[lxc-users] lxc move - "error: checkpoint failed"
Tycho Andersen
tycho.andersen at canonical.com
Thu Aug 6 13:16:54 UTC 2015
Hi Tomasz,
On Wed, Aug 05, 2015 at 06:46:02PM +0900, Tomasz Chmielewski wrote:
> Trying to move a running container between hosts, unfortunately, it fails:
>
> # lxc move dp02:nominatim dp03:nominatim
> error: checkpoint failed
>
> Both hosts are running Ubuntu 14.04, package versions are:
>
> ii criu 1.6-2~ubuntu14.04.1~ppa1
> amd64 checkpoint and restore in userspace
> ii liblxc1 1.1.2-0ubuntu5~ubuntu14.04.1~ppa1
> amd64 Linux Containers userspace tools (library)
> ii lxc 1.1.2-0ubuntu5~ubuntu14.04.1~ppa1
> amd64 Linux Containers userspace tools
> ii lxc-templates 1.1.2-0ubuntu5~ubuntu14.04.1~ppa1
> amd64 Linux Containers userspace tools (templates)
> ii lxcfs 0.9-0ubuntu1~ubuntu14.04.1~ppa1
> amd64 FUSE based filesystem for LXC
> ii lxd 0.14-0ubuntu3~ubuntu14.04.1~ppa1
> amd64 Container hypervisor based on LXC - daemon
> ii lxd-client 0.14-0ubuntu3~ubuntu14.04.1~ppa1
> amd64 Container hypervisor based on LXC - client
> ii python3-lxc 1.1.2-0ubuntu5~ubuntu14.04.1~ppa1
> amd64 Linux Containers userspace tools (Python 3.x bindings)
>
>
> Kernel is 3.13.0-55-generic #94-Ubuntu.
>
>
> Log entries created on dp02:
>
> lxc_container 1438767790.340 WARN lxc_log - log.c:lxc_log_init:316 -
> lxc_log_init called with log already initialized
> lxc_container 1438767790.340 WARN lxc_confile -
> confile.c:config_pivotdir:1768 - lxc.pivotdir is ignored. It will soon
> become an error.
> lxc_container 1438767790.342 INFO lxc_confile -
> confile.c:config_idmap:1376 - read uid map: type u nsid 0 hostid 100000
> range 65536
> lxc_container 1438767790.342 INFO lxc_confile -
> confile.c:config_idmap:1376 - read uid map: type g nsid 0 hostid 100000
> range 65536
> lxc_container 1438767790.343 DEBUG lxc_commands -
> commands.c:lxc_cmd_handler:888 - peer has disconnected
> lxc_container 1438767790.344 DEBUG lxc_commands -
> commands.c:lxc_cmd_get_state:574 - 'nominatim' is in 'RUNNING' state
> lxc_container 1438767790.344 DEBUG lxc_commands -
> commands.c:lxc_cmd_handler:888 - peer has disconnected
> lxc_container 1438767790.344 DEBUG lxc_commands -
> commands.c:lxc_cmd_handler:888 - peer has disconnected
> lxc_container 1438767790.344 DEBUG lxc_commands -
> commands.c:lxc_cmd_handler:888 - peer has disconnected
> lxc_container 1438767790.345 DEBUG lxc_commands -
> commands.c:lxc_cmd_get_state:574 - 'nominatim' is in 'RUNNING' state
> lxc_container 1438767790.345 DEBUG lxc_commands -
> commands.c:lxc_cmd_handler:888 - peer has disconnected
> lxc_container 1438767790.346 DEBUG lxc_commands -
> commands.c:lxc_cmd_handler:888 - peer has disconnected
> lxc_container 1438767790.347 DEBUG lxc_commands -
> commands.c:lxc_cmd_handler:888 - peer has disconnected
> lxc_container 1438767790.348 DEBUG lxc_commands -
> commands.c:lxc_cmd_get_state:574 - 'nominatim' is in 'RUNNING' state
> lxc_container 1438767790.348 DEBUG lxc_commands -
> commands.c:lxc_cmd_handler:888 - peer has disconnected
> lxc_container 1438767790.348 DEBUG lxc_commands -
> commands.c:lxc_cmd_handler:888 - peer has disconnected
> lxc_container 1438767790.349 DEBUG lxc_commands -
> commands.c:lxc_cmd_handler:888 - peer has disconnected
> lxc_container 1438767790.349 DEBUG lxc_commands -
> commands.c:lxc_cmd_handler:888 - peer has disconnected
> lxc_container 1438767790.350 DEBUG lxc_commands -
> commands.c:lxc_cmd_handler:888 - peer has disconnected
> lxc_container 1438767790.350 DEBUG lxc_commands -
> commands.c:lxc_cmd_get_state:574 - 'nominatim' is in 'RUNNING' state
> lxc_container 1438767790.350 DEBUG lxc_commands -
> commands.c:lxc_cmd_handler:888 - peer has disconnected
> lxc_container 1438767790.351 DEBUG lxc_commands -
> commands.c:lxc_cmd_handler:888 - peer has disconnected
> lxc_container 1438767791.333 WARN lxc_log - log.c:lxc_log_init:316 -
> lxc_log_init called with log already initialized
> lxc_container 1438767791.333 WARN lxc_confile -
> confile.c:config_pivotdir:1768 - lxc.pivotdir is ignored. It will soon
> become an error.
> lxc_container 1438767791.334 INFO lxc_confile -
> confile.c:config_idmap:1376 - read uid map: type u nsid 0 hostid 100000
> range 65536
> lxc_container 1438767791.334 INFO lxc_confile -
> confile.c:config_idmap:1376 - read uid map: type g nsid 0 hostid 100000
> range 65536
> lxc_container 1438767791.335 DEBUG lxc_commands -
> commands.c:lxc_cmd_handler:888 - peer has disconnected
> lxc_container 1438767791.336 DEBUG lxc_commands -
> commands.c:lxc_cmd_handler:888 - peer has disconnected
> lxc_container 1438767791.336 DEBUG lxc_commands -
> commands.c:lxc_cmd_get_state:574 - 'nominatim' is in 'RUNNING' state
> lxc_container 1438767798.810 DEBUG lxc_commands -
> commands.c:lxc_cmd_handler:888 - peer has disconnected
> lxc_container 1438767798.811 DEBUG lxc_commands -
> commands.c:lxc_cmd_get_state:574 - 'nominatim' is in 'RUNNING' state
> lxc_container 1438767798.811 DEBUG lxc_commands -
> commands.c:lxc_cmd_handler:888 - peer has disconnected
> lxc_container 1438767798.811 ERROR lxc_container -
> lxccontainer.c:criu_ok:3799 - couldn't find devices.deny = c 5:1 rwm
It looks like the container configuration sanity check in liblxc
failed.
The problem here is that CRIU can't support everything that LXD does
just yet, so you have to set up some container specific configuration.
I've just landed a branch that has a profile that does this for you,
but unfortunately it isn't in any released version of LXD yet:
https://github.com/lxc/lxd#how-can-i-live-migrate-a-container-using-lxd
You can create your own copy of the migratable profile, it should look
like this:
name: migratable
config:
raw.lxc: |
lxc.console = none
lxc.cgroup.devices.deny = c 5:1 rwm
lxc.seccomp =
security.privileged: "true"
And then the same set of commands listed above should work.
Thanks,
Tycho
More information about the lxc-users
mailing list