detach-keys string Override the key sequence for detaching a container checkpoint string Restore from this checkpoint a, -attach Attach STDOUT/STDERR and forward signals leave-running Leave the container running after checkpoint checkpoint-dir string Use a custom checkpoint storage directory Usage: docker checkpoint create CONTAINER CHECKPOINTĬreate a checkpoint from a running container Note that for this functionality to work, the version of must be recent enough to have the commit applied.Īn alternative solution is to use Podman which has support to specify -tcp-established on the command-line. This feature can be enabled by adding tcp-established in the file /etc/criu/nf. However, this option is set to false by default and it is currently not possible to change this behaviour via the command-line interface of Docker. Note that the options stored in ~/.criu/nf or /etc/criu/nf will be overwritten by the ones set via RPC by Docker.įor example, in order to checkpoint and restore a container with established TCP connections CRIU requires the -tcp-established option to be set. These options should be added in the file /etc/criu/nf (in order to overwrite the ones set by runc/Docker). You should be able to print the logs from looper-clone and see that they start from wherever the logs of looper end.Ĭonfiguration files can be used to set additional CRIU options when performing checkpoint/restore of Docker containers. $ docker start -checkpoint-dir=/tmp -checkpoint=checkpoint2 looper-clone $ docker create -name looper-clone -security-opt seccomp:unconfined busybox \
$ docker checkpoint create -checkpoint-dir=/tmp looper2 checkpoint2 # wait a few seconds to give the container an opportunity to print a few lines, then bin/sh -c 'i=0 while true do echo $i i=$(expr $i + 1) sleep 1 done' $ docker run -d -name looper2 -security-opt seccomp:unconfined busybox \
Here's a slightly revised example from before: This is done by providing a custom storage path with the -checkpoint-dir option. If we then print the logs, you should see they start from where we left off and continue to increase.īeyond the straightforward case of checkpointing and restoring the same container, it's also possible to checkpoint one container, and then restore the checkpoint into a completely different container. $ docker start -checkpoint checkpoint1 looper Unlike creating a checkpoint, restoring from a checkpoint is just a flag provided to the normal container start call. You should see that the process is no longer running, and if you print the logs a few times no new logs will be printed. $ docker checkpoint create looper checkpoint1 If you do this a few times you'll notice the integer increasing. You can verify the container is running by printings its logs: $ docker run -d -name looper busybox /bin/sh -c 'i=0 while true do echo $i i=$(expr $i + 1) sleep 1 done' Here's an example of creating a checkpoint, from a container that simply logs an integer in a loop. These checkpoints are stored and managed by Docker, unless you specify a custom storage path. There's a top level checkpoint sub-command in Docker, which lets you create a new checkpoint, and list or delete an existing checkpoint. In addition to having a recent version of Docker, you need CRIU 2.0 or later installed on your system (see Installation for more info). CRIU), you need to do something like this:Įcho "" > /etc/docker/daemon.json This feature is available in the experimental mode for Docker (since Docker 1.13, so every later version, like Docker 17.03, should work).
Naturally, Docker wants to manage the full lifecycle of processes running inside its containers, so CRIU should be run by Docker (rather than separately).