[PATCH RFC 3/3] lxc: Adding support to LXC driver to restore a container

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



This patch introduces the hability to restore a saved container using CRIU.
It should be possible to start it using traditional methods: a simple container
start; or from a saved state.

Signed-off-by: Julio Faracco <jcfaracco@xxxxxxxxx>
---
 src/lxc/lxc_conf.c       |   3 +
 src/lxc/lxc_conf.h       |   2 +
 src/lxc/lxc_container.c  | 188 ++++++++++++++++++++-
 src/lxc/lxc_container.h  |   3 +-
 src/lxc/lxc_controller.c |  93 ++++++++++-
 src/lxc/lxc_driver.c     | 341 ++++++++++++++++++++++++++++++++++++++-
 src/lxc/lxc_process.c    |  26 ++-
 src/lxc/lxc_process.h    |   1 +
 8 files changed, 638 insertions(+), 19 deletions(-)

diff --git a/src/lxc/lxc_conf.c b/src/lxc/lxc_conf.c
index e6ad91205e..690cef7d39 100644
--- a/src/lxc/lxc_conf.c
+++ b/src/lxc/lxc_conf.c
@@ -240,6 +240,8 @@ virLXCDriverConfigNew(void)
     cfg->logDir = g_strdup(LXC_LOG_DIR);
     cfg->autostartDir = g_strdup(LXC_AUTOSTART_DIR);
 
+    cfg->saveImageFormat = NULL;
+
     return cfg;
 }
 
@@ -291,4 +293,5 @@ virLXCDriverConfigDispose(void *obj)
     g_free(cfg->stateDir);
     g_free(cfg->logDir);
     g_free(cfg->securityDriverName);
+    g_free(cfg->saveImageFormat);
 }
diff --git a/src/lxc/lxc_conf.h b/src/lxc/lxc_conf.h
index 664bafc7b9..08bea11c02 100644
--- a/src/lxc/lxc_conf.h
+++ b/src/lxc/lxc_conf.h
@@ -61,6 +61,8 @@ struct _virLXCDriverConfig {
     char *securityDriverName;
     bool securityDefaultConfined;
     bool securityRequireConfined;
+
+    char *saveImageFormat;
 };
 
 struct _virLXCDriver {
diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c
index 2a5f8711c4..03c086d029 100644
--- a/src/lxc/lxc_container.c
+++ b/src/lxc/lxc_container.c
@@ -51,6 +51,7 @@
 #include "virerror.h"
 #include "virlog.h"
 #include "lxc_container.h"
+#include "lxc_criu.h"
 #include "viralloc.h"
 #include "virnetdevveth.h"
 #include "viruuid.h"
@@ -84,6 +85,7 @@ struct __lxc_child_argv {
     char **ttyPaths;
     int handshakefd;
     int *nsInheritFDs;
+    int restorefd;
 };
 
 static int lxcContainerMountFSBlock(virDomainFSDefPtr fs,
@@ -235,8 +237,8 @@ static virCommandPtr lxcContainerBuildInitCmd(virDomainDefPtr vmDef,
  *
  * Returns 0 on success or -1 in case of error
  */
-static int lxcContainerSetupFDs(int *ttyfd,
-                                size_t npassFDs, int *passFDs)
+static int lxcContainerSetupFDs(int *ttyfd, size_t npassFDs,
+                                int *passFDs, int restorefd)
 {
     int rc = -1;
     int open_max;
@@ -335,6 +337,10 @@ static int lxcContainerSetupFDs(int *ttyfd,
 
     for (fd = last_fd + 1; fd < open_max; fd++) {
         int tmpfd = fd;
+
+        if (tmpfd == restorefd)
+            continue;
+
         VIR_MASS_CLOSE(tmpfd);
     }
 
@@ -1017,6 +1023,30 @@ static int lxcContainerMountFSDevPTS(virDomainDefPtr def,
     return 0;
 }
 
+
+static int lxcContainerMountFSDevPTSRestore(virDomainDefPtr def,
+                                            const char *stateDir)
+{
+    int flags = MS_MOVE;
+    g_autofree char *path = NULL;
+
+    VIR_DEBUG("Mount /dev/pts stateDir=%s", stateDir);
+
+    path = g_strdup_printf("%s/%s.devpts", stateDir, def->name);
+
+    VIR_DEBUG("Trying to move %s to /dev/pts", path);
+
+    if (mount(path, "/dev/pts", NULL, flags, NULL) < 0) {
+        virReportSystemError(errno,
+                             _("Failed to mount %s on /dev/pts"),
+                             path);
+        return -1;
+    }
+
+    return 0;
+}
+
+
 static int lxcContainerSetupDevices(char **ttyPaths, size_t nttyPaths)
 {
     size_t i;
@@ -1843,6 +1873,139 @@ static int lxcAttachNS(int *ns_fd)
     return 0;
 }
 
