Talking about criu a common question is, if it is possible to know if a
checkpoint and restore will actually work. Running 'criu dump' with
--leave-running to see if the checkpointing will work and then running
'criu restore' is always an option. If one of those operations (either
'dump' or 'restore') will fail the chances are high that there are
problems with checkpointing or restoring. But a lot of memory might have
already been dumped to disk and transferred to the destination system
which is not necessary to test for a restore failure. If the restore,
however, works the problem exists that the source process has been told
to keep on running (--leave-running) which might be an undesired
situation to have the process now running on the source and destination
system. To avoid a situation like this and to give an easier option to
test if 'criu dump' and 'criu restore' will work, this patch introduces
the '--check-only' option:
source system:
# criu dump --check-only -D /tmp/cp -t <PID>
Only checking if requested operation will succeed
# rsync -a /tmp/cp dest-system:/tmp
destination system:
# criu restore -D /tmp/cp
Checking mode enabled
criu will detect if a checkpoint is a 'check-only' checkpoint and the
restore will automatically run in '--check-only' mode.
It is also possible to use the '--check-only' switch on a full
checkpoint to see if the restore will succeed and making sure at the
same time that the process will not start running:
destination system:
# criu restore --check-only -D /tmp/cp
Only checking if requested operation will succeed
Checking mode enabled
Right now only the existing checks (e.g., check binary size) are run in
'check-only' mode but additional checks could be added like:
* checksums of binaries
* checksums of used libraries
* available memory
v2:
- changes based on Pavel's review
Signed-off-by: Adrian Reber <areber@redhat.com>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
Only long options are supported in configuration files. "-v" is the only
short option which doesn't have a corresponding long option, therefore
users wouldn't be able to setup verbosity in configuration files without
this patch.
Signed-off-by: Veronika Kabatova <vkabatov@redhat.com>
Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
New restore option 'tcp-close' was introduced. It restores all connected
TCP sockets in TCP_CLOSE state. Here we consider tcp sockets in
TCP_ESTABLISHED, TCP_FIN_WAIT2, TCP_FIN_WAIT1, TCP_CLOSE_WAIT,
TCP_LAST_ACK, TCP_CLOSING, TCP_SYN_SENT states as connected sockets.
This is consistent with current CRIU usage of these states. Thus this
option doesn't affect sockets with original states of TCP_LISTEN and
TCP_CLOSE.
Signed-off-by: Pavel Begunkov <asml.silence@gmail.com>
Signed-off-by: Eugene Batalov <eabatalov89@gmail.com>
Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
Introducing negative options for true / false values. The original
getopt_long parser is kept since it is able to set flag-like values
(instead of setting these values in the switch when it's not needed).
The type of the options needed to be changed to integers for getopt_long
to accept flag-like value settings (as per getopt_long documentation,
the address of integer variable has to be passed).
Corresponding negative options are not added for deprecated options.
This patch is a preparation for the addition of configuration files
(GitHub issue #278). General idea of this feature is to have global
configuration files in /etc/criu.d/ directory and user-specific
configuration files in $HOME/.criu.d/ directory, with the possibility
of specifying a chosen file to be used (default files will be used if
none is specified, or none in case the default ones are not present,
to not break compatibility). The options in configuration files should
be possible to be overriden by the options specified on command line,
hence the negative options addition.
The whole feature of configuration files will remove the need of
specifying all the options on command line, with the possibility of
reusing a file for different use case with only overriding some of the
values specified there.
In case both types of option (negative and positive) are passed, the
later one will be applied -- this works with the philosophy of
overriding the "earlier" options from configuration files.
Changes since v1:
- Describe the --no- option prefix in the beginning of OPTIONS section in
both man page and --help instead of mentioning it at every eligible line
(this also fixes line length issue with --help)
- Fix the accidental removal of check_only case caused by bad rebase
- Use a macro for getopt_long struct option generating instead of additional
defines and hardcoded lines
Signed-off-by: Veronika Kabatova <vkabatov@redhat.com>
Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
For most of the CLI tools I see, adding -v option increases their verbosity.
Currently, this is not the case for criu. Default verbosity is set it 2,
and using -v actually decreases the verbosity level to 1, so to increase
verbosity you need to use -vvv (or -v3). To me, this behavior is
quite counterintuitive.
This patch changes the way -v works (but retains -vNUM as it was). Now,
using -v increases verbosity by +1 from the default value (and e.g. -vvv
increases it by +3).
Surely, this changes user experience: for example someone who
was using -v (rather than -v1 or -v0) to silent warnings, will
now have verbosity increased. IMHO this is for the better.
Signed-off-by: Kir Kolyshkin <kir@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
This patch adds the --siganl-fd FD option to specify a file descriptor.
CRIU will write '\0' to this descriptor and close it after passing
a preparation stage.
It is alternative way to demonizing a criu process after a preparation
stage. It's imposiable to get exit code, if a process has daemonized.
