1podman-container-checkpoint(1)() podman-container-checkpoint(1)()
2
3
4
6 podman-container-checkpoint - Checkpoints one or more running contain‐
7 ers
8
9
11 podman container checkpoint [options] container [container ...]
12
13
15 podman container checkpoint checkpoints all the processes in one or
16 more containers. A container can be restored from a checkpoint with
17 podman-container-restore. The container IDs or names are used as input.
18
19
20 IMPORTANT: If the container is using systemd as entrypoint checkpoint‐
21 ing the container might not be possible.
22
23
25 --all, -a
26 Checkpoint all running containers.
27 The default is false.
28 IMPORTANT: This OPTION does not need a container name or ID as input
29 argument.
30
31
32 --compress, -c=zstd | none | gzip
33 Specify the compression algorithm used for the checkpoint archive cre‐
34 ated with the --export, -e OPTION. Possible algorithms are zstd, none
35 and gzip.
36 One possible reason to use none is to enable faster creation of check‐
37 point archives. Not compressing the checkpoint archive can result in
38 faster checkpoint archive creation.
39 The default is zstd.
40
41
42 --create-image=image
43 Create a checkpoint image from a running container. This is a standard
44 OCI image created in the local image store. It consists of a single
45 layer that contains all of the checkpoint files. The content of this
46 image layer is in the same format as a checkpoint created with --ex‐
47 port. A checkpoint image can be pushed to a standard container registry
48 and pulled on a different system to enable container migration. In ad‐
49 dition, the image can be exported with podman image save and inspected
50 with podman inspect. Inspecting a checkpoint image would display addi‐
51 tional information, stored as annotations, about the host environment
52 used to do the checkpoint:
53
54
55 • io.podman.annotations.checkpoint.name: Human-readable name of
56 the original container.
57
58 • io.podman.annotations.checkpoint.rawImageName: Unprocessed
59 name of the image used to create the original container (as
60 specified by the user).
61
62 • io.podman.annotations.checkpoint.rootfsImageID: ID of the im‐
63 age used to create the original container.
64
65 • io.podman.annotations.checkpoint.rootfsImageName: Image name
66 used to create the original container.
67
68 • io.podman.annotations.checkpoint.podman.version: Version of
69 Podman used to create the checkpoint.
70
71 • io.podman.annotations.checkpoint.criu.version: Version of CRIU
72 used to create the checkpoint.
73
74 • io.podman.annotations.checkpoint.runtime.name: Container run‐
75 time (e.g., runc, crun) used to create the checkpoint.
76
77 • io.podman.annotations.checkpoint.runtime.version: Version of
78 the container runtime used to create the checkpoint.
79
80 • io.podman.annotations.checkpoint.conmon.version: Version of
81 conmon used with the original container.
82
83 • io.podman.annotations.checkpoint.host.arch: CPU architecture
84 of the host on which the checkpoint was created.
85
86 • io.podman.annotations.checkpoint.host.kernel: Version of Linux
87 kernel of the host where the checkpoint was created.
88
89 • io.podman.annotations.checkpoint.cgroups.version: cgroup ver‐
90 sion used by the host where the checkpoint was created.
91
92 • io.podman.annotations.checkpoint.distribution.version: Version
93 of host distribution on which the checkpoint was created.
94
95 • io.podman.annotations.checkpoint.distribution.name: Name of
96 host distribution on which the checkpoint was created.
97
98
99
100 --export, -e=archive
101 Export the checkpoint to a tar.gz file. The exported checkpoint can be
102 used to import the container on another system and thus enabling con‐
103 tainer live migration. This checkpoint archive also includes all
104 changes to the container's root file-system, if not explicitly disabled
105 using --ignore-rootfs.
106
107
108 --file-locks
109 Checkpoint a container with file locks. If an application running in
110 the container is using file locks, this OPTION is required during
111 checkpoint and restore. Otherwise checkpointing containers with file
112 locks is expected to fail. If file locks are not used, this option is
113 ignored.
114 The default is false.
115
116
117 --ignore-rootfs
118 If a checkpoint is exported to a tar.gz file it is possible with the
119 help of --ignore-rootfs to explicitly disable including changes to the
120 root file-system into the checkpoint archive file.
121 The default is false.
122 IMPORTANT: This OPTION only works in combination with --export, -e.
123
124
125 --ignore-volumes
126 This OPTION must be used in combination with the --export, -e OPTION.
127 When this OPTION is specified, the content of volumes associated with
128 the container will not be included into the checkpoint tar.gz file.
129 The default is false.
130
131
132 --keep, -k
133 Keep all temporary log and statistics files created by CRIU during
134 checkpointing. These files are not deleted if checkpointing fails for
135 further debugging. If checkpointing succeeds these files are theoreti‐
136 cally not needed, but if these files are needed Podman can keep the
137 files for further analysis.
138 The default is false.
139
140
141 --latest, -l
142 Instead of providing the container ID or name, use the last created
143 container. If other methods than Podman are used to run containers such
144 as CRI-O, the last started container could be from either of those
145 methods.
146 The default is false.
147 IMPORTANT: This OPTION is not available with the remote Podman client,
148 including Mac and Windows (excluding WSL2) machines. This OPTION does
149 not need a container name or ID as input argument.
150
151
152 --leave-running, -R
153 Leave the container running after checkpointing instead of stopping it.
154 The default is false.
155
156
157 --pre-checkpoint, -P
158 Dump the container's memory information only, leaving the container
159 running. Later operations will supersede prior dumps. It only works on
160 runc 1.0-rc3 or higher.
161 The default is false.
162
163
164 The functionality to only checkpoint the memory of the container and in
165 a second checkpoint only write out the memory pages which have changed
166 since the first checkpoint relies on the Linux kernel's soft-dirty bit,
167 which is not available on all systems as it depends on the system ar‐
168 chitecture and the configuration of the Linux kernel. Podman will ver‐
169 ify if the current system supports this functionality and return an er‐
170 ror if the current system does not support it.
171
172
173 --print-stats
174 Print out statistics about checkpointing the container(s). The output
175 is rendered in a JSON array and contains information about how much
176 time different checkpoint operations required. Many of the checkpoint
177 statistics are created by CRIU and just passed through to Podman. The
178 following information is provided in the JSON array:
179
180
181 • podman_checkpoint_duration: Overall time (in microseconds)
182 needed to create all checkpoints.
183
184 • runtime_checkpoint_duration: Time (in microseconds) the con‐
185 tainer runtime needed to create the checkpoint.
186
187 • freezing_time: Time (in microseconds) CRIU needed to pause
188 (freeze) all processes in the container (measured by CRIU).
189
190 • frozen_time: Time (in microseconds) all processes in the con‐
191 tainer were paused (measured by CRIU).
192
193 • memdump_time: Time (in microseconds) needed to extract all re‐
194 quired memory pages from all container processes (measured by
195 CRIU).
196
197 • memwrite_time: Time (in microseconds) needed to write all re‐
198 quired memory pages to the corresponding checkpoint image
199 files (measured by CRIU).
200
201 • pages_scanned: Number of memory pages scanned to determine if
202 they need to be checkpointed (measured by CRIU).
203
204 • pages_written: Number of memory pages actually written to the
205 checkpoint image files (measured by CRIU).
206
207
208
209 The default is false.
210
211
212 --tcp-established
213 Checkpoint a container with established TCP connections. If the check‐
214 point image contains established TCP connections, this OPTION is re‐
215 quired during restore. Defaults to not checkpointing containers with
216 established TCP connections.
217 The default is false.
218
219
220 --with-previous
221 Check out the container with previous criu image files in pre-dump. It
222 only works on runc 1.0-rc3 or higher.
223 The default is false.
224 IMPORTANT: This OPTION is not available with --pre-checkpoint.
225
226
227 This option requires that the option --pre-checkpoint has been used be‐
228 fore on the same container. Without an existing pre-checkpoint, this
229 option will fail.
230
231
232 Also see --pre-checkpoint for additional information about --pre-check‐
233 point availability on different systems.
234
235
237 Make a checkpoint for the container "mywebserver".
238
239
240 # podman container checkpoint mywebserver
241
242
243
244 Create a checkpoint image for the container "mywebserver".
245
246
247 # podman container checkpoint --create-image mywebserver-checkpoint-1 mywebserver
248
249
250
251 Dumps the container's memory information of the latest container into
252 an archive.
253
254
255 # podman container checkpoint -P -e pre-checkpoint.tar.gz -l
256
257
258
259 Keep the container's memory information from an older dump and add the
260 new container's memory information.
261
262
263 # podman container checkpoint --with-previous -e checkpoint.tar.gz -l
264
265
266
267 Dump the container's memory information of the latest container into an
268 archive with the specified compress method.
269
270
271 # podman container checkpoint -l --compress=none --export=dump.tar
272 # podman container checkpoint -l --compress=gzip --export=dump.tar.gz
273
274
275
277 podman(1), podman-container-restore(1), criu(8)
278
279
281 September 2018, Originally compiled by Adrian Reber areber@redhat.com
282 ⟨mailto:areber@redhat.com⟩
283
284
285
286 podman-container-checkpoint(1)()