From 0592558289c354447d28903910f4165ac5acd71a Mon Sep 17 00:00:00 2001 From: Adrian Reber Date: Wed, 21 Nov 2018 13:09:17 +0000 Subject: Use also a struct to pass options to Restore() This is basically the same change as ff47a4c2d5485fc49f937f3ce0c4e2fd6bdb1956 (Use a struct to pass options to Checkpoint()) just for the Restore() function. It is used to pass multiple restore options to the API and down to conmon which is used to restore containers. This is for the upcoming changes to support checkpointing and restoring containers with '--tcp-established'. Signed-off-by: Adrian Reber --- cmd/podman/restore.go | 6 ++++-- libpod/container_api.go | 6 +++--- libpod/container_internal.go | 2 +- libpod/container_internal_linux.go | 6 +++--- libpod/oci.go | 4 ++-- libpod/oci_linux.go | 6 +++--- libpod/oci_unsupported.go | 2 +- 7 files changed, 17 insertions(+), 15 deletions(-) diff --git a/cmd/podman/restore.go b/cmd/podman/restore.go index 067a2b5d4..6383ebf0b 100644 --- a/cmd/podman/restore.go +++ b/cmd/podman/restore.go @@ -53,7 +53,9 @@ func restoreCmd(c *cli.Context) error { } defer runtime.Shutdown(false) - keep := c.Bool("keep") + options := libpod.ContainerCheckpointOptions{ + Keep: c.Bool("keep"), + } if err := checkAllAndLatest(c); err != nil { return err @@ -62,7 +64,7 @@ func restoreCmd(c *cli.Context) error { containers, lastError := getAllOrLatestContainers(c, runtime, libpod.ContainerStateRunning, "checkpointed") for _, ctr := range containers { - if err = ctr.Restore(context.TODO(), keep); err != nil { + if err = ctr.Restore(context.TODO(), options); err != nil { if lastError != nil { fmt.Fprintln(os.Stderr, lastError) } diff --git a/libpod/container_api.go b/libpod/container_api.go index df6b6e962..396f06c20 100644 --- a/libpod/container_api.go +++ b/libpod/container_api.go @@ -831,7 +831,7 @@ func (c *Container) Refresh(ctx context.Context) error { } // ContainerCheckpointOptions is a struct used to pass the parameters -// for checkpointing to corresponding functions +// for checkpointing (and restoring) to the corresponding functions type ContainerCheckpointOptions struct { Keep bool KeepRunning bool @@ -853,7 +853,7 @@ func (c *Container) Checkpoint(ctx context.Context, options ContainerCheckpointO } // Restore restores a container -func (c *Container) Restore(ctx context.Context, keep bool) (err error) { +func (c *Container) Restore(ctx context.Context, options ContainerCheckpointOptions) (err error) { logrus.Debugf("Trying to restore container %s", c) if !c.batched { c.lock.Lock() @@ -864,5 +864,5 @@ func (c *Container) Restore(ctx context.Context, keep bool) (err error) { } } - return c.restore(ctx, keep) + return c.restore(ctx, options) } diff --git a/libpod/container_internal.go b/libpod/container_internal.go index 051e0aeb7..da0456554 100644 --- a/libpod/container_internal.go +++ b/libpod/container_internal.go @@ -606,7 +606,7 @@ func (c *Container) init(ctx context.Context) error { } // With the spec complete, do an OCI create - if err := c.runtime.ociRuntime.createContainer(c, c.config.CgroupParent, false); err != nil { + if err := c.runtime.ociRuntime.createContainer(c, c.config.CgroupParent, nil); err != nil { return err } diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go index ffb82cc94..99f8652df 100644 --- a/libpod/container_internal_linux.go +++ b/libpod/container_internal_linux.go @@ -514,7 +514,7 @@ func (c *Container) checkpoint(ctx context.Context, options ContainerCheckpointO return c.save() } -func (c *Container) restore(ctx context.Context, keep bool) (err error) { +func (c *Container) restore(ctx context.Context, options ContainerCheckpointOptions) (err error) { if !criu.CheckForCriu() { return errors.Errorf("restoring a container requires at least CRIU %d", criu.MinCriuVersion) @@ -602,7 +602,7 @@ func (c *Container) restore(ctx context.Context, keep bool) (err error) { // Cleanup for a working restore. c.removeConmonFiles() - if err := c.runtime.ociRuntime.createContainer(c, c.config.CgroupParent, true); err != nil { + if err := c.runtime.ociRuntime.createContainer(c, c.config.CgroupParent, &options); err != nil { return err } @@ -610,7 +610,7 @@ func (c *Container) restore(ctx context.Context, keep bool) (err error) { c.state.State = ContainerStateRunning - if !keep { + if !options.Keep { // Delete all checkpoint related files. At this point, in theory, all files // should exist. Still ignoring errors for now as the container should be // restored and running. Not erroring out just because some cleanup operation diff --git a/libpod/oci.go b/libpod/oci.go index a7aec06e5..6aedc5662 100644 --- a/libpod/oci.go +++ b/libpod/oci.go @@ -227,7 +227,7 @@ func bindPorts(ports []ocicni.PortMapping) ([]*os.File, error) { return files, nil } -func (r *OCIRuntime) createOCIContainer(ctr *Container, cgroupParent string, restoreContainer bool) (err error) { +func (r *OCIRuntime) createOCIContainer(ctr *Container, cgroupParent string, restoreOptions *ContainerCheckpointOptions) (err error) { var stderrBuf bytes.Buffer runtimeDir, err := util.GetRootlessRuntimeDir() @@ -289,7 +289,7 @@ func (r *OCIRuntime) createOCIContainer(ctr *Container, cgroupParent string, res args = append(args, "--syslog") } - if restoreContainer { + if restoreOptions != nil { args = append(args, "--restore", ctr.CheckpointPath()) } diff --git a/libpod/oci_linux.go b/libpod/oci_linux.go index b159eae78..2737a641e 100644 --- a/libpod/oci_linux.go +++ b/libpod/oci_linux.go @@ -65,10 +65,10 @@ func newPipe() (parent *os.File, child *os.File, err error) { // CreateContainer creates a container in the OCI runtime // TODO terminal support for container // Presently just ignoring conmon opts related to it -func (r *OCIRuntime) createContainer(ctr *Container, cgroupParent string, restoreContainer bool) (err error) { +func (r *OCIRuntime) createContainer(ctr *Container, cgroupParent string, restoreOptions *ContainerCheckpointOptions) (err error) { if ctr.state.UserNSRoot == "" { // no need of an intermediate mount ns - return r.createOCIContainer(ctr, cgroupParent, restoreContainer) + return r.createOCIContainer(ctr, cgroupParent, restoreOptions) } var wg sync.WaitGroup wg.Add(1) @@ -106,7 +106,7 @@ func (r *OCIRuntime) createContainer(ctr *Container, cgroupParent string, restor if err != nil { return } - err = r.createOCIContainer(ctr, cgroupParent, restoreContainer) + err = r.createOCIContainer(ctr, cgroupParent, restoreOptions) }() wg.Wait() diff --git a/libpod/oci_unsupported.go b/libpod/oci_unsupported.go index b133eb402..8c084d1e2 100644 --- a/libpod/oci_unsupported.go +++ b/libpod/oci_unsupported.go @@ -15,7 +15,7 @@ func newPipe() (parent *os.File, child *os.File, err error) { return nil, nil, ErrNotImplemented } -func (r *OCIRuntime) createContainer(ctr *Container, cgroupParent string, restoreContainer bool) (err error) { +func (r *OCIRuntime) createContainer(ctr *Container, cgroupParent string, restoreOptions *ContainerCheckpointOptions) (err error) { return ErrNotImplemented } -- cgit