AdminSysGNULinux

Outils pour utilisateurs

Outils du site

Piste : fusion_dossiers pb_ansible_-_warn_sftp_transfer_mechanism_failed uudecode-par-openssl linux_pile_tcp_ip_time_wait_apache notes_bios_uefi_efi_-_efibootmgr debian_depots_exemple_de_source.list snapshot_lvm ansible_inventory_script_-_inventaire_dynamique notes_install_silencieuse_redhat_kickstart snapshot_de_process_avec_criu
tech:snapshot_de_process_avec_criu

Table des matières

, ,

Snapshot de process avec criu

Voir

Voir aussi :

  • kcarectl / KernelCare

Critmux

Semblable à http://blog.jasonantman.com/2014/07/session-save-and-restore-with-bash-and-gnu-screen/ ?

http://ftp.fr.debian.org/debian/pool/main/c/criu/criu_1.6.1-1_amd64.deb

CRIU avec Docker tmux

Source : https://github.com/jpetazzo/critmux

Démo ici : https://asciinema.org/a/9889 

docker run -t -i --privileged --name critmux jpetazzo/critmux
docker stop critmux
docker start critmux ; docker attach critmux

Brouillon

wget http://ftp.fr.debian.org/debian/pool/main/c/criu/criu_1.6.1-1_amd64.deb
sha256sum criu_1.6.1-1_amd64.deb

Le nombre en hexadécimal retourné par sha256sum doit être le même que celui figurant sur la page https://packages.debian.org/experimental/amd64/criu/download

<cide → 78c1acc0fa73e7b7843945f314802760c485557a927f9f886489d0ccb823fc87 criu_1.6.1-1_amd64.deb </code> 

dpki -i criu_1.6.1-1_amd64.deb
apt-get -f install
# mkdir checkpoint
# criu dump -D checkpoint -t $(pgrep iceweasel) --file-locks
Error (sk-inet.c:141): Connected TCP socket, consider using tcp-established option.
Error (cr-dump.c:1584): Dump files (pid: 17543) failed with -1
Error (cr-dump.c:1947): Dumping FAILED.

On compile newns (voir http://criu.org/VNC) 

#define _GNU_SOURCE
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <string.h>
#include <errno.h>
#include <sys/mount.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <sys/wait.h>
#include <sys/param.h>
#include <sys/mman.h>
#include <fcntl.h>
#include <signal.h>
#include <sched.h>
 
#define STACK_SIZE	(8 * 4096)
 
static int ac;
static char **av;
static int ns_exec(void *_arg)
{
	int fd;
 
	fd = open("newns.log", O_CREAT | O_TRUNC | O_RDWR | O_APPEND, 0600);
	if (fd >= 0) {
		close(0);
		dup2(fd, 1);
		dup2(fd, 2);
		close(fd);
	}
 
	setsid();
	execvp(av[1], av + 1);
	return 1;
}
 
int main(int argc, char **argv)
{
	void *stack;
	int ret;
	pid_t pid;
 
	ac = argc;
	av = argv;
 
	stack = mmap(NULL, STACK_SIZE, PROT_WRITE | PROT_READ,
			MAP_PRIVATE | MAP_GROWSDOWN | MAP_ANONYMOUS, -1, 0);
	if (stack == MAP_FAILED) {
		fprintf(stderr, "Can't map stack %m\n");
		exit(1);
	}
	pid = clone(ns_exec, stack + STACK_SIZE,
			CLONE_NEWPID | CLONE_NEWIPC | SIGCHLD, NULL);
	if (pid < 0) {
		fprintf(stderr, "clone() failed: %m\n");
		exit(1);
	}
	return 0;
}
gcc newns.c -o newns
mv newns /usr/local/bin/
chmod +x /usr/local/bin/newns
$ newns iceweasel

clone() failed: Operation not permitted </code>

Voir https://github.com/lxc/lxc/issues/261

J'ai essayé : Sans succès ! 

echo 1 > /sys/fs/cgroup/cpu,cpuacct/cgroup.clone_children 
echo 1 > /proc/sys/kernel/unprivileged_userns_clone

Analysons 

$ strace newns 2>&1 | grep -i clone
clone(child_stack=0x7f105164fff0, flags=CLONE_NEWIPC|CLONE_NEWPID|SIGCHLD) = -1 EPERM (Operation not permitted)
write(2, "clone() failed: Operation not pe"..., 40clone() failed: Operation not permitted
tech/snapshot_de_process_avec_criu.txt · Dernière modification : de Jean-Baptiste
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki