherwise `RootlessCgroups` is set to true. (Hint: if `RootlessEUID` is true, `RootlessCgroups` becomes true as well) When runc is executed as the root (euid == 0) in an user namespace (e.g. by Docker-in-LXD, Podman, Usernetes), `RootlessEUID` is set to false but `RootlessCgroups` is set to true. So, "runc-in-userns" behaves almost same as "rootful" runc except that cgroups errors are ignored. This PR does not have any impact on CLI flags and `state.json`. Note about CLI: * Now `runc --rootless=(auto|true|false)` CLI flag is only used for setting `RootlessCgroups`. * Now `runc spec --rootless` is only required when `RootlessEUID` is set to true. For runc-in-userns, `runc spec` without `--rootless` should work, when sufficient numbers of UID/GID are mapped. Note about `$XDG_RUNTIME_DIR` (e.g. `/run/user/1000`): * `$XDG_RUNTIME_DIR` is ignored if runc is being executed as the root (euid == 0) in the initial namespace, for backward compatibility. (`/run/runc` is used) * If runc is executed as the root (euid == 0) in an user namespace, `$XDG_RUNTIME_DIR` is honored if `$USER != "" && $USER != "root"`. This allows unprivileged users to allow execute runc as the root in userns, without mounting writable `/run/runc`. Note about `state.json`: * `rootless` is set to true when `RootlessEUID == true && RootlessCgroups == true`. Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
2018-07-05 14:28:21 +08:00
"github.com/opencontainers/runc/libcontainer/system"
"github.com/sirupsen/logrus"
Replace github.com/codegangsta/cli by github.com/urfave/cli The package got moved to a different repository Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-06-07 02:45:46 +08:00
"github.com/urfave/cli"
Initial commit of runc binary Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-06-22 10:31:12 +08:00
)
var restoreCommand = cli.Command{
Name: "restore",
Usage: "restore a container from a previous checkpoint",
updating usage for runc and runc commands Signed-off-by: Mike Brown <brownwm@us.ibm.com>
2016-02-11 01:30:06 +08:00
ArgsUsage: `<container-id>
Where "<container-id>" is the name for the instance of the container to be
restored.`,
Description: `Restores the saved state of the container instance that was previously saved
using the runc checkpoint command.`,
Initial commit of runc binary Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-06-22 10:31:12 +08:00
Flags: []cli.Flag{
checkpoint: add support for containers with terminals CRIU was extended to report about orphaned master pty-s via RPC. Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
2017-03-02 16:02:15 +08:00
cli.StringFlag{
Name: "console-socket",
Value: "",
Usage: "path to an AF_UNIX socket which will receive a file descriptor referencing the master end of the console's pseudoterminal",
},
Adjust runc to new opencontainers/specs version I deleted possibility to specify config file from commands for now. Until we decide how it'll be done. Also I changed runc spec interface to write config files instead of output them. Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2015-09-02 00:32:29 +08:00
cli.StringFlag{
Name: "image-path",
Value: "",
Usage: "path to criu image files for restoring",
},
cli.StringFlag{
Name: "work-path",
Value: "",
Usage: "path for saving work files and logs",
},
cli.BoolFlag{
Name: "tcp-established",
Usage: "allow open tcp connections",
},
cli.BoolFlag{
Name: "ext-unix-sk",
Usage: "allow external unix sockets",
},
cli.BoolFlag{
Name: "shell-job",
Usage: "allow shell jobs",
},
cli.BoolFlag{
Name: "file-locks",
Usage: "handle file locks, for safety",
},
Add option to support criu manage cgroups mode for dump and restore CRIU supports cgroup-manage mode from v1.7 Signed-off-by: Hui Kang <hkang.sunysb@gmail.com>
2015-08-06 23:14:59 +08:00
cli.StringFlag{
Name: "manage-cgroups-mode",
Value: "",
Update man pages to refect the latest cli change The major change is the description of options, change it as the latest cli help message shows, which specify a "value" after an option if it takes value, and add (default: xxx) if the option has a default value. This also includes some other minor consistency fixes. Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2016-05-28 13:33:57 +08:00
Usage: "cgroups mode: 'soft' (default), 'full' and 'strict'",
Add option to support criu manage cgroups mode for dump and restore CRIU supports cgroup-manage mode from v1.7 Signed-off-by: Hui Kang <hkang.sunysb@gmail.com>
2015-08-06 23:14:59 +08:00