+
+/*
+ * lxcContainerChildRestore:
+ * @data: pointer to container arguments
+ */
+static int lxcContainerChildRestore(void *data)
+{
+    lxc_child_argv_t *argv = data;
+    virDomainDefPtr vmDef = argv->config;
+    int ttyfd = -1;
+    int ret = -1;
+    virDomainFSDefPtr root;
+    g_autofree char *ttyPath = NULL;
+    g_autofree char *sec_mount_options = NULL;
+    g_autofree char *stateDir = NULL;
+    g_autofree char *rootfs_mount = NULL;
+
+    if (NULL == vmDef) {
+        virReportError(VIR_ERR_INTERNAL_ERROR,
+                       "%s", _("lxcChild() passed invalid vm definition"));
+        goto cleanup;
+    }
+
+    if (lxcContainerWaitForContinue(argv->monitor) < 0) {
+        virReportSystemError(errno, "%s",
+                             _("Failed to read the container continue message"));
+        goto cleanup;
+    }
+    VIR_DEBUG("Received container continue message");
+
+    if (lxcContainerSetID(vmDef) < 0)
+        goto cleanup;
+
+    root = virDomainGetFilesystemForTarget(vmDef, "/");
+
+    if (argv->nttyPaths) {
+        const char *tty = argv->ttyPaths[0];
+
+        if (STRPREFIX(tty, "/dev/pts/"))
+            tty += strlen("/dev/pts/");
+
+        ttyPath = g_strdup_printf("%s/%s.devpts/%s",
+                                  LXC_STATE_DIR, vmDef->name, tty);
+    } else {
+        virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
+                       _("At least one tty is required"));
+        goto cleanup;
+    }
+
+    VIR_DEBUG("Container TTY path: %s", ttyPath);
+
+    ttyfd = open(ttyPath, O_RDWR);
+    if (ttyfd < 0) {
+        virReportSystemError(errno,
+                             _("Failed to open tty %s"),
+                             ttyPath);
+        goto cleanup;
+    }
+    VIR_DEBUG("Container TTY fd: %d", ttyfd);
+
+    if (!(sec_mount_options = virSecurityManagerGetMountOptions(
+                                        argv->securityDriver,
+                                        vmDef)))
+        goto cleanup;
+
+    if (lxcContainerPrepareRoot(vmDef, root, sec_mount_options) < 0)
+        goto cleanup;
+
+    if (lxcContainerSendContinue(argv->handshakefd) < 0) {
+        virReportSystemError(errno, "%s",
+                            _("Failed to send continue signal to controller"));
+        goto cleanup;
+    }
+
+    VIR_DEBUG("Setting up container's std streams");
+
+    if (lxcContainerSetupFDs(&ttyfd,
+                             argv->npassFDs, argv->passFDs, argv->restorefd) < 0)
+        goto cleanup;
+
+    /* CRIU needs the container's root bind mounted so that it is the root of
+     * some mount.
+     */
+    rootfs_mount = g_strdup_printf("%s/save/%s", LXC_STATE_DIR, vmDef->name);
+
+    if (virFileMakePath(rootfs_mount) < 0) {
+         virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
+                       _("Failed to mkdir rootfs mount path"));
+        goto cleanup;
+    }
+
+    if (mount(root->src->path, rootfs_mount, NULL, MS_BIND, NULL) < 0) {
+        virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
+                       _("Failed to create rootfs mountpoint"));
+        goto cleanup;
+    }
+
+    if (virFileResolveAllLinks(LXC_STATE_DIR, &stateDir) < 0)
+        goto cleanup;
+
+    /* Mounts /dev/pts */
+    if (lxcContainerMountFSDevPTSRestore(vmDef, stateDir) < 0) {
+        virReportSystemError(errno, "%s",
+                            _("Failed to mount dev/pts"));
+        goto cleanup;
+    }
+
+    if (setsid() < 0) {
+        virReportSystemError(errno, "%s",
+                             _("Unable to become session leader"));
+    }
+
+    ret = 0;
+
+ cleanup:
+    VIR_FORCE_CLOSE(argv->monitor);
+    VIR_FORCE_CLOSE(argv->handshakefd);
+    VIR_FORCE_CLOSE(ttyfd);
+
+    if (ret == 0) {
+        VIR_DEBUG("Executing container restore criu function");
+        ret = lxcCriuRestore(vmDef, argv->restorefd, 0);
+    } else {
+        VIR_DEBUG("Tearing down container");
+        fprintf(stderr,
+                _("Failure in libvirt_lxc startup: %s\n"),
+                virGetLastErrorMessage());
+    }
+
+    return ret;
+}
+
+
 /**
  * lxcContainerSetUserGroup:
  * @cmd: command to update
@@ -2049,7 +2212,7 @@ static int lxcContainerChild(void *data)
     VIR_FORCE_CLOSE(argv->handshakefd);
     VIR_FORCE_CLOSE(argv->monitor);
     if (lxcContainerSetupFDs(&ttyfd,
-                             argv->npassFDs, argv->passFDs) < 0)
+                             argv->npassFDs, argv->passFDs, -1) < 0)
         goto cleanup;
 
