aboutsummaryrefslogtreecommitdiff
path: root/cmd/podman/restore.go
Commit message (Collapse)AuthorAge
* restore: added --ignore-static-ip optionAdrian Reber2019-08-02
| | | | | | | | | | If a container is restored multiple times from an exported checkpoint with the help of '--import --name', the restore will fail if during 'podman run' a static container IP was set with '--ip'. The user can tell the restore process to ignore the static IP with '--ignore-static-ip'. Signed-off-by: Adrian Reber <areber@redhat.com>
* Add --ignore-rootfs option for checkpoint/restoreAdrian Reber2019-07-11
| | | | | | | | | | | | | | | | | The newly added functionality to include the container's root file-system changes into the checkpoint archive can now be explicitly disabled. Either during checkpoint or during restore. If a container changes a lot of files during its runtime it might be more effective to migrated the root file-system changes in some other way and to not needlessly increase the size of the checkpoint archive. If a checkpoint archive does not contain the root file-system changes information it will automatically be skipped. If the root file-system changes are part of the checkpoint archive it is also possible to tell Podman to ignore these changes. Signed-off-by: Adrian Reber <areber@redhat.com>
* Fix typo in checkpoint/restore related textsAdrian Reber2019-07-11
| | | | Signed-off-by: Adrian Reber <areber@redhat.com>
* first pass of corrections for golangci-lintbaude2019-07-10
| | | | Signed-off-by: baude <bbaude@redhat.com>
* libpod removal from main (phase 2)baude2019-06-27
| | | | | | this is phase 2 for the removal of libpod from main. Signed-off-by: baude <bbaude@redhat.com>
* Prohibit use of positional args with --importEd Santiago2019-06-11
| | | | | | | | | | | I took the liberty of combining related checks together so as to avoid a little duplication; if this is not a Go best practice, I will revert. I also made a minor wording adjustment to an error message for clarity. Also: update wording of man page. Signed-off-by: Ed Santiago <santiago@redhat.com>
* BATS tests - get working againEd Santiago2019-06-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Various small fixes to get BATS tests working again. Split from #2947 because that one keeps getting stalled, and I'm hoping these separate changes get approved. I consider these changes urgent because RHEL8 gating tests are failing, and will fail even more if/when #2272 gets picked up and packaged for RHEL8, and I consider it important to have clean passing tests for RHEL8. * info test: 'insecure registries' is gone. A recent commit (d1a7378aa) changed the format of 'podman info', removing the 'insecure registries' key. Deal with it. * info test: remove check for .host.{Conmon,OCIRuntime}.package; the value on f28 and f29 is 'Unknown' (instead of an NVR). We can live without this check. * 'load' test: skip when running in CI, because stdin is not a tty. * container restore: fix arg processing. #2272 broke argument processing: 'podman container restore', with no args, should exit with 'argument required' error. Root cause is that the new --import option takes the place of an argument, so the checkAllAndLatest() call had to be changed to not exit on error. Workaround is (sigh) to copy/paste the skipped checkAllAndLatest() code, with minor tweaks to accommodate --import. Signed-off-by: Ed Santiago <santiago@redhat.com>
* migration: add possibility to restore a container with a new nameAdrian Reber2019-06-04
| | | | | | | | | | | | | | | | | | | | The option to restore a container from an external checkpoint archive (podman container restore -i /tmp/checkpoint.tar.gz) restores a container with the same name and same ID as id had before checkpointing. This commit adds the option '--name,-n' to 'podman container restore'. With this option the restored container gets the name specified after '--name,-n' and a new ID. This way it is possible to restore one container multiple times. If a container is restored with a new name Podman will not try to request the same IP address for the container as it had during checkpointing. This implicitly assumes that if a container is restored from a checkpoint archive with a different name, that it will be restored multiple times and restoring a container multiple times with the same IP address will fail as each IP address can only be used once. Signed-off-by: Adrian Reber <areber@redhat.com>
