Cloning Running Servers with Docker and CRIU by Ross Boucher

Cloning Running Servers
Ross
Boucher
@boucher

$ node
>> 2 + 2
4
>>
Browser Server
2 + 2
4

x = 1
1
++x
2
x == 2
true
[1]
[2]
[3]
x = 1
1
++x
2
x == 2
true
[4]
[2]
[3]

(Checkpoint Restore In Userspace)
CRIU

Application
Server
Evaluation
Controller
Public Internet Internal Network Isolated Network
Container PoolUser’s Browser
Primary Docker Eval Docker
2 + 2
4

message: "evaluate"
nodeVersion: "4.x.x"
sources: [{
type: "source",
text: "var x = 2 + 2",
checksum: "a8efd"
}]
url: "/users/boucher/repositories/12345/branches/master"
2 + 2 Application
Server

message: "get-evaluator"
checksums: [ "a8efd" ]
2 + 2
Evaluation
Controller
Application
Server

function get_evaluator(configuration) {
if (cached_containers[configuration]) {
return cached_containers[configuration]
}
if (checkpoint_exists(configuration)) {
return restored_container(configuration);
}
return pooled_container(configuration)
}
2 + 2
Evaluation
Controller

message: "found-evaluator"
IP: "172.0.1.201"
port: "7777"
Evaluation
Controller
Application
Server

message: "establish-connection"
message: "get-source"
index: 0
message: "source-at-index"
index: 0
source: "var x = 2+2;"
message: "output"
value: 4
Application
Server

message: "output"
index: 0
value: 4
2 + 2 Application
Server4

message: "checkpoint-evaluator"
checksum: "a8efd"
2 + 2
Evaluation
Controller
Application
Server

await container.checkpoint({
LeaveRunning: true,
ImagesDirectory: “/checkpoints/<document_id>/<checksum>/”
})
if (await container.changes().length > 0) {
metadata.image = await container.commit({ pause: false })
}
await fs.writeFile(metadata,
“/checkpoints/<document_id>/<checksum>/metadata.txt”)
2 + 2Evaluation
Controller

# current cli
$ docker checkpoint --leave-running --image-dir=/checkpoint/path
<container_id>
$ docker commit --pause=false <container_id>
# new cli
$ docker checkpoint --exit=false <container_id> <checkpoint_id>
2 + 2Evaluation
Controller

message: "get-source"
...
message: "source-at-index"
...
message: "finished"
(process exited)
Application
Server

message: "predict-evaluator"
checksums: [ "a8efd" ]
2 + 2
Evaluation
Controller
Application
Server

function predict_evaluator(configuration) {
var cpPath = “/checkpoints/<document_id>/<checksum>/”;
var metadata = await fs.readFile(metadata, cpPath + “/metadata.txt”);
var container = await docker.restore({
ImagesDirectory: cpPath
...
});
cached_containers[configuration] = container;
}
2 + 2Evaluation
Controller

$ docker create tonic/worker
<container_id>
# current cli
$ docker restore --force —image-dir=/checkpoint/path <container_id>
# new cli
$ docker start --checkpoint <checkpoint_id> <container_id>
2 + 2Evaluation
Controller

message: "evaluate"
sources: [
{ type: "source", text: "var x = 2 + 2", checksum: "a8fed"},
{ type: "source", text: "x++", checksum: "b9ccc" }
]
Application
Server
2 + 2
4
x++

• Drop any capabilities you don’t need
• Set CPU, memory, and network constraints
• User Namespaces
• Network Isolation
• Seccomp
Security Concerns

• AUFS errors
• CRIU failures
• Race conditions
• Zombie processes
• Docker daemon restarts
• Filesystem management
Security Concerns

github.com/boucher/dockworker
DockWorker

(and other potential use cases)
Container Migration

! Pre-compiled Release (based on Docker 1.10)
! Checkpoint/Restore Pull Request
! Saied Kazemi’s Linux Plumber’s Talk
! CRIU Homepage
! DockerCon Doom Demo
! Tonic Blog on checkpoint/restore
! DockWorker on Github
! Using P.Haul with Docker
! DockerScript is a cool tool we use to manage our images
Further Reading

Thanks!
@boucher • rboucher@gmail.com

Cloning Running Servers with Docker and CRIU by Ross Boucher

More Related Content

What's hot (20)

Viewers also liked (20)

Similar to Cloning Running Servers with Docker and CRIU by Ross Boucher (20)

More from Docker, Inc. (20)

Recently uploaded (20)

Cloning Running Servers with Docker and CRIU by Ross Boucher