     /* Make init process of the container the leader of the new session.
@@ -2143,7 +2306,8 @@ int lxcContainerStart(virDomainDefPtr def,
                       int handshakefd,
                       int *nsInheritFDs,
                       size_t nttyPaths,
-                      char **ttyPaths)
+                      char **ttyPaths,
+                      int restorefd)
 {
     pid_t pid;
     int cflags;
@@ -2162,6 +2326,7 @@ int lxcContainerStart(virDomainDefPtr def,
         .ttyPaths = ttyPaths,
         .handshakefd = handshakefd,
         .nsInheritFDs = nsInheritFDs,
+        .restorefd = restorefd,
     };
 
     /* allocate a stack for the container */
@@ -2207,9 +2372,18 @@ int lxcContainerStart(virDomainDefPtr def,
         VIR_DEBUG("Inheriting a UTS namespace");
     }
 
-    VIR_DEBUG("Cloning container init process");
-    pid = clone(lxcContainerChild, stacktop, cflags, &args);
-    VIR_DEBUG("clone() completed, new container PID is %d", pid);
+    if (restorefd == -1)
+        VIR_DEBUG("Cloning container init process");
+    else
+        VIR_DEBUG("Cloning container process that will spawn criu restore");
+
+    if (restorefd != -1)
+        pid = clone(lxcContainerChildRestore, stacktop, SIGCHLD, &args);
+    else
+        pid = clone(lxcContainerChild, stacktop, cflags, &args);
+
+    if (restorefd == -1)
+        VIR_DEBUG("clone() completed, new container PID is %d", pid);
 
     if (pid < 0) {
         virReportSystemError(errno, "%s",
diff --git a/src/lxc/lxc_container.h b/src/lxc/lxc_container.h
index 94a6c5309c..cf61a033fc 100644
--- a/src/lxc/lxc_container.h
+++ b/src/lxc/lxc_container.h
@@ -54,7 +54,8 @@ int lxcContainerStart(virDomainDefPtr def,
                       int handshakefd,
                       int *nsInheritFDs,
                       size_t nttyPaths,
-                      char **ttyPaths);
+                      char **ttyPaths,
+                      int restorefd);
 
 int lxcContainerSetupHostdevCapsMakePath(const char *dev);
 
diff --git a/src/lxc/lxc_controller.c b/src/lxc/lxc_controller.c
index 8f166a436a..5bd0712ba9 100644
--- a/src/lxc/lxc_controller.c
+++ b/src/lxc/lxc_controller.c
@@ -139,6 +139,8 @@ struct _virLXCController {
     virCgroupPtr cgroup;
 
     virLXCFusePtr fuse;
+
+    int restore;
 };
 
 #include "lxc_controller_dispatch.h"
@@ -1006,6 +1008,54 @@ static int lxcControllerClearCapabilities(void)
     return 0;
 }
 
+
+static int lxcControllerFindRestoredPid(int fd)
+{
+    int initpid = 0;
+    int ret = -1;
+    g_autofree char *checkpointdir = NULL;
+    g_autofree char *pidfile = NULL;
+    g_autofree char *checkpointfd = NULL;
+    int pidfilefd;
+    char c;
+
+    if (fd < 0)
+        goto cleanup;
+
+    checkpointfd = g_strdup_printf("/proc/self/fd/%d", fd);
+
+    if (virFileResolveLink(checkpointfd, &checkpointdir) < 0) {
+        virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
+                       _("Failed to readlink checkpoint dir path"));
+        goto cleanup;
+    }
+
+    pidfile = g_strdup_printf("%s/restore.pid", checkpointdir);
+
+    if ((pidfilefd = virFileOpenAs(pidfile, O_RDONLY, 0, -1, -1, 0)) < 0) {
+        virReportSystemError(pidfilefd,
+                             _("Failed to open domain's pidfile '%s'"),
+                             pidfile);
+        goto cleanup;
+    }
+
+    while ((saferead(pidfilefd,  &c, 1) == 1) &&  c != EOF)
+        initpid = initpid*10 + c - '0';
+
+    ret = initpid;
+
+    if (virFileRemove(pidfile, -1, -1) < 0) {
+        virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
+                       _("Failed to delete pidfile path"));
+    }
+
+ cleanup:
+    VIR_FORCE_CLOSE(fd);
+    VIR_FORCE_CLOSE(pidfilefd);
+    return ret;
+}
+
+
 static bool wantReboot;
 static virMutex lock = VIR_MUTEX_INITIALIZER;
 