},
Adjust runc to new opencontainers/specs version I deleted possibility to specify config file from commands for now. Until we decide how it'll be done. Also I changed runc spec interface to write config files instead of output them. Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2015-09-02 00:32:29 +08:00
cli.StringFlag{
adding support for --bundle -b to start, restore, and spec; fixes issue #310 Signed-off-by: Mike Brown <brownwm@us.ibm.com>
2015-10-28 03:23:44 +08:00
Name: "bundle, b",
Value: "",
Usage: "path to the root of the bundle directory",
Adjust runc to new opencontainers/specs version I deleted possibility to specify config file from commands for now. Until we decide how it'll be done. Also I changed runc spec interface to write config files instead of output them. Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2015-09-02 00:32:29 +08:00
},
Add detach and pid-file to restore Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-02-02 07:00:09 +08:00
cli.BoolFlag{
Name: "detach,d",
Usage: "detach from the container's process",
},
cli.StringFlag{
Name: "pid-file",
Value: "",
Usage: "specify the file to write the process id to",
},
Destroy container along with processes before stdio We need to make sure the container is destroyed before closing the stdio for the container. This becomes a big issues when running in the host's pid namespace because the other processes could have inherited the stdio of the initial process. The call to close will just block as they still have the io open. Calling destroy before closing io, especially in the host pid namespace will cause all additional processes to be killed in the container's cgroup. This will allow the io to be closed successfuly. This change makes sure the order for destroy and close is correct as well as ensuring that if any errors encoutered during start or exec will be handled by terminating the process and destroying the container. We cannot use defers here because we need to enforce the correct ordering on destroy. This also sets the subreaper setting for runc so that when running in pid host, runc can wait on the addiontal processes launched by the container, useful on destroy, but also good for reaping the additional processes that were launched. Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-03-15 06:46:08 +08:00
cli.BoolFlag{
Name: "no-subreaper",
Usage: "disable the use of the subreaper used to reap reparented processes",
},
Add --no-pivot option for containers on ramdisk This adds a `--no-pivot` cli flag to runc so that a container's rootfs can be located ontop of ramdisk/tmpfs and not fail because you cannot pivot root. This should be a cli flag and not part of the spec because this is a detail of the host/runtime environment and not an attribute of a container. Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-03-31 02:12:03 +08:00
cli.BoolFlag{
Name: "no-pivot",
Usage: "do not use pivot root to jail process inside rootfs. This should be used whenever the rootfs is on top of a ramdisk",
},
restore: add the empty-ns option For example: ./runc restore --empty-ns network CTID In this case criu creates a network namespace, but doesn't restore it. We are going to use this option to restore docker containers and Docker sets a hook to restore a network namespace. https://github.com/xemul/criu/issues/165 Signed-off-by: Andrew Vagin <avagin@virtuozzo.com>
2016-06-08 01:22:40 +08:00
cli.StringSliceFlag{
Name: "empty-ns",
Fix misspelling of "properties" in various places Signed-off-by: Tim Potter <tpot@hpe.com>
2017-04-21 10:41:02 +08:00
Usage: "create a namespace, but don't restore its properties",
restore: add the empty-ns option For example: ./runc restore --empty-ns network CTID In this case criu creates a network namespace, but doesn't restore it. We are going to use this option to restore docker containers and Docker sets a hook to restore a network namespace. https://github.com/xemul/criu/issues/165 Signed-off-by: Andrew Vagin <avagin@virtuozzo.com>
2016-06-08 01:22:40 +08:00
},
Add auto-dedup flag for checkpoint/restore When doing incremental dumps is useful to use auto deduplication of memory images to save space. Signed-off-by: Nikolas Sepos <nikolas.sepos@gmail.com>
2017-08-18 22:19:21 +08:00
cli.BoolFlag{
Name: "auto-dedup",
Usage: "enable auto deduplication of memory images",
},