* Added support to migrate containersAdrian Reber2019-06-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | This commit adds an option to the checkpoint command to export a checkpoint into a tar.gz file as well as importing a checkpoint tar.gz file during restore. With all checkpoint artifacts in one file it is possible to easily transfer a checkpoint and thus enabling container migration in Podman. With the following steps it is possible to migrate a running container from one system (source) to another (destination). Source system: * podman container checkpoint -l -e /tmp/checkpoint.tar.gz * scp /tmp/checkpoint.tar.gz destination:/tmp Destination system: * podman pull 'container-image-as-on-source-system' * podman container restore -i /tmp/checkpoint.tar.gz The exported tar.gz file contains the checkpoint image as created by CRIU and a few additional JSON files describing the state of the checkpointed container. Now the container is running on the destination system with the same state just as during checkpointing. If the container is kept running on the source system with the checkpoint flag '-R', the result will be that the same container is running on two different hosts. Signed-off-by: Adrian Reber <areber@redhat.com>
* Fix restore options help text and commentsAdrian Reber2019-06-03
| | | | Signed-off-by: Adrian Reber <areber@redhat.com>
* runtime: pass down the contextGiuseppe Scrivano2019-04-26
| | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Fix segfaults attribute to missing optionsbaude2019-04-15
| | | | | | | | | In cases where the remote client culls options to a command, we need to be sure that the lookup for that flag does not result in a nil pointer. To do so, we add a Remote attribute to the podman struct and then cli helper funcs are now aware they are remote. Signed-off-by: baude <bbaude@redhat.com>
* remote-client checkpoint/restorebaude2019-04-11
| | | | | | | add the ability for the remote client to be able to checkpoint and restore containers. Signed-off-by: baude <bbaude@redhat.com>
* Fix help commands to show short and long description.Daniel J Walsh2019-03-07
| | | | | | Cleanup lots of help information to look good when displayed. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Better usage synopses for subcommandsEd Santiago2019-02-26
| | | | | | | Conceptually simple: include, where applicable, a brief description of command-line options for each subcommand. Signed-off-by: Ed Santiago <santiago@redhat.com>
* hide --latest on the remote-clientbaude2019-02-22
| | | | | | | | in the case of the remote-client, it was decided to hide the latest flag to avoid confusion for end-users on what the "last" container, volume, or pod are. Signed-off-by: baude <bbaude@redhat.com>
* Improve command line validationbaude2019-02-22
| | | | | | | Use the checkallandlatest function to validate flag usage as part of the cobra command args validation. Signed-off-by: baude <bbaude@redhat.com>
* Add 4th chunk of Cobra ExamplesTomSweeneyRedHat2019-02-18
| | | | | | | | | Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com> Adds the 4th chunk of Cobra Examples to the CLI help. One more chunk of 10 to complete. Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
* Don't show global flags except for podman commandDaniel J Walsh2019-02-12
| | | | | | | | | Subcommands should not be showing the global flags. This causes the important information to scroll off the screen. Also fixed a typo on runCommmand (Too many 'm's) Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Separate remote and local commandsbaude2019-02-11
| | | | | | | | In the previous CLI, we had an accurate depiction of commands available for the remote client and those available for the local client. Signed-off-by: baude <bbaude@redhat.com>
* Migrate to cobra CLIbaude2019-02-08
| | | | | | | | We intend to migrate to the cobra cli from urfave/cli because the project is more well maintained. There are also some technical reasons as well which extend into our remote client work. Signed-off-by: baude <bbaude@redhat.com>
* Capatilize all usage and descriptionsDaniel J Walsh2019-02-05
| | | | | | | | | We have no consistancy in out option usages and descritions on whether or not the first letter should be capatalized. This patch forces them all to be capatilized. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Fix podman container restore -aAdrian Reber2018-11-28
| | | | | | | | | | | | | podman container restore -a was using the wrong filter to restore checkpointed containers. This switches from 'running' containers to 'exited' containers. Restoring with -a only works if all exited containers have been checkpointed. Maybe it would make sense to track which containers have been really checkpointed. This is just to fix '-a' to work at least if all exited containers have been checkpointed. Signed-off-by: Adrian Reber <areber@redhat.com>