@@ -2310,6 +2360,7 @@ virLXCControllerRun(virLXCControllerPtr ctrl)
     int rc = -1;
     int control[2] = { -1, -1};
     int containerhandshake[2] = { -1, -1 };
+    bool restore_mode = (ctrl->restore != -1);
     char **containerTTYPaths = g_new0(char *, ctrl->nconsoles);
     size_t i;
 
@@ -2368,7 +2419,8 @@ virLXCControllerRun(virLXCControllerPtr ctrl)
                                            containerhandshake[1],
                                            ctrl->nsFDs,
                                            ctrl->nconsoles,
-                                           containerTTYPaths)) < 0)
+                                           containerTTYPaths,
+                                           ctrl->restore)) < 0)
         goto cleanup;
     VIR_FORCE_CLOSE(control[1]);
     VIR_FORCE_CLOSE(containerhandshake[1]);
@@ -2380,10 +2432,10 @@ virLXCControllerRun(virLXCControllerPtr ctrl)
         for (i = 0; i < VIR_LXC_DOMAIN_NAMESPACE_LAST; i++)
             VIR_FORCE_CLOSE(ctrl->nsFDs[i]);
 
-    if (virLXCControllerSetupCgroupLimits(ctrl) < 0)
+    if (!restore_mode && virLXCControllerSetupCgroupLimits(ctrl) < 0)
         goto cleanup;
 
-    if (virLXCControllerSetupUserns(ctrl) < 0)
+    if (!restore_mode && virLXCControllerSetupUserns(ctrl) < 0)
         goto cleanup;
 
     if (virLXCControllerMoveInterfaces(ctrl) < 0)
@@ -2408,6 +2460,26 @@ virLXCControllerRun(virLXCControllerPtr ctrl)
     if (lxcControllerClearCapabilities() < 0)
         goto cleanup;
 
+    if (restore_mode) {
+        int status;
+        int ret = waitpid(-1, &status, 0);
+        int initpid;
+
+        VIR_DEBUG("Got sig child %d", ret);
+
+        /* We have two basic cases here.
+         * - CRIU died bacause of restore error and we do not have a running container
+         * - CRIU detached itself from the running container
+         */
+        if ((initpid = lxcControllerFindRestoredPid(ctrl->restore)) < 0) {
+            virReportSystemError(errno, "%s",
+                                 _("Unable to get restored task pid"));
+            virNetDaemonQuit(ctrl->daemon);
+            goto cleanup;
+        }
+        ctrl->initpid = initpid;
+    }
+
     for (i = 0; i < ctrl->nconsoles; i++)
         if (virLXCControllerConsoleSetNonblocking(&(ctrl->consoles[i])) < 0)
             goto cleanup;
@@ -2450,6 +2522,7 @@ int main(int argc, char *argv[])
     char **veths = NULL;
     int ns_fd[VIR_LXC_DOMAIN_NAMESPACE_LAST];
     int handshakeFd = -1;
+    int restore = -1;
     bool bg = false;
     const struct option options[] = {
         { "background", 0, NULL, 'b' },
@@ -2462,6 +2535,7 @@ int main(int argc, char *argv[])
         { "share-net", 1, NULL, 'N' },
         { "share-ipc", 1, NULL, 'I' },
         { "share-uts", 1, NULL, 'U' },
+        { "restore", 1, NULL, 'r' },
         { "help", 0, NULL, 'h' },
         { 0, 0, 0, 0 },
     };
@@ -2488,7 +2562,7 @@ int main(int argc, char *argv[])
     while (1) {
         int c;
 
-        c = getopt_long(argc, argv, "dn:v:p:m:c:s:h:S:N:I:U:",
+        c = getopt_long(argc, argv, "dn:v:p:m:c:s:h:S:N:I:U:r:",
                         options, NULL);
 
         if (c == -1)
@@ -2560,6 +2634,14 @@ int main(int argc, char *argv[])
             securityDriver = optarg;
             break;
 
+        case 'r':
+             if (virStrToLong_i(optarg, NULL, 10, &restore) < 0) {
+                fprintf(stderr, "malformed --restore argument '%s'",
+                        optarg);
+                goto cleanup;
+            }
+            break;
+
         case 'h':
         case '?':
             fprintf(stderr, "\n");
@@ -2576,6 +2658,7 @@ int main(int argc, char *argv[])
             fprintf(stderr, "  -N FD, --share-net FD\n");
             fprintf(stderr, "  -I FD, --share-ipc FD\n");
             fprintf(stderr, "  -U FD, --share-uts FD\n");
+            fprintf(stderr, "  -r FD, --restore FD\n");
             fprintf(stderr, "  -h, --help\n");
             fprintf(stderr, "\n");
             rc = 0;
@@ -2628,6 +2711,8 @@ int main(int argc, char *argv[])
     ctrl->passFDs = passFDs;
     ctrl->npassFDs = npassFDs;
 