The introduced way allows to wait a preparation stage and to get an exit
code. It can be easy used from shell and other script languages.
v3: fix a help message
v4: Here is a sequence of actions how it can be used:
* open a pipe
* run a service with the pipe[1] as status_fd
* read(pipe[0]) to wait a moment when the service will be ready to
accept connections
* do a work which requires the service
* wait the service process to gets its exit status to be sure that
everything okey
travis-ci: success for crtools: close a signal descriptor after passing a preparation stage (rev6)
Cc: Mike Rapoport <mike.rapoport@gmail.com>
Cc: Kir Kolyshkin <kir@openvz.org>
Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
Based on debian's manpage from Salvatore Bonaccorso:
e708a3a Sync manpage for crit to include short explanation for new subcommands
7dd571a Fix position for optional arguments in crit's manpage
017f8d9 Add minimal manpage for the crit
travis-ci: success for crit: added crit manpage
Signed-off-by: Adrian Reber <areber@redhat.com>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
This is an addition to commit 6273a5c ("Add ability to restore with
missing sysctls on the target node").
travis-ci: success for Document --weak-syscalls
Cc: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
Signed-off-by: Kir Kolyshkin <kir@openvz.org>
Acked-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
This adds the description of --external option for all the supported
cases, both for dump and restore.
References: https://criu.org/CLI/opt/--external
travis-ci: success for Add/fix description of --external and --inherit-fd
Signed-off-by: Kir Kolyshkin <kir@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
This patch describes the correct syntax of --inherit-fd.
travis-ci: success for Add/fix description of --external and --inherit-fd
CC: Andrei Vagin <avagin@virtuozzo.com>
Signed-off-by: Kir Kolyshkin <kir@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
Remove the following options (obsoleted by --external):
--ext-unix-sk
--veth-pair
--ext-mount-map
--enable-external-masters
--enable-exteral-sharing
travis-ci: success for Add/fix description of --external and --inherit-fd
Signed-off-by: Kir Kolyshkin <kir@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
Option --leave-stopped can now be used during restore,
but this was not reflected in the man page.
[v2: fix wording]
https://github.com/xemul/criu/issues/215
travis-ci: success for criu.8: document restore --leave-stopped (rev2)
Signed-off-by: Kir Kolyshkin <kir@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
The "$(SRC): $(FOOTER)" dependency listed is incorrect, as criu.txt file
is not dependent on footer.txt. Having said that, criu.8 in fact do
depend on footer.txt but that was not reflected in Makefile. Fix it.
While at it, add the custom.xsl dependency, which was also missing.
Cc: Cyrill Gorcunov <gorcunov@openvz.org>
Signed-off-by: Kir Kolyshkin <kir@openvz.org>
Acked-by: Cyrill Gorcunov <gorcunov@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
I just discovered that if I run make right from Documentation/ subdir,
CRIU_VERSION is not defined so the generated man page is lacking it.
Let's fix by conditionally including ../Makefile.versions.
Signed-off-by: Kir Kolyshkin <kir@openvz.org>
Acked-by: Cyrill Gorcunov <gorcunov@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
1. As __nmk_dir already ends with a slash, there's no need
for an extra one.
2. No need to include macro.mk into criu/Makefile -- nothing it defines
is used from there.
Cc: Cyrill Gorcunov <gorcunov@openvz.org>
Signed-off-by: Kir Kolyshkin <kir@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
This adds a way to re-enable justification and hyphenation for
the man page (which in enabled by default in troff but then
Docbook explicitly disables it). The man page looks better this way.
The reason why hyphenation for man pages is disabled by Docbook is
"The problem is that groff is not particularly smart about how it
does hyphenation; it can end up hyphenating a lot of things that you
don't want hyphenated".
The reason why justification for man pages is disabled by Docbook is
"justified text looks good only when it is also hyphenated.
Without hyphenation, excessive amounts of space often end up
getting between words, in order to "pad" lines out to align
on the right margin".
I carefully checked the resuling man page using both terminal output
on 80 columns and the PS/PDF generated. In both cases hyphenation
looks normal, i.e. I don't see any unwanted cases of extra hyphenation.
Same for justification.
Signed-off-by: Kir Kolyshkin <kir@openvz.org>
Reviewed-by: Cyrill Gorcunov <gorcunov@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
This is an attempt to cleanup the man page. I am very sorry this comes
in this one big patch. Here are the changes:
1. Use *BOLD* for literals, 'ITALIC' for arguments (variable
substituions)
2. Do not use <> for arguments, as they are already marked so (italic)
3. Remove details about "criu exec" and remote syscalls execution;
add note that it's obsoleted by Compel.
4. Some descriptions are shrunk, some made longer, many are rephrased.
5. Formatting: use second-level lists (*value*:::) where appropriate
(mostly instead of bulleted lists of values).
6. Properly show comma-separated lists of arguments (with second pair
of [] and ...
7. Proper use of terms 'option' and 'argument' (*--option* 'argument').
8. Other fixes to formatting and English (such as missing a/the articles).
...
98. Change author to be "the CRIU team".
99. Update copyright years, copyright holder is Parallels Holdings.
[v2: rebase]
Cc: Cyrill Gorcunov <gorcunov@openvz.org>
Signed-off-by: Kir Kolyshkin <kir@openvz.org>
Reviewed-by: Cyrill Gorcunov <gorcunov@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
I was not able to find a way to make a target in sub-makefile
(such as "cd Documentation && make pdf") without this hack.
