{{tag>Brouillon Process Snapshot}}
= Snapshot de process avec criu
Voir
* Podman
* http://criu.org
* https://www.redhat.com/fr/blog/container-migration-podman-rhel
* https://ckpt.wiki.kernel.org/index.php/Main_Page
* https://www.redhat.com/en/blog/how-can-process-snapshotrestore-help-save-your-day
Voir aussi :
* kcarectl / KernelCare
Critmux
* https://github.com/jpetazzo/critmux
* https://asciinema.org/a/9889
Semblable à http://blog.jasonantman.com/2014/07/session-save-and-restore-with-bash-and-gnu-screen/ ?
http://ftp.fr.debian.org/debian/pool/main/c/criu/criu_1.6.1-1_amd64.deb
== CRIU avec Docker tmux
Source : https://github.com/jpetazzo/critmux
Démo ici : https://asciinema.org/a/9889
docker run -t -i --privileged --name critmux jpetazzo/critmux
docker stop critmux
docker start critmux ; docker attach critmux
== Brouillon
wget http://ftp.fr.debian.org/debian/pool/main/c/criu/criu_1.6.1-1_amd64.deb
sha256sum criu_1.6.1-1_amd64.deb
Le nombre en hexadécimal retourné par ''sha256sum'' doit être le même que celui figurant sur la page
https://packages.debian.org/experimental/amd64/criu/download
78c1acc0fa73e7b7843945f314802760c485557a927f9f886489d0ccb823fc87 criu_1.6.1-1_amd64.deb
dpki -i criu_1.6.1-1_amd64.deb
apt-get -f install
# mkdir checkpoint
# criu dump -D checkpoint -t $(pgrep iceweasel) --file-locks
Error (sk-inet.c:141): Connected TCP socket, consider using tcp-established option.
Error (cr-dump.c:1584): Dump files (pid: 17543) failed with -1
Error (cr-dump.c:1947): Dumping FAILED.
On compile newns (voir http://criu.org/VNC)
#define _GNU_SOURCE
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#define STACK_SIZE (8 * 4096)
static int ac;
static char **av;
static int ns_exec(void *_arg)
{
int fd;
fd = open("newns.log", O_CREAT | O_TRUNC | O_RDWR | O_APPEND, 0600);
if (fd >= 0) {
close(0);
dup2(fd, 1);
dup2(fd, 2);
close(fd);
}
setsid();
execvp(av[1], av + 1);
return 1;
}
int main(int argc, char **argv)
{
void *stack;
int ret;
pid_t pid;
ac = argc;
av = argv;
stack = mmap(NULL, STACK_SIZE, PROT_WRITE | PROT_READ,
MAP_PRIVATE | MAP_GROWSDOWN | MAP_ANONYMOUS, -1, 0);
if (stack == MAP_FAILED) {
fprintf(stderr, "Can't map stack %m\n");
exit(1);
}
pid = clone(ns_exec, stack + STACK_SIZE,
CLONE_NEWPID | CLONE_NEWIPC | SIGCHLD, NULL);
if (pid < 0) {
fprintf(stderr, "clone() failed: %m\n");
exit(1);
}
return 0;
}
gcc newns.c -o newns
mv newns /usr/local/bin/
chmod +x /usr/local/bin/newns
$ newns iceweasel
clone() failed: Operation not permitted
Voir https://github.com/lxc/lxc/issues/261
J'ai essayé : Sans succès !
echo 1 > /sys/fs/cgroup/cpu,cpuacct/cgroup.clone_children
echo 1 > /proc/sys/kernel/unprivileged_userns_clone
Analysons
$ strace newns 2>&1 | grep -i clone
clone(child_stack=0x7f105164fff0, flags=CLONE_NEWIPC|CLONE_NEWPID|SIGCHLD) = -1 EPERM (Operation not permitted)
write(2, "clone() failed: Operation not pe"..., 40clone() failed: Operation not permitted