* Added tcp-established to checkpoint/restoreAdrian Reber2018-11-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | CRIU can checkpoint and restore processes/containers with established TCP connections if the correct option is specified. To implement checkpoint and restore with support for established TCP connections with Podman this commit adds the necessary options to runc during checkpoint and also tells conmon during restore to use 'runc restore' with '--tcp-established'. For this Podman feature to work a corresponding conmon change is required. Example: $ podman run --tmpfs /tmp --name podman-criu-test -d docker://docker.io/yovfiatbeb/podman-criu-test $ nc `podman inspect -l | jq -r '.[0].NetworkSettings.IPAddress'` 8080 GET /examples/servlets/servlet/HelloWorldExample Connection: keep-alive 1 GET /examples/servlets/servlet/HelloWorldExample Connection: keep-alive 2 $ # Using HTTP keep-alive multiple requests are send to the server in the container $ # Different terminal: $ podman container checkpoint -l criu failed: type NOTIFY errno 0 $ # Looking at the log file would show errors because of established TCP connections $ podman container checkpoint -l --tcp-established $ # This works now and after the restore the same connection as above can be used for requests $ podman container restore -l --tcp-established The restore would fail without '--tcp-established' as the checkpoint image contains established TCP connections. Signed-off-by: Adrian Reber <areber@redhat.com>
* Use also a struct to pass options to Restore()Adrian Reber2018-11-28
| | | | | | | | | | | | | This is basically the same change as ff47a4c2d5485fc49f937f3ce0c4e2fd6bdb1956 (Use a struct to pass options to Checkpoint()) just for the Restore() function. It is used to pass multiple restore options to the API and down to conmon which is used to restore containers. This is for the upcoming changes to support checkpointing and restoring containers with '--tcp-established'. Signed-off-by: Adrian Reber <areber@redhat.com>
* Add --all and --latest to checkpoint/restoreAdrian Reber2018-10-23
| | | | | | | This add the convenience options --all and --latest to the subcommands checkpoint and restore. Signed-off-by: Adrian Reber <areber@redhat.com>
* Sort all command flagsQi Wang2018-10-11
| | | | Signed-off-by: Qi Wang <qiwan@redhat.com>
* Add support to checkpoint/restore containersAdrian Reber2018-10-03
runc uses CRIU to support checkpoint and restore of containers. This brings an initial checkpoint/restore implementation to podman. None of the additional runc flags are yet supported and container migration optimization (pre-copy/post-copy) is also left for the future. The current status is that it is possible to checkpoint and restore a container. I am testing on RHEL-7.x and as the combination of RHEL-7 and CRIU has seccomp troubles I have to create the container without seccomp. With the following steps I am able to checkpoint and restore a container: # podman run --security-opt="seccomp=unconfined" -d registry.fedoraproject.org/f27/httpd # curl -I 10.22.0.78:8080 HTTP/1.1 403 Forbidden # <-- this is actually a good answer # podman container checkpoint <container> # curl -I 10.22.0.78:8080 curl: (7) Failed connect to 10.22.0.78:8080; No route to host # podman container restore <container> # curl -I 10.22.0.78:8080 HTTP/1.1 403 Forbidden I am using CRIU, runc and conmon from git. All required changes for checkpoint/restore support in podman have been merged in the corresponding projects. To have the same IP address in the restored container as before checkpointing, CNI is told which IP address to use. If the saved network configuration cannot be found during restore, the container is restored with a new IP address. For CRIU to restore established TCP connections the IP address of the network namespace used for restore needs to be the same. For TCP connections in the listening state the IP address can change. During restore only one network interface with one IP address is handled correctly. Support to restore containers with more advanced network configuration will be implemented later. v2: * comment typo * print debug messages during cleanup of restore files * use createContainer() instead of createOCIContainer() * introduce helper CheckpointPath() * do not try to restore a container that is paused * use existing helper functions for cleanup * restructure code flow for better readability * do not try to restore if checkpoint/inventory.img is missing * git add checkpoint.go restore.go v3: * move checkpoint/restore under 'podman container' v4: * incorporated changes from latest reviews Signed-off-by: Adrian Reber <areber@redhat.com>