+    ctrl->restore = restore;
+
     for (i = 0; i < VIR_LXC_DOMAIN_NAMESPACE_LAST; i++) {
         if (ns_fd[i] != -1) {
             if (!ctrl->nsFDs) {/*allocate only once */
diff --git a/src/lxc/lxc_driver.c b/src/lxc/lxc_driver.c
index 4416acf923..44306685f5 100644
--- a/src/lxc/lxc_driver.c
+++ b/src/lxc/lxc_driver.c
@@ -44,6 +44,7 @@
 #include "lxc_driver.h"
 #include "lxc_native.h"
 #include "lxc_process.h"
+#include "lxc_criu.h"
 #include "virnetdevbridge.h"
 #include "virnetdevveth.h"
 #include "virnetdevopenvswitch.h"
@@ -1012,7 +1013,7 @@ static int lxcDomainCreateWithFiles(virDomainPtr dom,
     ret = virLXCProcessStart(dom->conn, driver, vm,
                              nfiles, files,
                              (flags & VIR_DOMAIN_START_AUTODESTROY),
-                             VIR_DOMAIN_RUNNING_BOOTED);
+                             -1, VIR_DOMAIN_RUNNING_BOOTED);
 
     if (ret == 0) {
         event = virDomainEventLifecycleNewFromObj(vm,
@@ -1135,7 +1136,7 @@ lxcDomainCreateXMLWithFiles(virConnectPtr conn,
     if (virLXCProcessStart(conn, driver, vm,
                            nfiles, files,
                            (flags & VIR_DOMAIN_START_AUTODESTROY),
-                           VIR_DOMAIN_RUNNING_BOOTED) < 0) {
+                           -1, VIR_DOMAIN_RUNNING_BOOTED) < 0) {
         virDomainAuditStart(vm, "booted", false);
         virLXCDomainObjEndJob(driver, vm);
         if (!vm->persistent)
@@ -2731,6 +2732,338 @@ static int lxcDomainResume(virDomainPtr dom)
     return ret;
 }
 
