restore: added --ignore-static-ip option

If a container is restored multiple times from an exported checkpoint
with the help of '--import --name', the restore will fail if during
'podman run' a static container IP was set with '--ip'. The user can
tell the restore process to ignore the static IP with
'--ignore-static-ip'.

Signed-off-by: Adrian Reber <areber@redhat.com>

8 files changed, 37 insertions, 12 deletions

diff --git a/cmd/podman/cliconfig/config.go b/cmd/podman/cliconfig/config.go
index 025f40cf6..ef028093e 100644
--- a/cmd/podman/cliconfig/config.go
+++ b/cmd/podman/cliconfig/config.go
@@ -436,6 +436,7 @@ type RestoreValues struct {
 	Import         string
 	Name           string
 	IgnoreRootfs   bool
+	IgnoreStaticIP bool
 }
 
 type RmValues struct {
diff --git a/cmd/podman/restore.go b/cmd/podman/restore.go
index 3ae141d41..90d0b2dc4 100644
--- a/cmd/podman/restore.go
+++ b/cmd/podman/restore.go
@@ -46,6 +46,7 @@ func init() {
 	flags.StringVarP(&restoreCommand.Import, "import", "i", "", "Restore from exported checkpoint archive (tar.gz)")
 	flags.StringVarP(&restoreCommand.Name, "name", "n", "", "Specify new name for container restored from exported checkpoint (only works with --import)")
 	flags.BoolVar(&restoreCommand.IgnoreRootfs, "ignore-rootfs", false, "Do not apply root file-system changes when importing from exported checkpoint")
+	flags.BoolVar(&restoreCommand.IgnoreStaticIP, "ignore-static-ip", false, "Ignore IP address set via --static-ip")
 
 	markFlagHiddenForRemoteClient("latest", flags)
 }
diff --git a/completions/bash/podman b/completions/bash/podman
index c8f00a3cb..d2eb5b570 100644
--- a/completions/bash/podman
+++ b/completions/bash/podman
@@ -872,6 +872,7 @@ _podman_container_restore() {
 	  --latest
 	  --tcp-established
 	  --ignore-rootfs
+	  --ignore-static-ip
      "
      case "$prev" in
         -i|--import)
diff --git a/docs/podman-container-restore.1.md b/docs/podman-container-restore.1.md
index 544a096d8..a49cb7421 100644
--- a/docs/podman-container-restore.1.md
+++ b/docs/podman-container-restore.1.md
@@ -67,6 +67,15 @@ from a checkpoint tar.gz file it is possible that it also contains all root file
 changes. With **--ignore-rootfs** it is possible to explicitly disable applying these
 root file-system changes to the restored container.
 
+**--ignore-static-ip**
+
+If the container was started with **--ip** the restored container also tries to use that
+IP address and restore fails if that IP address is already in use. This can happen, if
+a container is restored multiple times from an exported checkpoint with **--name, -n**.
+
+Using **--ignore-static-ip** tells Podman to ignore the IP address if it was configured
+with **--ip** during container creation.
+
 ## EXAMPLE
 
 podman container restore mywebserver
diff --git a/libpod/container_api.go b/libpod/container_api.go
index cd020e429..5ed474a98 100644
--- a/libpod/container_api.go
+++ b/libpod/container_api.go
@@ -773,6 +773,11 @@ type ContainerCheckpointOptions struct {
 	// IgnoreRootfs tells the API to not export changes to
 	// the container's root file-system (or to not import)
 	IgnoreRootfs bool
+	// IgnoreStaticIP tells the API to ignore the IP set
+	// during 'podman run' with '--ip'. This is especially
+	// important to be able to restore a container multiple
+	// times with '--import --name'.
+	IgnoreStaticIP bool
 }
 
 // Checkpoint checkpoints a container
diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go
index 6dbd53fbf..047b73d65 100644
--- a/libpod/container_internal_linux.go
+++ b/libpod/container_internal_linux.go
@@ -743,6 +743,14 @@ func (c *Container) restore(ctx context.Context, options ContainerCheckpointOpti
 		return err
 	}
 