If there's a better way, please let me know
Cc: Cyrill Gorcunov <gorcunov@openvz.org>
Signed-off-by: Kir Kolyshkin <kir@openvz.org>
Reviewed-by: Cyrill Gorcunov <gorcunov@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
For the previously added option to skip in-flight connections this adds
that option to the RPC interface. The skip in-flight connections is also
described in criu.txt.
Signed-off-by: Adrian Reber <areber@redhat.com>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
While most are handled from the scratch there is a significant
problem with python setup. So I added some preliminaty solution,
probably someohe with good knowledge of how setup.py works
improve it later.
Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
Reviewed-by: Dmitry Safonov <dsafonov@virtuozzo.com>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
The "criu check" command to check if the kernel is properly configured
to run criu is broken.
The "criu check --ms" command used to be the way to tell criu to check
only for features that have been merged upstream. But recent kernels
have a set of features whose presence doesn't necessarily mean that
dump or restore will fail but rather *may* fail depending on whether
the process tree uses those features.
This patch deprecates --ms and introduces --extra, --experimental,
and --all. See "criu --help" or "man criu" for more info.
Typical use cases are:
$ sudo criu check
<zero or more warnings and errors...>
Looks good.
$ echo $?
0
$ sudo criu check --extra
<zero or more warnings and errors...>
Looks good.
$ echo $?
1
$ sudo criu check --extra
<one or more warnings...>
Looks good but some kernel features are missing
which, depending on your process tree, may cause
dump or restore failure.
$ echo $?
1
$ sudo criu check --feature list
mnt_id aio_remap timerfd tun userns fdinfo_lock seccomp_suspend \
seccomp_filters loginuid cgroupns
$ sudo criu check --feature mnt_id
Warn (cr-check.c:283): fdinfo doesn't contain the mnt_id field
$ echo $?
1
$ sudo criu check --feature tun
tun is supported
$ echo $?
0
Signed-off-by: Saied Kazemi <saied@google.com>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
We can generate footer dynamically and
provide criu.8 version the same as
the program has.
Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
This reverts commit a98014f306be4b4fefdf01af31e1efa5d83e5e4f.
As per Saied Kazemi, actually dump works without seccomp support
from the kernel on non-seccomped tasks. The only problem was with
criu check, but this would be addressed separately.
Reverting the commit not to burden the API with (yet) unneeded stuff.
Conflicts:
lib/c/criu.h
Sometimes we may want to use CRIU on older kernels which don't support
dumping seccomp state where we don't actually care about the seccomp state.
Of course this is unsafe, but it does allow for c/r of things using
seccomp on these older kernels in some cases. When the task is in
SECCOMP_MODE_STRICT or SECCOMP_MODE_FILTER with filters that block the
syscalls criu's parasite code needs, the dump will still fail.
Note that we disable seccomp by simply feigning that we are in mode 0. This
is a little hacky, but avoids distributing ifs throughout the code and
keeps them in this one place.
Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>
CC: Saied Kazemi <saied@google.com>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
This patch change the build chain to not use pie objects in the crtools
executable.
This done by building the shared source files twice:
1. for parasite/restorer as '<file>-pie-build.o'
2. for crtools as '<file>.o'
Signed-off-by: Laurent Dufour <ldufour@linux.vnet.ibm.com>
Reviewed-by: Cyrill Gorcunov <gorcunov@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
This allows the user to perform actions before dumping or restoration
occurs.
Signed-off-by: Matthew Krafczyk <krafczyk.matthew@gmail.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
For example we hit a case where systemd carries journal
file with 4M in size.
https://jira.sw.ru/browse/PSBM-38571
Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Reasoning: some systems have /sys/fs/cgroup stuff mounted as read-only
and we have to either remount it rw or create our own set. The former
doesn't look sane as this rw remounting is also done by ststemd, so
let's return back to manual cgyard construction.
This reverts commit 860df95f859cf7ba23b57fc832793c623a5897e4.
Conflicts:
cgroup.c
include/cr_options.h
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
When been playing wich checkpoint/restore of container I found
that we can't reuse existing controller if they were pre-created.
For example currently in PCS7 we're bindmount cgroups which belong
to a container in a form of
/sys/fs/cgroup/<controller>/<container> ==> /sys/fs/cgroup/<controller>
so that CRIU dumps such configuration fine but on restore
it recreates controllers from the scratch which we would
like to bindmount them and ask CRIU to restore subcgroups
and their parameters.
So I extended --manage-cgroups option to take <mode> arguments.
Detailed description in docs.
Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
Acked-by: Tycho Andersen <tycho.andersen@canonical.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Currently we always create temporary directory where we restore
cgroups, but this won't work in case if mounting cgroups is forbidden
from inside of a container for some reason (as in OpenVZ kernel).
So one can pass --cgroup-yard option to specify an existing
directory where cgroups are living. By default we assume it
lays in /sys/fs/cgroup.
Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
Acked-by: Tycho Andersen <tycho.andersen@canonical.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