+
+static int
+lxcDoDomainSave(virLXCDriverPtr driver, virDomainObjPtr vm,
+                const char *to)
+{
+    virCapsPtr caps = NULL;
+    virLXCSaveHeader hdr;
+    virLXCDriverConfigPtr cfg = virLXCDriverGetConfig(driver);
+    g_autofree char *checkpointdir = NULL;
+    g_autofree char *criufile = NULL;
+    g_autofree char *xml = NULL;
+    uint32_t xml_len;
+    int compressed = 0;
+    int fd = -1;
+    int criufd = -1;
+    int ret = -1;
+    ssize_t r;
+
+    if (!(caps = virLXCDriverGetCapabilities(driver, false)))
+        return -1;
+
+    checkpointdir = g_path_get_dirname(to);
+
+    if (lxcCriuDump(vm, checkpointdir) != 0) {
+        virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
+                       _("Failed to checkpoint domain with CRIU"));
+        goto cleanup;
+    }
+
+    if ((compressed = lxcCriuCompress(checkpointdir,
+                                      cfg->saveImageFormat)) < 0) {
+        virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
+                       _("Failed to compress criu files"));
+        goto cleanup;
+    }
+
+    hdr.compressed = compressed;
+
+    if ((fd = virFileOpenAs(to, O_CREAT | O_TRUNC | O_WRONLY,
+                            S_IRUSR | S_IWUSR, -1, -1, 0)) < 0) {
+        virReportSystemError(-fd,
+                             _("Failed to create domain save file '%s'"), to);
+        goto cleanup;
+    }
+
+    if ((xml = virDomainDefFormat(vm->def, driver->xmlopt, 0)) == NULL)
+        goto cleanup;
+
+    xml_len = strlen(xml) + 1;
+
+    memset(&hdr, 0, sizeof(hdr));
+    memcpy(hdr.magic, LXC_SAVE_MAGIC, sizeof(hdr.magic));
+    hdr.version = LXC_SAVE_VERSION;
+    hdr.xmlLen = xml_len;
+
+    if (safewrite(fd, &hdr, sizeof(hdr)) != sizeof(hdr)) {
+        virReportError(VIR_ERR_OPERATION_FAILED, "%s",
+                       _("Failed to write save file header"));
+        goto cleanup;
+    }
+
+    if (safewrite(fd, xml, xml_len) != xml_len) {
+        virReportError(VIR_ERR_OPERATION_FAILED, "%s",
+                       _("Failed to write xml description"));
+        goto cleanup;
+    }
+
+    criufile = g_strdup_printf("%s/criu.save", checkpointdir);
+    if ((criufd = virFileOpenAs(criufile, O_RDONLY,
+                                0, -1, -1, 0)) < 0) {
+        virReportError(VIR_ERR_OPERATION_FAILED, "%s",
+                       _("Failed to read criu file"));
+        goto cleanup;
+    }
+
+    do {
+        char buf[1024];
+
+        if ((r = saferead(criufd, buf, sizeof(buf))) < 0) {
+            virReportSystemError(errno,
+                                 _("Unable to read from file '%s'"),
+                                 criufile);
+            goto cleanup;
+        }
+
+        if (safewrite(fd, buf, r) < 0) {
+            virReportSystemError(errno,
+                                 _("Unable to write to file '%s'"),
+                                 to);
+            goto cleanup;
+        }
+    } while (r);
+
+    if (virFileRemove(criufile, -1, -1) < 0)
+        VIR_WARN("failed to remove scratch file '%s'",
+                 criufile);
+
+    virDomainObjSetState(vm, VIR_DOMAIN_SHUTOFF,
+                         VIR_DOMAIN_SHUTOFF_SAVED);
+
+    ret = 0;
+ cleanup:
+    VIR_FORCE_CLOSE(fd);
+    VIR_FORCE_CLOSE(criufd);
+    virObjectUnref(caps);
+    virObjectUnref(cfg);
+    return ret;
+}
+
+static int
+lxcDomainSaveFlags(virDomainPtr dom, const char *to, const char *dxml,
+                   unsigned int flags)
+{
+    int ret = -1;
+    virLXCDriverPtr driver = dom->conn->privateData;
+    virDomainObjPtr vm;
+    bool remove_dom = false;
+
+    virCheckFlags(0, -1);
+    if (dxml) {
+        virReportError(VIR_ERR_ARGUMENT_UNSUPPORTED, "%s",
+                       _("xml modification unsupported"));
+        return -1;
+    }
+
+    if (!(vm = lxcDomObjFromDomain(dom)))
+        goto cleanup;
+
+    if (virDomainSaveFlagsEnsureACL(dom->conn, vm->def) < 0)
+        goto cleanup;
+
+    if (virLXCDomainObjBeginJob(driver, vm, LXC_JOB_MODIFY) < 0)
+        goto cleanup;
+
+    if (!virDomainObjIsActive(vm)) {
+        virReportError(VIR_ERR_OPERATION_INVALID, "%s",
+                       _("Domain is not running"));
+        goto endjob;
+    }
+
+    if (lxcDoDomainSave(driver, vm, to) < 0)
+        goto endjob;
+
+    if (!vm->persistent)
+        remove_dom = true;
+
+    ret = 0;
+
+ endjob:
+    virLXCDomainObjEndJob(driver, vm);
+
+ cleanup:
+    if (remove_dom && vm)
+        virDomainObjListRemove(driver->domains, vm);
+    virDomainObjEndAPI(&vm);
+    return ret;
+}
+
+static int
+lxcDomainSave(virDomainPtr dom, const char *to)
+{
+    return lxcDomainSaveFlags(dom, to, NULL, 0);
+}
+
+static int
+lxcDomainRestoreFlags(virConnectPtr conn, const char *from,
+                      const char* dxml, unsigned int flags)
+{
+    virLXCDriverPtr driver = conn->privateData;
+    virLXCDriverConfigPtr cfg = NULL;
+    virLXCSaveHeader hdr;
+    virDomainObjPtr vm = NULL;
+    virDomainDefPtr def = NULL;
+    virCapsPtr caps = NULL;
+    int ret = -1;
+    int restorefd;
+    g_autofree char *xml = NULL;
+    g_autofree char *xml_image_path = NULL;
+    g_autofree char *criufile = NULL;
+    g_autofree char *savedir = NULL;
+    g_autofree char *checkpointdir = NULL;
+    ssize_t r;
+    int criufd;
+    int fd;
+
+    virCheckFlags(0, -1);
+    if (dxml) {
+        virReportError(VIR_ERR_ARGUMENT_UNSUPPORTED, "%s",
+                       _("xml modification unsupported"));
+        goto out;
+    }
+
+    if ((fd = virFileOpenAs(from, O_RDONLY, 0, -1, -1, 0)) < 0) {
+        virReportSystemError(-fd,
+                             _("Failed to open domain image file '%s'"),
+                             xml_image_path);
+        goto out;
+    }
+
+    if (saferead(fd, &hdr, sizeof(hdr)) != sizeof(hdr)) {
+        virReportError(VIR_ERR_OPERATION_FAILED,
+                       "%s", _("failed to read lxc header"));
+        return -1;
+    }
+
+    if (memcmp(hdr.magic, LXC_SAVE_MAGIC, sizeof(hdr.magic)) != 0) {
+        virReportError(VIR_ERR_OPERATION_FAILED, "%s",
+                       _("image magic is incorrect"));
+        return -1;
+    }
+
+    if (hdr.version > LXC_SAVE_VERSION) {
+        virReportError(VIR_ERR_OPERATION_FAILED,
+                       _("image version is not supported (%d > %d)"),
+                       hdr.version, LXC_SAVE_VERSION);
+        return -1;
+    }
+
+    cfg = virLXCDriverGetConfig(driver);
+
+    xml = g_new0(char, hdr.xmlLen);
+
+    if (saferead(fd, xml, hdr.xmlLen) != hdr.xmlLen) {
+        virReportError(VIR_ERR_OPERATION_FAILED, "%s", _("failed to read XML"));
+        goto cleanup;
+    }
+
+    checkpointdir = g_path_get_dirname(from);
+
+    criufile = g_strdup_printf("%s/criu.save", checkpointdir);
+    if ((criufd = virFileOpenAs(criufile, O_CREAT | O_TRUNC | O_WRONLY,
+                                S_IRUSR | S_IWUSR, -1, -1, 0)) < 0) {
+        virReportError(VIR_ERR_OPERATION_FAILED, "%s",
+                       _("Failed to read criu file"));
+        goto cleanup;
+    }
+
+    do {
+        char buf[1024];
+
+        if ((r = saferead(fd, buf, sizeof(buf))) < 0) {
+            virReportSystemError(errno,
+                                 _("Unable to read from file '%s'"),
+                                 criufile);
+            goto cleanup;
+        }
+
+        if (safewrite(criufd, buf, r) < 0) {
+            virReportSystemError(errno,
+                                 _("Unable to write to file '%s'"),
+                                 from);
+            goto cleanup;
+        }
+    } while (r);
+
+    if (lxcCriuDecompress(checkpointdir,
+                          cfg->saveImageFormat) < 0) {
+        virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
+                       _("Failed to decompress criu files"));
+        goto cleanup;
+    }
+
+    if (!xml) {
+        virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
+                       _("no domain XML parsed"));
+        goto cleanup;
+    }
+
+    if (!(caps = virLXCDriverGetCapabilities(driver, false)))
+        goto cleanup;
+
+    if (!(def = virDomainDefParseString(xml, driver->xmlopt, caps,
+                                        VIR_DOMAIN_DEF_PARSE_INACTIVE)))
+        goto cleanup;
+
+    if (virDomainRestoreFlagsEnsureACL(conn, def) < 0)
+        goto cleanup;
+
+    if (!(vm = virDomainObjListAdd(driver->domains, def,
+                                   driver->xmlopt,
+                                   VIR_DOMAIN_OBJ_LIST_ADD_LIVE |
+                                   VIR_DOMAIN_OBJ_LIST_ADD_CHECK_LIVE,
+                                   NULL)))
+        goto cleanup;
+    def = NULL;
+
+    if (virLXCDomainObjBeginJob(driver, vm, LXC_JOB_MODIFY) < 0) {
+        if (!vm->persistent)
+            virDomainObjListRemove(driver->domains, vm);
+        goto cleanup;
+    }
+
+    savedir = g_strdup_printf("%s/save/", checkpointdir);
+
+    restorefd = open(savedir, O_DIRECTORY);
+    if (restorefd < 0) {
+        virReportError(VIR_ERR_INTERNAL_ERROR,
+                       "%s", _("Can't open images dir"));
+        if (!vm->persistent)
+            virDomainObjListRemove(driver->domains, vm);
+        virLXCDomainObjEndJob(driver, vm);
+        goto cleanup;
+    }
+
+    ret = virLXCProcessStart(conn, driver, vm,
+                             0, NULL,
+                             0, restorefd,
+                             VIR_DOMAIN_RUNNING_RESTORED);
+
+    VIR_FORCE_CLOSE(restorefd);
+
+    if (ret < 0 && !vm->persistent)
+        virDomainObjListRemove(driver->domains, vm);
+
+ virLXCDomainObjEndJob(driver, vm);
+ cleanup:
+    VIR_FORCE_CLOSE(fd);
+    VIR_FORCE_CLOSE(criufd);
+ out:
+    virDomainDefFree(def);
+    virDomainObjEndAPI(&vm);
+    virObjectUnref(cfg);
+    return ret;
+}
+
+static int
+lxcDomainRestore(virConnectPtr conn, const char *from)
+{
+    return lxcDomainRestoreFlags(conn, from, NULL, 0);
+}
+
+
 static int
 lxcDomainOpenConsole(virDomainPtr dom,
                       const char *dev_name,
@@ -5088,6 +5421,10 @@ static virHypervisorDriver lxcHypervisorDriver = {
     .domainLookupByName = lxcDomainLookupByName, /* 0.4.2 */
     .domainSuspend = lxcDomainSuspend, /* 0.7.2 */
     .domainResume = lxcDomainResume, /* 0.7.2 */
+    .domainSave = lxcDomainSave, /* x.x.x */
+    .domainSaveFlags = lxcDomainSaveFlags, /* x.x.x */
+    .domainRestore = lxcDomainRestore, /* x.x.x */
+    .domainRestoreFlags = lxcDomainRestoreFlags, /* x.x.x */
     .domainDestroy = lxcDomainDestroy, /* 0.4.4 */
     .domainDestroyFlags = lxcDomainDestroyFlags, /* 0.9.4 */
     .domainGetOSType = lxcDomainGetOSType, /* 0.4.2 */
diff --git a/src/lxc/lxc_process.c b/src/lxc/lxc_process.c
index cbc04a3dcd..8dc8c42558 100644
--- a/src/lxc/lxc_process.c
+++ b/src/lxc/lxc_process.c
@@ -117,8 +117,8 @@ virLXCProcessReboot(virLXCDriverPtr driver,
     vm->newDef = NULL;
     virLXCProcessStop(driver, vm, VIR_DOMAIN_SHUTOFF_SHUTDOWN);
     vm->newDef = savedDef;
-    if (virLXCProcessStart(conn, driver, vm,
-                           0, NULL, autodestroy, reason) < 0) {
+    if (virLXCProcessStart(conn, driver, vm, 0,
+                           NULL, autodestroy, -1, reason) < 0) {
         VIR_WARN("Unable to handle reboot of vm %s",
                  vm->def->name);
         goto cleanup;
@@ -942,7 +942,8 @@ virLXCProcessBuildControllerCmd(virLXCDriverPtr driver,
                                 size_t nfiles,
                                 int handshakefd,
                                 int * const logfd,
-                                const char *pidfile)
+                                const char *pidfile,
+                                int restorefd)
 {
     size_t i;
     g_autofree char *filterstr = NULL;
@@ -1016,6 +1017,12 @@ virLXCProcessBuildControllerCmd(virLXCDriverPtr driver,
     for (i = 0; veths && veths[i]; i++)
         virCommandAddArgList(cmd, "--veth", veths[i], NULL);
 
