seize: enable support for frozen containers #2514
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
rst0git
force-pushed
the
2024-11-04-seize-checkpointing-freezen-containers
branch
from
70b3ad9 to
511d073
Compare
avagin
reviewed
Nov 5, 2024
Member
|
Doesn't this break the expectations of the container engines. You wrote they freeze the container to avoid changes to the container file-system. Does the container now continue to run with your change? |
Member
Author
rst0git
force-pushed
the
2024-11-04-seize-checkpointing-freezen-containers
branch
2 times, most recently
from
d39fc15 to
979e277
Compare
avagin
reviewed
Nov 7, 2024
Member
Strictly speaking, this expectation was not right even before this change. CRIU does file system changes while dumping processes. For example, it creates ghost files. I think the right expectation here is that file systems are not changed after dumping processes and this statement isn't affected by this change. |
Member
|
LGTM. Thanks. |
Container runtimes like CRI-O and containerd utilize the freezer cgroup to create a consistent snapshot of container root filesystem (rootfs) changes. In this case, the container is frozen before invoking CRIU. After CRIU successfully completes, a copy of the container rootfs diff is saved, and the container is then unfrozen. However, the `cuda-checkpoint` tool is not able to perform a 'lock' action on frozen threads. To support GPU checkpointing with these container runtimes, we need to unfreeze the cgroup and return it to its original state once the checkpointing is complete. To reflect this new behavior, the following changes are applied: - `dont_use_freeze_cgroup(void)` -> `set_compel_interrupt_only_mode(void)` - `bool freeze_cgroup_disabled` -> `bool compel_interrupt_only_mode` - `check_freezer_cgroup(void)` -> `prepare_freezer_for_interrupt_only_mode(void)` Note that when `compel_interrupt_only_mode` is set to `true`, `compel_interrupt_task()` is used instead of `freeze_processes()` to prevent tasks from running during `criu dump`. Fixes: checkpoint-restore#2508 Signed-off-by: Radostin Stoyanov <[email protected]>
Signed-off-by: Radostin Stoyanov <[email protected]>
rst0git
force-pushed
the
2024-11-04-seize-checkpointing-freezen-containers
branch
from
979e277 to
495e39e
Compare
rst0git
deleted the
2024-11-04-seize-checkpointing-freezen-containers
branch
rst0git
added a commit
to rst0git/criu
that referenced
this pull request
May 11, 2025
The container checkpointing procedure in Kubernetes freezes running containers to create a consistent snapshot of both the runtime state and the rootfs of the container. However, when checkpointing a GPU container, it must be unfrozen before invoking `cuda-checkpoint`. This is achieved in `prepare_freezer_for_interrupt_only_mode()`, which needs to be called before the `PAUSE_DEVICES` hook. Fixes: checkpoint-restore#2514 Signed-off-by: Radostin Stoyanov <[email protected]>
rst0git
added a commit
to rst0git/criu
that referenced
this pull request
May 11, 2025
The container checkpointing procedure in Kubernetes freezes running containers to create a consistent snapshot of both the runtime state and the rootfs of the container. However, when checkpointing a GPU container, the container must be unfrozen before invoking the cuda-checkpoint tool. This is achieved in prepare_freezer_for_interrupt_only_mode(), which needs to be called before the PAUSE_DEVICES hook. The patch introducing this functionality fixes this problem for containers with multiple processes. However, if the container has a single process, the PAUSE_DEVICES hook must be invoked immediately before prepare_freezer_for_interrupt_only_mode(). Fixes: checkpoint-restore#2514 Signed-off-by: Radostin Stoyanov <[email protected]>
rst0git
added a commit
to rst0git/criu
that referenced
this pull request
May 11, 2025
The container checkpointing procedure in Kubernetes freezes running containers to create a consistent snapshot of both the runtime state and the rootfs of the container. However, when checkpointing a GPU container, the container must be unfrozen before invoking the cuda-checkpoint tool. This is achieved in prepare_freezer_for_interrupt_only_mode(), which needs to be called before the PAUSE_DEVICES hook. The patch introducing this functionality fixes this problem for containers with multiple processes. However, if the container has a single process, prepare_freezer_for_interrupt_only_mode() must be invoked immediately before the PAUSE_DEVICES hook. Fixes: checkpoint-restore#2514 Signed-off-by: Radostin Stoyanov <[email protected]>
rst0git
added a commit
to rst0git/criu
that referenced
this pull request
May 14, 2025
