Add support for checkpoint conversion for different container runtimes/engines

[mayank-02]

Currently we don't support compatibility between container runtimes such as runc and crun, or engines such as Podman and CRI-O. For example, if a container checkpoint is created with crun, it is not currently possible to restore it with runc, or a checkpoint created with Podman can not be restored with CRI-O. Since all these container runtimes and engines use CRIU, it is technically possible and this functionality would be very useful.

For example, the following two files contain the implementation for container checkpointing with crun and runc:

• https://github.com/containers/crun/blob/main/src/checkpoint.c
• https://github.com/opencontainers/runc/blob/main/libcontainer/criu_linux.go
• In Podman, the problem is solved by extracting the runtime used to create a checkpoint:
  • https://github.com/containers/podman/blob/7eaedaf3/pkg/checkpoint/crutils/checkpoint_restore_utils.go#L238
  • https://github.com/containers/podman/blob/7eaedaf3/cmd/podman/root.go#L260

For instance, in the case of runc and crun, the difference comes from implementation-specific format of configuration file stored in the checkpoint. For example, the code in [1] is used to save a configuration file and information about file descriptors specific to runc, while the code in [2] implements the equivalent in crun but with different format. The easiest way to see the difference would be to create a container checkpoint [3] using both runc and crun [4] and see what files are included in the checkpoint.

An effort in a similar vein is the proposal to standardize the checkpoint image definition format.

I believe adding the functionality to convert from container archive format to the other through checkpointctl will be quite useful. A sample invocation could look like (from clause can be optional):

$checkpointctl migrate/convert --from {podman,cri-o,kubernetes} --to {podman,cri-o,kubernetes} /tmp/ubuntu_looper.tar.gz

I'm happy to contribute to this issue. Please let me know your thoughts here!

CC: @rst0git

[rst0git]

checkpointctl migrate/convert --from {podman,cri-o,kubernetes} --to {podman,cri-o,kubernetes} /tmp/ubuntu_looper.tar.gz

We had a short discussion about the name of the command (https://github.com/checkpoint-restore/checkpointctl/pull/125#issuecomment-2035306410) and it seems like checkpointctl convert would be more appropriate for this feature.

I'm not sure if I understand the purpose of --from / --to kubernetes, i.e., CRI-O and containerd are used by Kubernetes. They implement the checkpointing functionality.

[adrianreber]

There should be no difference between runc/crun (I hope). The crun support was added based on what runc does. If crun does something differently we should try to fix crun.

Overall I would hope that it is possible to restore a checkpoint archive with any container archive. The differences are mainly in metadata and the goal should be to use the same metadata everywhere and if not possible handle the differences in the engines.

[rst0git]

Adding a note here that Podman currently does not support restoring with a different runtime than the one used to create the checkpoint.

$ sudo podman container restore --runtime=runc  -i /tmp/cr1.tar
Error: checkpoint archive /tmp/cr1.tar was created with runtime 'crun' and cannot be restored with runtime 'runc'