Fix checkpoint's exiting semantics.

[bjbroder]

Previously, dockerd would always ask containerd to pass --leave-running
to runc/runsc, ignoring the exit boolean value. Hence, even docker checkpoint create --leave-running=false ... would not stop the
container.

Signed-off-by: Brielle Broder bbroder@google.com

[hugelgupf]

cc @hugelgupf @nlacasse

[hugelgupf]

janky seems to be failing for no good reason?

01:07:11 W: Failed to fetch http://cdn-fastly.deb.debian.org/debian/dists/stretch/InRelease  Could not resolve 'cdn-fastly.deb.debian.org'

[hugelgupf]

friendly ping

[hugelgupf]

cc @cpuguy83 maybe?

[cpuguy83]

Can we add an integration test for this?

[hugelgupf]

@cpuguy83 I'd like to, but we've actually had trouble getting this to work with runc (we're using runsc instead). Are there existing integration tests somewhere that we can build off of?

[cpuguy83]

Is this the error?

docker-runc did not terminate sucessfully: CRIU version check failed: write unixpacket @->@: write: broken pipe path= /var/run/docker/containerd/daemon/io.containerd.runtime.v1.linux/moby/56affd8f7a2433caefd9e787c4248f6064df70ea774ad9c30ce6ad16ef4efd23/criu-dump.log: unknown error_type="*errors.errorString" module=api

[cpuguy83]

ping @kolyshkin

[avagin]

Actually, there is one more problem. Docker (containerd) has to call "runc checkpoint" with "--empty-ns network" to dump a docker container.

I have a patch which fixes both these issues:

avagin/docker-ce@911c89f#diff-e1f8834158a9117cafe1744dc2c7adb2

But it depends on containerd changes:
containerd/containerd#2425

[kolyshkin]

I like @avagin approach better (i.e. appending to options if necessary).

[hugelgupf]

Sure, we can append to options.

Having to call with an empty NS is specific to runc. runsc does not need to be called with that. Can this be part of something runc-specific, or can this be done in an API-agnostic way?

[avagin]

@hugelgupf Here are changes which resolve the issue with an empty NS:
opencontainers/runc#1840

[codecov]

Codecov Report

Merging #37360 into master will decrease coverage by 0.02%.
The diff coverage is 0%.

@@            Coverage Diff             @@
##           master   #37360      +/-   ##
==========================================
- Coverage   34.95%   34.92%   -0.03%     
==========================================
  Files         610      610              
  Lines       44886    44873      -13     
==========================================
- Hits        15690    15673      -17     
- Misses      27077    27081       +4     
  Partials     2119     2119

[bjbroder]

@kolyshkin @avagin cpuguy wanted an integration test, but it seems like there are none for moby checkpoint/restore already? Is there anything y'all have we can contribute to?

[hugelgupf]

Ping

[avagin]

LGTM

[bjbroder]

Now that it's lgtm'd, how do I get this merged?

[cpuguy83]

LGTM

[vdemeester]

LGTM 🐸
cc @mlaventure @thaJeztah

[mlaventure]

LGTM

z failure is unrelated

[tswift242]

@bjbroder This restores the behavior of making --leave-running configurable, but is the default still true? The default used to be false.

[bjbroder]

@tswift242 The default for --leave-running was, and still is, false. Previously, both the default (false) and an explicit set of the flag to false would cause the process to incorrectly continue running after checkpointing because "exit" had not been implemented appropriately, even though the leave-running flag is correctly set.

The leave-running flag's behavior can be seen in:
docker-ce/components/cli/cli/command/checkpoint/create.go

[tswift242]

Gotcha. Thanks for the reply and the fix to this issue!