v1.2.3-54-g00ecf From 453c8bac57b3748ac56378d222dd5a67ea8df097 Mon Sep 17 00:00:00 2001 From: Adrian Reber Date: Tue, 27 Nov 2018 11:30:03 +0100 Subject: Updated CRIO_COMMIT to pull in new conmon for CRIU Signed-off-by: Adrian Reber --- .cirrus.yml | 2 +- Dockerfile | 2 +- Dockerfile.CentOS | 2 +- Dockerfile.Fedora | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.cirrus.yml b/.cirrus.yml index c5b73fdc9..3decc494b 100644 --- a/.cirrus.yml +++ b/.cirrus.yml @@ -18,7 +18,7 @@ gce_instance: env: FEDORA_CNI_COMMIT: "412b6d31280682bb4fab4446f113c22ff1886554" CNI_COMMIT: "7480240de9749f9a0a5c8614b17f1f03e0c06ab9" - CRIO_COMMIT: "662dbb31b5d4f5ed54511a47cde7190c61c28677" + CRIO_COMMIT: "7a283c391abb7bd25086a8ff91dbb36ebdd24466" CRIU_COMMIT: "584cbe4643c3fc7dc901ff08bf923ca0fe7326f9" RUNC_COMMIT: "78ef28e63bec2ee4c139b5e3e0d691eb9bdc748d" # File to update in home-dir with task-specific env. var values diff --git a/Dockerfile b/Dockerfile index 70d1a7629..9c4eed1d0 100644 --- a/Dockerfile +++ b/Dockerfile @@ -64,7 +64,7 @@ RUN set -x \ && rm -rf "$GOPATH" # Install conmon -ENV CRIO_COMMIT 662dbb31b5d4f5ed54511a47cde7190c61c28677 +ENV CRIO_COMMIT 7a283c391abb7bd25086a8ff91dbb36ebdd24466 RUN set -x \ && export GOPATH="$(mktemp -d)" \ && git clone https://github.com/kubernetes-sigs/cri-o.git "$GOPATH/src/github.com/kubernetes-sigs/cri-o.git" \ diff --git a/Dockerfile.CentOS b/Dockerfile.CentOS index 67b7ddce1..3e14e59db 100644 --- a/Dockerfile.CentOS +++ b/Dockerfile.CentOS @@ -68,7 +68,7 @@ RUN set -x \ && install -D -m 755 "$GOPATH"/bin/easyjson /usr/bin/ # Install conmon -ENV CRIO_COMMIT 662dbb31b5d4f5ed54511a47cde7190c61c28677 +ENV CRIO_COMMIT 7a283c391abb7bd25086a8ff91dbb36ebdd24466 RUN set -x \ && export GOPATH="$(mktemp -d)" \ && git clone https://github.com/kubernetes-sigs/cri-o.git "$GOPATH/src/github.com/kubernetes-sigs/cri-o.git" \ diff --git a/Dockerfile.Fedora b/Dockerfile.Fedora index 38cd599d4..51bcaeaf0 100644 --- a/Dockerfile.Fedora +++ b/Dockerfile.Fedora @@ -72,7 +72,7 @@ RUN set -x \ && install -D -m 755 "$GOPATH"/bin/easyjson /usr/bin/ # Install conmon -ENV CRIO_COMMIT 662dbb31b5d4f5ed54511a47cde7190c61c28677 +ENV CRIO_COMMIT 7a283c391abb7bd25086a8ff91dbb36ebdd24466 RUN set -x \ && export GOPATH="$(mktemp -d)" \ && git clone https://github.com/kubernetes-sigs/cri-o.git "$GOPATH/src/github.com/kubernetes-sigs/cri-o.git" \ -- cgit v1.2.3-54-g00ecf From a40f5c0aba4a301a7b9e131d020991dbc6e4379d Mon Sep 17 00:00:00 2001 From: Adrian Reber Date: Tue, 27 Nov 2018 11:31:47 +0100 Subject: Point CRIU_COMMIT to CRIU release 3.11 The old commit points to the development branch and is not stable. Signed-off-by: Adrian Reber --- .cirrus.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.cirrus.yml b/.cirrus.yml index 3decc494b..983ee1237 100644 --- a/.cirrus.yml +++ b/.cirrus.yml @@ -19,7 +19,7 @@ env: FEDORA_CNI_COMMIT: "412b6d31280682bb4fab4446f113c22ff1886554" CNI_COMMIT: "7480240de9749f9a0a5c8614b17f1f03e0c06ab9" CRIO_COMMIT: "7a283c391abb7bd25086a8ff91dbb36ebdd24466" - CRIU_COMMIT: "584cbe4643c3fc7dc901ff08bf923ca0fe7326f9" + CRIU_COMMIT: "c74b83cd49c00589c0c0468ba5fe685b67fdbd0a" RUNC_COMMIT: "78ef28e63bec2ee4c139b5e3e0d691eb9bdc748d" # File to update in home-dir with task-specific env. var values ENVLIB: ".bash_profile" -- cgit v1.2.3-54-g00ecf From a2bcb6d8bf412bae8e4591af60ee8c5994bc54ed Mon Sep 17 00:00:00 2001 From: Adrian Reber Date: Tue, 27 Nov 2018 11:32:30 +0100 Subject: Remove unused CRIU_COMMIT variable Signed-off-by: Adrian Reber --- Dockerfile | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 9c4eed1d0..3eb7b0a07 100644 --- a/Dockerfile +++ b/Dockerfile @@ -112,8 +112,7 @@ RUN set -x \ && go get -u github.com/mailru/easyjson/... \ && install -D -m 755 "$GOPATH"/bin/easyjson /usr/bin/ -# Install criu -ENV CRIU_COMMIT 584cbe4643c3fc7dc901ff08bf923ca0fe7326f9 +# Install latest stable criu version RUN set -x \ && cd /tmp \ && git clone https://github.com/checkpoint-restore/criu.git \ -- cgit v1.2.3-54-g00ecf From 03c88a3debf77780bdad2382d4c01ccedc6d27a5 Mon Sep 17 00:00:00 2001 From: Adrian Reber Date: Wed, 21 Nov 2018 14:40:43 +0000 Subject: Added tcp-established to checkpoint/restore CRIU can checkpoint and restore processes/containers with established TCP connections if the correct option is specified. To implement checkpoint and restore with support for established TCP connections with Podman this commit adds the necessary options to runc during checkpoint and also tells conmon during restore to use 'runc restore' with '--tcp-established'. For this Podman feature to work a corresponding conmon change is required. Example: $ podman run --tmpfs /tmp --name podman-criu-test -d docker://docker.io/yovfiatbeb/podman-criu-test $ nc `podman inspect -l | jq -r '.[0].NetworkSettings.IPAddress'` 8080 GET /examples/servlets/servlet/HelloWorldExample Connection: keep-alive 1 GET /examples/servlets/servlet/HelloWorldExample Connection: keep-alive 2 $ # Using HTTP keep-alive multiple requests are send to the server in the container $ # Different terminal: $ podman container checkpoint -l criu failed: type NOTIFY errno 0 $ # Looking at the log file would show errors because of established TCP connections $ podman container checkpoint -l --tcp-established $ # This works now and after the restore the same connection as above can be used for requests $ podman container restore -l --tcp-established The restore would fail without '--tcp-established' as the checkpoint image contains established TCP connections. Signed-off-by: Adrian Reber --- cmd/podman/checkpoint.go | 9 +++++++-- cmd/podman/restore.go | 7 ++++++- libpod/container_api.go | 8 +++++++- libpod/oci.go | 6 ++++++ 4 files changed, 26 insertions(+), 4 deletions(-) diff --git a/cmd/podman/checkpoint.go b/cmd/podman/checkpoint.go index ddfd12bc3..824c97662 100644 --- a/cmd/podman/checkpoint.go +++ b/cmd/podman/checkpoint.go @@ -27,6 +27,10 @@ var ( Name: "leave-running, R", Usage: "leave the container running after writing checkpoint to disk", }, + cli.BoolFlag{ + Name: "tcp-established", + Usage: "checkpoint a container with established TCP connections", + }, cli.BoolFlag{ Name: "all, a", Usage: "checkpoint all running containers", @@ -55,8 +59,9 @@ func checkpointCmd(c *cli.Context) error { defer runtime.Shutdown(false) options := libpod.ContainerCheckpointOptions{ - Keep: c.Bool("keep"), - KeepRunning: c.Bool("leave-running"), + Keep: c.Bool("keep"), + KeepRunning: c.Bool("leave-running"), + TCPEstablished: c.Bool("tcp-established"), } if err := checkAllAndLatest(c); err != nil { diff --git a/cmd/podman/restore.go b/cmd/podman/restore.go index 6383ebf0b..afdbc36e0 100644 --- a/cmd/podman/restore.go +++ b/cmd/podman/restore.go @@ -26,6 +26,10 @@ var ( // restore --all would make more sense if there would be // dedicated state for container which are checkpointed. // TODO: add ContainerStateCheckpointed + cli.BoolFlag{ + Name: "tcp-established", + Usage: "checkpoint a container with established TCP connections", + }, cli.BoolFlag{ Name: "all, a", Usage: "restore all checkpointed containers", @@ -54,7 +58,8 @@ func restoreCmd(c *cli.Context) error { defer runtime.Shutdown(false) options := libpod.ContainerCheckpointOptions{ - Keep: c.Bool("keep"), + Keep: c.Bool("keep"), + TCPEstablished: c.Bool("tcp-established"), } if err := checkAllAndLatest(c); err != nil { diff --git a/libpod/container_api.go b/libpod/container_api.go index 396f06c20..aee87cc04 100644 --- a/libpod/container_api.go +++ b/libpod/container_api.go @@ -833,8 +833,14 @@ func (c *Container) Refresh(ctx context.Context) error { // ContainerCheckpointOptions is a struct used to pass the parameters // for checkpointing (and restoring) to the corresponding functions type ContainerCheckpointOptions struct { - Keep bool + // Keep tells the API to not delete checkpoint artifacts + Keep bool + // KeepRunning tells the API to keep the container running + // after writing the checkpoint to disk KeepRunning bool + // TCPEstablished tells the API to checkpoint a container + // even if it contains established TCP connections + TCPEstablished bool } // Checkpoint checkpoints a container diff --git a/libpod/oci.go b/libpod/oci.go index 6aedc5662..5a041b7d6 100644 --- a/libpod/oci.go +++ b/libpod/oci.go @@ -291,6 +291,9 @@ func (r *OCIRuntime) createOCIContainer(ctr *Container, cgroupParent string, res if restoreOptions != nil { args = append(args, "--restore", ctr.CheckpointPath()) + if restoreOptions.TCPEstablished { + args = append(args, "--restore-arg", "--tcp-established") + } } logrus.WithFields(logrus.Fields{ @@ -862,6 +865,9 @@ func (r *OCIRuntime) checkpointContainer(ctr *Container, options ContainerCheckp if options.KeepRunning { args = append(args, "--leave-running") } + if options.TCPEstablished { + args = append(args, "--tcp-established") + } args = append(args, ctr.ID()) return utils.ExecCmdWithStdStreams(os.Stdin, os.Stdout, os.Stderr, nil, r.path, args...) } -- cgit v1.2.3-54-g00ecf From af7d67771be7a4b19afb9611a8f8d48acd7010ee Mon Sep 17 00:00:00 2001 From: Adrian Reber Date: Wed, 21 Nov 2018 15:30:41 +0000 Subject: Add '--tcp-established' to checkpoint/restore man page Signed-off-by: Adrian Reber --- docs/podman-container-checkpoint.1.md | 7 +++++++ docs/podman-container-restore.1.md | 8 ++++++++ 2 files changed, 15 insertions(+) diff --git a/docs/podman-container-checkpoint.1.md b/docs/podman-container-checkpoint.1.md index 6f454dfd1..94e52dc78 100644 --- a/docs/podman-container-checkpoint.1.md +++ b/docs/podman-container-checkpoint.1.md @@ -29,6 +29,13 @@ Instead of providing the container name or ID, checkpoint the last created conta Leave the container running after checkpointing instead of stopping it. +**--tcp-established** + +Checkpoint a container with established TCP connections. If the checkpoint +image contains established TCP connections, this options is required during +restore. Defaults to not checkpointing containers with established TCP +connections. + ## EXAMPLE podman container checkpoint mywebserver diff --git a/docs/podman-container-restore.1.md b/docs/podman-container-restore.1.md index 4dd5ea7c7..44219f3ef 100644 --- a/docs/podman-container-restore.1.md +++ b/docs/podman-container-restore.1.md @@ -32,6 +32,14 @@ Restore all checkpointed containers. Instead of providing the container name or ID, restore the last created container. +**--tcp-established** + +Restore a container with established TCP connections. If the checkpoint image +contains established TCP connections, this option is