checkpoint: support lazy migration With the help of userfaultfd CRIU supports lazy migration. Lazy migration means that memory pages are only transferred from the migration source to the migration destination on page fault. This enables to reduce the downtime during process or container migration to a minimum as the memory does not need to be transferred during migration. Lazy migration currently depends on userfaultfd being available on the current Linux kernel and if the used CRIU version supports lazy migration. Both dependencies can be checked by querying CRIU via RPC if the lazy migration feature is available. Using feature checking instead of version comparison enables runC to use CRIU features from the criu-dev branch. This way the user can decide if lazy migration should be available by choosing the right kernel and CRIU branch. To use lazy migration the CRIU process during dump needs to dump everything besides the memory pages and then it opens a network port waiting for remote page fault requests: # runc checkpoint httpd --lazy-pages --page-server 0.0.0.0:27 \ --status-fd /tmp/postcopy-pipe In this example CRIU will hang/wait once it has opened the network port and wait for network connection. As runC waits for CRIU to finish it will also hang until the lazy migration has finished. To know when the restore on the destination side can start the '--status-fd' parameter is used: #️ runc checkpoint --help | grep status --status-fd value criu writes \0 to this FD once lazy-pages is ready The parameter '--status-fd' is directly from CRIU and this way the process outside of runC which controls the migration knows exactly when to transfer the checkpoint (without memory pages) to the destination and that the restore can be started. On the destination side it is necessary to start CRIU in 'lazy-pages' mode like this: # criu lazy-pages --page-server --address 192.168.122.3 --port 27 \ -D checkpoint and tell runC to do a lazy restore: # runc restore -d --image-path checkpoint --work-path checkpoint \ --lazy-pages httpd If both processes on the restore side have the same working directory 'criu lazy-pages' creates a unix domain socket where it waits for requests from the actual restore. runC starts CRIU restore in lazy restore mode and talks to 'criu lazy-pages' that it wants to restore memory pages on demand. CRIU continues to restore the process and once the process is running and accesses the first non-existing memory page the 'criu lazy-pages' server will request the page from the source system. Thus all pages from the source system will be transferred to the destination system. Once all pages have been transferred runC on the source system will end and the container will have finished migration. This can also be combined with CRIU's pre-copy support. The combination of pre-copy and post-copy (lazy migration) provides the possibility to migrate containers with minimal downtimes. Some additional background about post-copy migration can be found in these articles: https://lisas.de/~adrian/?p=1253 https://lisas.de/~adrian/?p=1183 Signed-off-by: Adrian Reber <areber@redhat.com>
2017-07-24 23:43:14 +08:00
cli.BoolFlag{
Name: "lazy-pages",
Usage: "use userfaultfd to lazily restore memory pages",
},
Initial commit of runc binary Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-06-22 10:31:12 +08:00
},
Update cli package The old one has bug when showing help message for IntFlags. Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2016-05-10 13:58:09 +08:00
Action: func(context *cli.Context) error {
Check args numbers before application start Add a general args number validator for all client commands. Signed-off-by: Zhang Wei <zhangwei555@huawei.com>
2016-10-28 23:43:10 +08:00
if err := checkArgs(context, 1, exactArgs); err != nil {
return err
}
runc: add support for rootless containers This enables the support for the rootless container mode. There are many restrictions on what rootless containers can do, so many different runC commands have been disabled: * runc checkpoint * runc events * runc pause * runc ps * runc restore * runc resume * runc update The following commands work: * runc create * runc delete * runc exec * runc kill * runc list * runc run * runc spec * runc state In addition, any specification options that imply joining cgroups have also been disabled. This is due to support for unprivileged subtree management not being available from Linux upstream. Signed-off-by: Aleksa Sarai <asarai@suse.de>
2016-04-23 21:39:42 +08:00
// XXX: Currently this is untested with rootless containers.
