Snapshot create --stateful failure

[mcondarelli]

I attempted to snapshot a running container but that failed badly:

root@incus:~# incus snapshot create openwrt before_pbr --stateful
Error: Failed taking stateful checkpoint: snapshot dump failed
(00.076920) Warn  (criu/kerndat.c:1593): CRIU was built without libnftables support
Error (criu/util.c:627): execvp("iptables-restore", ...) failed: No such file or directory
(00.091688) Error (criu/util.c:642): exited, status=1
Error (criu/util.c:627): execvp("ip6tables-restore", ...) failed: No such file or directory
(00.092488) Error (criu/util.c:642): exited, status=1
(00.092516) Error (criu/net.c:3124): net: Locking network failed: iptables-restore returned -1. This may be connected to disabled CONFIG_NETFILTER_XT_MARK kernel build config option.
Error (criu/util.c:627): execvp("iptables-restore", ...) failed: No such file or directory
(00.093316) Error (criu/util.c:642): exited, status=1
Error (criu/util.c:627): execvp("ip6tables-restore", ...) failed: No such file or directory
(00.094033) Error (criu/util.c:642): exited, status=1
(00.094234) Error (criu/cr-dump.c:2098): Dumping FAILED.

OTOH stopping container, snapshotting and restarting worked as expected.

Messages seem to suggest criu building was missing some useful config and there may be some missing dependency in package.

[stgraber]

Yeah, I've already pushed a packaging change to always install iptables, that will take care of those errors, but the migration will still fail due to incompatibility between current CRIU and liblxc.

[stgraber]

Live migration of containers is pretty tricky business. A few companies do use it and it can be made to work, but you need a very specific container workload to have any chance of it working properly.