The container checkpointing procedure in Kubernetes freezes running containers to create a consistent snapshot of both the runtime state and the rootfs of the container. However, when checkpointing a GPU container, the container must be unfrozen before invoking the cuda-checkpoint tool. This is achieved in prepare_freezer_for_interrupt_only_mode(), which needs to be called before the PAUSE_DEVICES hook. The patch introducing this functionality fixes this problem for containers with multiple processes. However, if the container has a single process, prepare_freezer_for_interrupt_only_mode() must be invoked immediately before the PAUSE_DEVICES hook. Fixes: checkpoint-restore#2514 Signed-off-by: Radostin Stoyanov <[email protected]>
avagin
pushed a commit
that referenced
this pull request
May 15, 2025
The container checkpointing procedure in Kubernetes freezes running containers to create a consistent snapshot of both the runtime state and the rootfs of the container. However, when checkpointing a GPU container, the container must be unfrozen before invoking the cuda-checkpoint tool. This is achieved in prepare_freezer_for_interrupt_only_mode(), which needs to be called before the PAUSE_DEVICES hook. The patch introducing this functionality fixes this problem for containers with multiple processes. However, if the container has a single process, prepare_freezer_for_interrupt_only_mode() must be invoked immediately before the PAUSE_DEVICES hook. Fixes: #2514 Signed-off-by: Radostin Stoyanov <[email protected]>
avagin
pushed a commit
to avagin/criu
that referenced
this pull request
Oct 21, 2025
The container checkpointing procedure in Kubernetes freezes running containers to create a consistent snapshot of both the runtime state and the rootfs of the container. However, when checkpointing a GPU container, the container must be unfrozen before invoking the cuda-checkpoint tool. This is achieved in prepare_freezer_for_interrupt_only_mode(), which needs to be called before the PAUSE_DEVICES hook. The patch introducing this functionality fixes this problem for containers with multiple processes. However, if the container has a single process, prepare_freezer_for_interrupt_only_mode() must be invoked immediately before the PAUSE_DEVICES hook. Fixes: checkpoint-restore#2514 Signed-off-by: Radostin Stoyanov <[email protected]>
avagin
pushed a commit
to avagin/criu
that referenced
this pull request
Nov 2, 2025
The container checkpointing procedure in Kubernetes freezes running containers to create a consistent snapshot of both the runtime state and the rootfs of the container. However, when checkpointing a GPU container, the container must be unfrozen before invoking the cuda-checkpoint tool. This is achieved in prepare_freezer_for_interrupt_only_mode(), which needs to be called before the PAUSE_DEVICES hook. The patch introducing this functionality fixes this problem for containers with multiple processes. However, if the container has a single process, prepare_freezer_for_interrupt_only_mode() must be invoked immediately before the PAUSE_DEVICES hook. Fixes: checkpoint-restore#2514 Signed-off-by: Radostin Stoyanov <[email protected]>
avagin
pushed a commit
to avagin/criu
that referenced
this pull request
Nov 2, 2025
The container checkpointing procedure in Kubernetes freezes running containers to create a consistent snapshot of both the runtime state and the rootfs of the container. However, when checkpointing a GPU container, the container must be unfrozen before invoking the cuda-checkpoint tool. This is achieved in prepare_freezer_for_interrupt_only_mode(), which needs to be called before the PAUSE_DEVICES hook. The patch introducing this functionality fixes this problem for containers with multiple processes. However, if the container has a single process, prepare_freezer_for_interrupt_only_mode() must be invoked immediately before the PAUSE_DEVICES hook. Fixes: checkpoint-restore#2514 Signed-off-by: Radostin Stoyanov <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Container runtimes like CRI-O and containerd utilize the freezer cgroup to create a consistent snapshot of container rootfs changes. In this case, the container is frozen before invoking CRIU. Once CRIU successfully completes, a copy of the container rootfs diff is saved, and then the container is unfrozen. To enable GPU checkpointing support with these runtimes, we need to unfreeze the cgroup and restore it to its original state at the end.
When the CUDA plugin is installed, container checkpointing with Kubernetes fails, even for containers that don't use GPUs. This patch aims to resolve this issue.
Fixes: #2508