Disable rootless mode except RootlessCgMgr when executed as the root in userns This PR decomposes `libcontainer/configs.Config.Rootless bool` into `RootlessEUID bool` and `RootlessCgroups bool`, so as to make "runc-in-userns" to be more compatible with "rootful" runc. `RootlessEUID` denotes that runc is being executed as a non-root user (euid != 0) in the current user namespace. `RootlessEUID` is almost identical to the former `Rootless` except cgroups stuff. `RootlessCgroups` denotes that runc is unlikely to have the full access to cgroups. `RootlessCgroups` is set to false if runc is executed as the root (euid == 0) in the initial namespace. Otherwise `RootlessCgroups` is set to true. (Hint: if `RootlessEUID` is true, `RootlessCgroups` becomes true as well) When runc is executed as the root (euid == 0) in an user namespace (e.g. by Docker-in-LXD, Podman, Usernetes), `RootlessEUID` is set to false but `RootlessCgroups` is set to true. So, "runc-in-userns" behaves almost same as "rootful" runc except that cgroups errors are ignored. This PR does not have any impact on CLI flags and `state.json`. Note about CLI: * Now `runc --rootless=(auto|true|false)` CLI flag is only used for setting `RootlessCgroups`. * Now `runc spec --rootless` is only required when `RootlessEUID` is set to true. For runc-in-userns, `runc spec` without `--rootless` should work, when sufficient numbers of UID/GID are mapped. Note about `$XDG_RUNTIME_DIR` (e.g. `/run/user/1000`): * `$XDG_RUNTIME_DIR` is ignored if runc is being executed as the root (euid == 0) in the initial namespace, for backward compatibility. (`/run/runc` is used) * If runc is executed as the root (euid == 0) in an user namespace, `$XDG_RUNTIME_DIR` is honored if `$USER != "" && $USER != "root"`. This allows unprivileged users to allow execute runc as the root in userns, without mounting writable `/run/runc`. Note about `state.json`: * `rootless` is set to true when `RootlessEUID == true && RootlessCgroups == true`. Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
2018-07-05 14:28:21 +08:00
if os.Geteuid() != 0 || system.RunningInUserNS() {
logrus.Warn("runc checkpoint is untested with rootless containers")
runc: add support for rootless containers This enables the support for the rootless container mode. There are many restrictions on what rootless containers can do, so many different runC commands have been disabled: * runc checkpoint * runc events * runc pause * runc ps * runc restore * runc resume * runc update The following commands work: * runc create * runc delete * runc exec * runc kill * runc list * runc run * runc spec * runc state In addition, any specification options that imply joining cgroups have also been disabled. This is due to support for unprivileged subtree management not being available from Linux upstream. Signed-off-by: Aleksa Sarai <asarai@suse.de>
2016-04-23 21:39:42 +08:00
}
Prepare startContainer() to have more action Currently startContainer() is used to create and to run a container. In the next patch it will be used to restore a container. Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
2017-03-02 15:48:00 +08:00
spec, err := setupSpec(context)
Initial commit of runc binary Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-06-22 10:31:12 +08:00
if err != nil {
Update cli package The old one has bug when showing help message for IntFlags. Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2016-05-10 13:58:09 +08:00
return err
Initial commit of runc binary Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-06-22 10:31:12 +08:00
}
Prepare startContainer() to have more action Currently startContainer() is used to create and to run a container. In the next patch it will be used to restore a container. Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
2017-03-02 15:48:00 +08:00
options := criuOptions(context)
cr: don't restore net namespace by default since runc don't manage net device and their configuration, checkpoint also don't dump net namespace by default, so set 'nsmask = unix.CLONE_NEWNET' by default in restore. Or if user do not pass 'empty-ns network', criu will cost extra time in restore. Signed-off-by: Ace-Tang <aceapril@126.com>
2018-08-17 16:03:21 +08:00
if err := setEmptyNsMask(context, options); err != nil {
return err
}
Prepare startContainer() to have more action Currently startContainer() is used to create and to run a container. In the next patch it will be used to restore a container. Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
2017-03-02 15:48:00 +08:00
status, err := startContainer(context, spec, CT_ACT_RESTORE, options)
Initial commit of runc binary Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-06-22 10:31:12 +08:00
if err != nil {
Update cli package The old one has bug when showing help message for IntFlags. Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2016-05-10 13:58:09 +08:00
return err
Initial commit of runc binary Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-06-22 10:31:12 +08:00
}
Prepare startContainer() to have more action Currently startContainer() is used to create and to run a container. In the next patch it will be used to restore a container. Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
2017-03-02 15:48:00 +08:00
// exit with the container's exit status so any external supervisor is
// notified of the exit with the correct exit status.