required during restore. +If the checkpoint image does not contain established TCP connections this +option is ignored. Defaults to not restoring containers with established TCP +connections. + ## EXAMPLE podman container restore mywebserver -- cgit v1.2.3-54-g00ecf From 4ed10c5c7aafbbc49555a82b3ac96df6653c6e90 Mon Sep 17 00:00:00 2001 From: Adrian Reber Date: Wed, 21 Nov 2018 15:37:11 +0000 Subject: Update bash completion for checkpoint/restore This brings all the recent changes to checkpoint/restore to the bash completion. Signed-off-by: Adrian Reber --- completions/bash/podman | 30 ++++++++++++++++++++---------- 1 file changed, 20 insertions(+), 10 deletions(-) diff --git a/completions/bash/podman b/completions/bash/podman index 3c6b6ec50..c34381e2b 100644 --- a/completions/bash/podman +++ b/completions/bash/podman @@ -716,16 +716,22 @@ _podman_container_attach() { } _podman_container_checkpoint() { - local options_with_args=" - --help -h - " local boolean_options=" - --keep + -a + --all + -h + --help -k + --keep + -l + --latest + -R + --leave-running + --tcp-established " case "$cur" in -*) - COMPREPLY=($(compgen -W "$boolean_options $options_with_args" -- "$cur")) + COMPREPLY=($(compgen -W "$boolean_options" -- "$cur")) ;; *) __podman_complete_containers_running @@ -794,16 +800,20 @@ _podman_container_restart() { } _podman_container_restore() { - local options_with_args=" - --help -h - " local boolean_options=" - --keep + -a + --all + -h + --help -k + --keep + -l + --latest + --tcp-established " case "$cur" in -*) - COMPREPLY=($(compgen -W "$boolean_options $options_with_args" -- "$cur")) + COMPREPLY=($(compgen -W "$boolean_options" -- "$cur")) ;; *) __podman_complete_containers_created -- cgit v1.2.3-54-g00ecf From fbe8e23ce6504ad2dd669af01015840544f8f99f Mon Sep 17 00:00:00 2001 From: Adrian Reber Date: Mon, 26 Nov 2018 15:44:28 +0000 Subject: Fix podman container restore -a podman container restore -a was using the wrong filter to restore checkpointed containers. This switches from 'running' containers to 'exited' containers. Restoring with -a only works if all exited containers have been checkpointed. Maybe it would make sense to track which containers have been really checkpointed. This is just to fix '-a' to work at least if all exited containers have been checkpointed. Signed-off-by: Adrian Reber --- cmd/podman/restore.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cmd/podman/restore.go b/cmd/podman/restore.go index afdbc36e0..bc2a71ba0 100644 --- a/cmd/podman/restore.go +++ b/cmd/podman/restore.go @@ -66,7 +66,7 @@ func restoreCmd(c *cli.Context) error { return err } - containers, lastError := getAllOrLatestContainers(c, runtime, libpod.ContainerStateRunning, "checkpointed") + containers, lastError := getAllOrLatestContainers(c, runtime, libpod.ContainerStateExited, "checkpointed") for _, ctr := range containers { if err = ctr.Restore(context.TODO(), options); err != nil { -- cgit v1.2.3-54-g00ecf From d3cde7cefe4eed4b8cb0723211c19352c55f3dcf Mon Sep 17 00:00:00 2001 From: Adrian Reber Date: Mon, 26 Nov 2018 20:24:41 +0000 Subject: Added more checkpoint/restore test cases This adds checkpoint/restore test cases for the newly added options * --leave-running * --tcp-established * --all * --latest Signed-off-by: Adrian Reber --- test/e2e/checkpoint_test.go | 161 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 161 insertions(+) diff --git a/test/e2e/checkpoint_test.go b/test/e2e/checkpoint_test.go index 1e4f1eeac..4e892d11c 100644 --- a/test/e2e/checkpoint_test.go +++ b/test/e2e/checkpoint_test.go @@ -2,6 +2,7 @@ package integration import ( "fmt" + "net" "os" "github.com/containers/libpod/pkg/criu" @@ -126,4 +127,164 @@ var _ = Describe("Podman checkpoint", func() { Expect(podmanTest.NumberOfContainersRunning()).To(Equal(0)) }) + + It("podman checkpoint latest running container", func() { + session1 := podmanTest.Podman([]string{"run", "-it", "--security-opt", "seccomp=unconfined", "--name", "first", "-d", ALPINE, "top"}) + session1.WaitWithDefaultTimeout() + Expect(session1.ExitCode()).To(Equal(0)) + + session2 := podmanTest.Podman([]string{"run", "-it", "--security-opt", "seccomp=unconfined", "--name", "second", "-d", ALPINE, "top"}) + session2.WaitWithDefaultTimeout() + Expect(session2.ExitCode()).To(Equal(0)) + + result := podmanTest.Podman([]string{"container", "checkpoint", "-l"}) + result.WaitWithDefaultTimeout() + + Expect(result.ExitCode()).To(Equal(0)) + Expect(podmanTest.NumberOfContainersRunning()).To(Equal(1)) + + ps := podmanTest.Podman([]string{"ps", "-q", "--no-trunc"}) + ps.WaitWithDefaultTimeout() + Expect(ps.ExitCode()).To(Equal(0)) + Expect(ps.LineInOutputContains(session1.OutputToString())).To(BeTrue()) + Expect(ps.LineInOutputContains(session2.OutputToString())).To(BeFalse()) + + result = podmanTest.Podman([]string{"container", "restore", "-l"}) + result.WaitWithDefaultTimeout() + + Expect(result.ExitCode()).To(Equal(0)) + Expect(podmanTest.NumberOfContainersRunning()).To(Equal(2)) + Expect(podmanTest.GetContainerStatus()).To(ContainSubstring("Up")) + Expect(podmanTest.GetContainerStatus()).To(Not(ContainSubstring("Exited"))) + + result = podmanTest.Podman([]string{"rm", "-fa"}) + result.WaitWithDefaultTimeout() + Expect(result.ExitCode()).To(Equal(0)) + Expect(podmanTest.NumberOfContainersRunning()).To(Equal(0)) + }) + + It("podman checkpoint all running container", func() { + session1 := podmanTest.Podman([]string{"run", "-it", "--security-opt", "seccomp=unconfined", "--name", "first", "-d", ALPINE, "top"}) + session1.WaitWithDefaultTimeout() + Expect(session1.ExitCode()).To(Equal(0)) + + session2 := podmanTest.Podman([]string{"run", "-it", "--security-opt", "seccomp=unconfined", "--name", "second", "-d", ALPINE, "top"}) + session2.WaitWithDefaultTimeout() + Expect(session2.ExitCode()).To(Equal(0)) + + result := podmanTest.Podman([]string{"container", "checkpoint", "-a"}) + result.WaitWithDefaultTimeout() + + Expect(result.ExitCode()).To(Equal(0)) + Expect(podmanTest.NumberOfContainersRunning()).To(Equal(0)) + + ps := podmanTest.Podman([]string{"ps", "-q", "--no-trunc"}) + ps.WaitWithDefaultTimeout() + Expect(ps.ExitCode()).To(Equal(0)) + Expect(ps.LineInOutputContains(session1.OutputToString())).To(BeFalse()) + Expect(ps.LineInOutputContains(session2.OutputToString())).To(BeFalse()) + + result = podmanTest.Podman([]string{"container", "restore", "-a"}) + result.WaitWithDefaultTimeout() + + Expect(result.ExitCode()).To(Equal(0)) + Expect(podmanTest.NumberOfContainersRunning()).To(Equal(2)) + Expect(podmanTest.GetContainerStatus()).To(ContainSubstring("Up")) + Expect(podmanTest.GetContainerStatus()).To(Not(ContainSubstring("Exited"))) + + result = podmanTest.Podman([]string{"rm", "-fa"}) + result.WaitWithDefaultTimeout() + Expect(result.ExitCode()).To(Equal(0)) + Expect(podmanTest.NumberOfContainersRunning()).To(Equal(0)) + }) + + It("podman checkpoint container with established tcp connections", func() { + Skip("Seems to not work (yet) in