+    if (restorefd != -1) {
+        virCommandAddArg(cmd, "--restore");
+        virCommandAddArgFormat(cmd, "%d", restorefd);
+        virCommandPassFD(cmd, restorefd, 0);
+    }
+
     virCommandPassFD(cmd, handshakefd, 0);
     virCommandDaemonize(cmd);
     virCommandSetPidFile(cmd, pidfile);
@@ -1186,6 +1193,8 @@ virLXCProcessEnsureRootFS(virDomainObjPtr vm)
  * @driver: pointer to driver structure
  * @vm: pointer to virtual machine structure
  * @autoDestroy: mark the domain for auto destruction
+ * @restorefd: file descriptor pointing to the restore directory (-1 if not
+ *             restoring)
  * @reason: reason for switching vm to running state
  *
  * Starts a vm
@@ -1197,6 +1206,7 @@ int virLXCProcessStart(virConnectPtr conn,
                        virDomainObjPtr vm,
                        unsigned int nfiles, int *files,
                        bool autoDestroy,
+                       int restorefd,
                        virDomainRunningReason reason)
 {
     int rc = -1, r;
@@ -1388,7 +1398,8 @@ int virLXCProcessStart(virConnectPtr conn,
                                                 files, nfiles,
                                                 handshakefds[1],
                                                 &logfd,
-                                                pidfile)))
+                                                pidfile,
+                                                restorefd)))
         goto cleanup;
 