+	// If a container is restored multiple times from an exported checkpoint with
+	// the help of '--import --name', the restore will fail if during 'podman run'
+	// a static container IP was set with '--ip'. The user can tell the restore
+	// process to ignore the static IP with '--ignore-static-ip'
+	if options.IgnoreStaticIP {
+		c.config.StaticIP = nil
+	}
+
 	// Read network configuration from checkpoint
 	// Currently only one interface with one IP is supported.
 	networkStatusFile, err := os.Open(filepath.Join(c.bundlePath(), "network.status"))
@@ -752,7 +760,7 @@ func (c *Container) restore(ctx context.Context, options ContainerCheckpointOpti
 	// TODO: This implicit restoring with or without IP depending on an
 	//       unrelated restore parameter (--name) does not seem like the
 	//       best solution.
-	if err == nil && options.Name == "" {
+	if err == nil && options.Name == "" && !options.IgnoreStaticIP {
 		// The file with the network.status does exist. Let's restore the
 		// container with the same IP address as during checkpointing.
 		defer networkStatusFile.Close()
diff --git a/pkg/adapter/containers.go b/pkg/adapter/containers.go
index faaef3e60..967c79505 100644
--- a/pkg/adapter/containers.go
+++ b/pkg/adapter/containers.go
@@ -565,6 +565,7 @@ func (r *LocalRuntime) Restore(ctx context.Context, c *cliconfig.RestoreValues)
 		TargetFile:     c.Import,
 		Name:           c.Name,
 		IgnoreRootfs:   c.IgnoreRootfs,
+		IgnoreStaticIP: c.IgnoreStaticIP,
 	}
 
 	filterFuncs = append(filterFuncs, func(c *libpod.Container) bool {
diff --git a/test/e2e/checkpoint_test.go b/test/e2e/checkpoint_test.go
index 0261acbd9..d37d7c7cc 100644
--- a/test/e2e/checkpoint_test.go
+++ b/test/e2e/checkpoint_test.go
@@ -364,8 +364,8 @@ var _ = Describe("Podman checkpoint", func() {
 	// This test does the same steps which are necessary for migrating
 	// a container from one host to another
 	It("podman checkpoint container with export (migration)", func() {
-		// CRIU does not work with seccomp correctly on RHEL7
-		session := podmanTest.Podman([]string{"run", "-it", "--security-opt", "seccomp=unconfined", "-d", ALPINE, "top"})
+		localRunString := getRunString([]string{"--rm", ALPINE, "top"})
+		session := podmanTest.Podman(localRunString)
 		session.WaitWithDefaultTimeout()
 		Expect(session.ExitCode()).To(Equal(0))
 		Expect(podmanTest.NumberOfContainersRunning()).To(Equal(1))
@@ -377,13 +377,7 @@ var _ = Describe("Podman checkpoint", func() {
 
 		Expect(result.ExitCode()).To(Equal(0))
 		Expect(podmanTest.NumberOfContainersRunning()).To(Equal(0))
-		Expect(podmanTest.GetContainerStatus()).To(ContainSubstring("Exited"))
-
-		// Remove all containers to simulate migration
-		result = podmanTest.Podman([]string{"rm", "-fa"})
-		result.WaitWithDefaultTimeout()
-		Expect(result.ExitCode()).To(Equal(0))
-		Expect(podmanTest.NumberOfContainersRunning()).To(Equal(0))
+		Expect(podmanTest.NumberOfContainers()).To(Equal(0))
 
 		result = podmanTest.Podman([]string{"container", "restore", "-i", fileName})
 		result.WaitWithDefaultTimeout()
@@ -392,8 +386,12 @@ var _ = Describe("Podman checkpoint", func() {
 		Expect(podmanTest.NumberOfContainersRunning()).To(Equal(1))
 		Expect(podmanTest.GetContainerStatus()).To(ContainSubstring("Up"))
 
-		// Restore container a second time with different name
-		result = podmanTest.Podman([]string{"container", "restore", "-i", fileName, "-n", "restore_again"})
+		// Restore container a second time with different name.
+		// Using '--ignore-static-ip' as for parallel test runs
+		// each containers gets a random IP address via '--ip'.
+		// '--ignore-static-ip' tells the restore to use the next
+		// available IP address.
+		result = podmanTest.Podman([]string{"container", "restore", "-i", fileName, "-n", "restore_again", "--ignore-static-ip"})
 		result.WaitWithDefaultTimeout()
 
 		Expect(result.ExitCode()).To(Equal(0))
@@ -404,6 +402,7 @@ var _ = Describe("Podman checkpoint", func() {
 		result.WaitWithDefaultTimeout()
 		Expect(result.ExitCode()).To(Equal(0))
 		Expect(podmanTest.NumberOfContainersRunning()).To(Equal(0))
+		Expect(podmanTest.NumberOfContainers()).To(Equal(0))
 
 		// Remove exported checkpoint
 		os.Remove(fileName)