CI") + podmanTest.RestoreArtifact(redis) + session := podmanTest.Podman([]string{"run", "-it", "--security-opt", "seccomp=unconfined", "--network", "host", "-d", redis}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + + // Open a network connection to the redis server + conn, err := net.Dial("tcp", "127.0.0.1:6379") + if err != nil { + os.Exit(1) + } + // This should fail as the container has established TCP connections + result := podmanTest.Podman([]string{"container", "checkpoint", "-l"}) + result.WaitWithDefaultTimeout() + + Expect(result.ExitCode()).To(Equal(125)) + Expect(podmanTest.NumberOfContainersRunning()).To(Equal(1)) + Expect(podmanTest.GetContainerStatus()).To(ContainSubstring("Up")) + + // Now it should work thanks to "--tcp-established" + result = podmanTest.Podman([]string{"container", "checkpoint", "-l", "--tcp-established"}) + result.WaitWithDefaultTimeout() + + Expect(result.ExitCode()).To(Equal(0)) + Expect(podmanTest.NumberOfContainersRunning()).To(Equal(0)) + Expect(podmanTest.GetContainerStatus()).To(ContainSubstring("Exited")) + + // Restore should fail as the checkpoint image contains established TCP connections + result = podmanTest.Podman([]string{"container", "restore", "-l"}) + result.WaitWithDefaultTimeout() + + Expect(result.ExitCode()).To(Equal(125)) + Expect(podmanTest.NumberOfContainersRunning()).To(Equal(0)) + Expect(podmanTest.GetContainerStatus()).To(ContainSubstring("Exited")) + + // Now it should work thanks to "--tcp-established" + result = podmanTest.Podman([]string{"container", "restore", "-l", "--tcp-established"}) + result.WaitWithDefaultTimeout() + + Expect(result.ExitCode()).To(Equal(0)) + Expect(podmanTest.NumberOfContainersRunning()).To(Equal(1)) + Expect(podmanTest.GetContainerStatus()).To(ContainSubstring("Up")) + + result = podmanTest.Podman([]string{"rm", "-fa"}) + result.WaitWithDefaultTimeout() + Expect(result.ExitCode()).To(Equal(0)) + Expect(podmanTest.NumberOfContainersRunning()).To(Equal(0)) + + conn.Close() + }) + + It("podman checkpoint with --leave-running", func() { + session := podmanTest.Podman([]string{"run", "-it", "--security-opt", "seccomp=unconfined", "-d", ALPINE, "top"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + cid := session.OutputToString() + + // Checkpoint container, but leave it running + result := podmanTest.Podman([]string{"container", "checkpoint", "--leave-running", cid}) + result.WaitWithDefaultTimeout() + + Expect(result.ExitCode()).To(Equal(0)) + // Make sure it is still running + Expect(podmanTest.NumberOfContainersRunning()).To(Equal(1)) + Expect(podmanTest.GetContainerStatus()).To(ContainSubstring("Up")) + + // Stop the container + result = podmanTest.Podman([]string{"container", "stop", cid}) + result.WaitWithDefaultTimeout() + + Expect(result.ExitCode()).To(Equal(0)) + Expect(podmanTest.NumberOfContainersRunning()).To(Equal(0)) + Expect(podmanTest.GetContainerStatus()).To(ContainSubstring("Exited")) + + // Restore the stopped container from the previous checkpoint + result = podmanTest.Podman([]string{"container", "restore", cid}) + result.WaitWithDefaultTimeout() + + Expect(result.ExitCode()).To(Equal(0)) + Expect(podmanTest.NumberOfContainersRunning()).To(Equal(1)) + Expect(podmanTest.GetContainerStatus()).To(ContainSubstring("Up")) + + result = podmanTest.Podman([]string{"rm", "-fa"}) + result.WaitWithDefaultTimeout() + Expect(result.ExitCode()).To(Equal(0)) + Expect(podmanTest.NumberOfContainersRunning()).To(Equal(0)) + }) + }) -- cgit v1.2.3-54-g00ecf