     /* now that we know it is about to start call the hook if present */
@@ -1491,6 +1502,9 @@ int virLXCProcessStart(virConnectPtr conn,
     if (!priv->machineName)
         goto cleanup;
 
+    if (restorefd != -1)
+        goto skip_cgroup_checks;
+
     /* We know the cgroup must exist by this synchronization
      * point so lets detect that first, since it gives us a
      * more reliable way to kill everything off if something
@@ -1507,6 +1521,8 @@ int virLXCProcessStart(virConnectPtr conn,
         goto cleanup;
     }
 
+ skip_cgroup_checks:
+
     /* And we can get the first monitor connection now too */
     if (!(priv->monitor = virLXCProcessConnectMonitor(driver, vm))) {
         /* Intentionally overwrite the real monitor error message,
@@ -1587,7 +1603,7 @@ virLXCProcessAutostartDomain(virDomainObjPtr vm,
     if (vm->autostart &&
         !virDomainObjIsActive(vm)) {
         ret = virLXCProcessStart(data->conn, data->driver, vm,
-                                 0, NULL, false,
+                                 0, NULL, false, -1,
                                  VIR_DOMAIN_RUNNING_BOOTED);
         virDomainAuditStart(vm, "booted", ret >= 0);
         if (ret < 0) {
diff --git a/src/lxc/lxc_process.h b/src/lxc/lxc_process.h
index 383f6f714d..dab300784f 100644
--- a/src/lxc/lxc_process.h
+++ b/src/lxc/lxc_process.h
@@ -28,6 +28,7 @@ int virLXCProcessStart(virConnectPtr conn,
                        virDomainObjPtr vm,
                        unsigned int nfiles, int *files,
                        bool autoDestroy,
+                       int restorefd,
                        virDomainRunningReason reason);
 int virLXCProcessStop(virLXCDriverPtr driver,
                       virDomainObjPtr vm,
-- 
2.27.0




[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]

  Powered by Linux