os.Exit(status)
return nil
Initial commit of runc binary Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-06-22 10:31:12 +08:00
},
}
func criuOptions(context *cli.Context) *libcontainer.CriuOpts {
imagePath := getCheckpointImagePath(context)
if err := os.MkdirAll(imagePath, 0655); err != nil {
fatal(err)
}
return &libcontainer.CriuOpts{
ImagesDirectory: imagePath,
WorkDirectory: context.String("work-path"),
add pre-dump and parent-path to checkpoint CRIU gets pre-dump to complete iterative migration. pre-dump saves process memory info only. And it need parent-path to specify the former memory files. This patch add pre-dump and parent-path arguments to runc checkpoint Signed-off-by: Deng Guangxing <dengguangxing@huawei.com> Signed-off-by: Adrian Reber <areber@redhat.com>
2016-08-24 17:48:56 +08:00
ParentImage: context.String("parent-path"),
Initial commit of runc binary Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-06-22 10:31:12 +08:00
LeaveRunning: context.Bool("leave-running"),
Remove hard-coded default for tcp connections Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-08-22 06:59:43 +08:00
TcpEstablished: context.Bool("tcp-established"),
Initial commit of runc binary Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-06-22 10:31:12 +08:00
ExternalUnixConnections: context.Bool("ext-unix-sk"),
ShellJob: context.Bool("shell-job"),
checkpoint/restore commands support 'file-locks' option. Signed-off-by: mapk0y <mapk0y@gmail.com>
2015-06-27 17:56:24 +08:00
FileLocks: context.Bool("file-locks"),
add pre-dump and parent-path to checkpoint CRIU gets pre-dump to complete iterative migration. pre-dump saves process memory info only. And it need parent-path to specify the former memory files. This patch add pre-dump and parent-path arguments to runc checkpoint Signed-off-by: Deng Guangxing <dengguangxing@huawei.com> Signed-off-by: Adrian Reber <areber@redhat.com>
2016-08-24 17:48:56 +08:00
PreDump: context.Bool("pre-dump"),
Add auto-dedup flag for checkpoint/restore When doing incremental dumps is useful to use auto deduplication of memory images to save space. Signed-off-by: Nikolas Sepos <nikolas.sepos@gmail.com>
2017-08-18 22:19:21 +08:00
AutoDedup: context.Bool("auto-dedup"),
checkpoint: support lazy migration With the help of userfaultfd CRIU supports lazy migration. Lazy migration means that memory pages are only transferred from the migration source to the migration destination on page fault. This enables to reduce the downtime during process or container migration to a minimum as the memory does not need to be transferred during migration. Lazy migration currently depends on userfaultfd being available on the current Linux kernel and if the used CRIU version supports lazy migration. Both dependencies can be checked by querying CRIU via RPC if the lazy migration feature is available. Using feature checking instead of version comparison enables runC to use CRIU features from the criu-dev branch. This way the user can decide if lazy migration should be available by choosing the right kernel and CRIU branch. To use lazy migration the CRIU process during dump needs to dump everything besides the memory pages and then it opens a network port waiting for remote page fault requests: # runc checkpoint httpd --lazy-pages --page-server 0.0.0.0:27 \ --status-fd /tmp/postcopy-pipe In this example CRIU will hang/wait once it has opened the network port and wait for network connection. As runC waits for CRIU to finish it will also hang until the lazy migration has finished. To know when the restore on the destination side can start the '--status-fd' parameter is used: #️ runc checkpoint --help | grep status --status-fd value criu writes \0 to this FD once lazy-pages is ready The parameter '--status-fd' is directly from CRIU and this way the process outside of runC which controls the migration knows exactly when to transfer the checkpoint (without memory pages) to the destination and that the restore can be started. On the destination side it is necessary to start CRIU in 'lazy-pages' mode like this: # criu lazy-pages --page-server --address 192.168.122.3 --port 27 \ -D checkpoint and tell runC to do a lazy restore: # runc restore -d --image-path checkpoint --work-path checkpoint \ --lazy-pages httpd If both processes on the restore side have the same working directory 'criu lazy-pages' creates a unix domain socket where it waits for requests from the actual restore. runC starts CRIU restore in lazy restore mode and talks to 'criu lazy-pages' that it wants to restore memory pages on demand. CRIU continues to restore the process and once the process is running and accesses the first non-existing memory page the 'criu lazy-pages' server will request the page from the source system. Thus all pages from the source system will be transferred to the destination system. Once all pages have been transferred runC on the source system will end and the container will have finished migration. This can also be combined with CRIU's pre-copy support. The combination of pre-copy and post-copy (lazy migration) provides the possibility to migrate containers with minimal downtimes. Some additional background about post-copy migration can be found in these articles: https://lisas.de/~adrian/?p=1253 https://lisas.de/~adrian/?p=1183 Signed-off-by: Adrian Reber <areber@redhat.com>
2017-07-24 23:43:14 +08:00
LazyPages: context.Bool("lazy-pages"),
StatusFd: context.String("status-fd"),
Initial commit of runc binary Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-06-22 10:31:12 +08:00
}
}