cloning running servers with docker and criu by ross boucher

Report

Post on 15-Apr-2017

3.694 Views

Category:

Technology

1 Downloads

Preview:

Click to see full reader

TRANSCRIPT

Cloning Running Servers

Ross Boucher@boucher

$ node>> 2 + 24>>

Browser Server

2 + 2

4

x = 1

1

++x

2

x == 2

true

[1]

[2]

[3]

x = 1

1

++x

2

x == 2

true

[4]

[2]

[3]

(Checkpoint Restore In Userspace)CRIU

CRIU+

Application Server

Evaluation Controller

Public Internet Internal Network Isolated Network

Container PoolUser’s Browser

Primary Docker Eval Docker

2 + 2

4

message: "evaluate" nodeVersion: "4.x.x" sources: [{ type: "source", text: "var x = 2 + 2", checksum: "a8efd" }] url: "/users/boucher/repositories/12345/branches/master"

2 + 2 Application Server

message: "get-evaluator" nodeVersion: "4.x.x" checksums: [ "a8efd" ] url: "/users/boucher/repositories/12345/branches/master"

2 + 2 Evaluation Controller

Application Server

function get_evaluator(configuration) { if (cached_containers[configuration]) {

return cached_containers[configuration] } if (checkpoint_exists(configuration)) {

return restored_container(configuration);}return pooled_container(configuration)

}

2 + 2Evaluation Controller

message: "found-evaluator" IP: "172.0.1.201" port: "7777"

Evaluation Controller

Application Server

message: "establish-connection" message: "get-source" index: 0

message: "source-at-index" index: 0

source: "var x = 2+2;" message: "output" value: 4

Application Server

message: "output" index: 0 value: 4

2 + 2 Application Server4

message: "checkpoint-evaluator" checksum: "a8efd" url: "/users/boucher/repositories/12345/branches/master"

2 + 2 Evaluation Controller

Application Server

await container.checkpoint({ LeaveRunning: true, ImagesDirectory: “/checkpoints/<document_id>/<checksum>/”})if (await container.changes().length > 0) {

metadata.image = await container.commit({ pause: false })}await fs.writeFile(metadata, “/checkpoints/<document_id>/<checksum>/metadata.txt”)

2 + 2Evaluation Controller

# current cli$ docker checkpoint --leave-running --image-dir=/checkpoint/path <container_id>

$ docker commit --pause=false <container_id>

# new cli$ docker checkpoint --exit=false <container_id> <checkpoint_id>

2 + 2Evaluation Controller

message: "get-source" ...

message: "source-at-index" ...

message: "finished" (process exited)

Application Server

message: "predict-evaluator" checksums: [ "a8efd" ] url: "/users/boucher/repositories/12345/branches/master"

2 + 2 Evaluation Controller

Application Server

function predict_evaluator(configuration) {var cpPath = “/checkpoints/<document_id>/<checksum>/”;var metadata = await fs.readFile(metadata, cpPath + “/metadata.txt”);var container = await docker.restore({ ImagesDirectory: cpPath ...});cached_containers[configuration] = container;

}

2 + 2Evaluation Controller

$ docker create tonic/worker<container_id>

# current cli$ docker restore --force —image-dir=/checkpoint/path <container_id>

# new cli$ docker start --checkpoint <checkpoint_id> <container_id>

2 + 2Evaluation Controller

message: "evaluate" nodeVersion: "4.x.x" sources: [ { type: "source", text: "var x = 2 + 2", checksum: "a8fed"}, { type: "source", text: "x++", checksum: "b9ccc" } ] url: "/users/boucher/repositories/12345/branches/master"

Application Server

2 + 2

4

x++

function get_evaluator(configuration) { if (cached_containers[configuration]) {

return cached_containers[configuration] } if (checkpoint_exists(configuration)) {

return restored_container(configuration);}return pooled_container(configuration)

}

2 + 2Evaluation Controller

• Drop any capabilities you don’t need

• Set CPU, memory, and network constraints

• User Namespaces

• Network Isolation

• Seccomp

Security Concerns

• AUFS errors

• CRIU failures

• Race conditions

• Zombie processes

• Docker daemon restarts

• Filesystem management

Security Concerns

github.com/boucher/dockworkerDockWorker

http://github.com/boucher/dockworker

(and other potential use cases)Container Migration

! Pre-compiled Release (based on Docker 1.10)

! Checkpoint/Restore Pull Request

! Saied Kazemi’s Linux Plumber’s Talk

! CRIU Homepage

! DockerCon Doom Demo

! Tonic Blog on checkpoint/restore

! DockWorker on Github

! Using P.Haul with Docker

! DockerScript is a cool tool we use to manage our images

Further Reading

https://github.com/boucher/docker/releases/tag/v1.10_2-16-16-experimental
https://github.com/docker/docker/pull/22049
http://www.slideshare.net/SaiedKazemi/2015-0820criu-supportindockerfornativecheckpointandrestore
https://criu.org
https://youtu.be/mL9AFkJJAq0
http://blog.tonicdev.com/2015/09/10/time-traveling-in-node.js-notebooks.html
https://github.com/boucher/dockworker
https://github.com/xemul/p.haul/blob/master/test/docker/HOWTO
https://github.com/devTristan/dockerscript

Thanks!@boucher • rboucher@gmail.com

mailto:rboucher@gmail.com

top related

criu 9970711 1. - downloads.hindawi.com
Documents
boucher corporate strategy
Documents
2015 08-20-criu...
Software
boucher thomas gerald
Education
detailed ielts - jeff boucher
Documents
du martinisme jules boucher
Documents
cloning applications in genetics 3 main types of cloning...
Documents
12 boucher way, boucher road,...
Documents
cloning, cloning, cloning
Documents
cloning-human cloning
Health & Medicine
finetune boucher
Documents
the boucher style pocket calculator · figure 2. front of...
Documents
border cooperation - norm boucher
Documents
cloning and sub-cloning
Science
boucher week 02
Documents
alan boucher
Documents
5 ndt testing boucher
Documents
franc3a7ois boucher roma
Documents
chp 1 basic principles of gene cloning. what is cloning?...
Documents
san francisco - jm boucher
Documents