Description

Basic tests for OpenVZ Linux Containers and Checkpoint/Restore In Userspace (CRIU)

Known issues

• Problems with SELinux
  • Temporary fix: setenforce 0
  • In version 4.4 we introduced new script for disable SELinux /usr/libexec/vzctl/scripts/vz-postinstall
• Random system freezes
  • RHBZ # 982489
• Kernel older or equal 3.10
  • You shall execute vzctl exec 101 killall udevd

4.3.1 specific

• Doesn't work vzctl exec 101 ps axf (proc is not mounted)
  • OpenVZ # 2658
• criu: command not found
  • yum install crtools (Patch sent to maintainers)
• Doesn't work vzctl restore 101 (VE_VETH_DEVS failure)
  • OpenVZ # 2659

Bug Reports

• If something went wrong you can see dump.log in /var/lib/vz/dump/Dump.101.fail/ and send bugreport.
• For bugreport you shall create archive dump and attach to BZ. Create archive (as root):

cd /var/lib/vz/dump/Dump.101.fail/ && tar -cJf /Dump.101.fail.tar.xz *

• For problems with ethernet you shall send to us ip addr; ip route from host and guest in two files.
• New bug

Setup

1. Open terminal
2. Switch to root user: su -
3. Install: yum install vzctl
4. Prepare sysctl settings for network:
   1. sysctl -w net.ipv4.ip_forward=1
   2. sysctl -w net.ipv4.conf.em1.forwarding=1
   3. sysctl -w net.ipv4.conf.em1.proxy_arp=1

How to test

1. Create new container: vzctl create 101 --ostemplate centos-6-x86_64
2. Start container: vzctl start 101
3. Add network interface in container: vzctl set 101 --netif_add em1
4. Enable forwarding in virtual eth: sysctl -w net.ipv4.conf.veth101.1.forwarding=1
5. Enable proxy_arp in virtual eth: sysctl -w net.ipv4.conf.veth101.1.proxy_arp=1
6. Exec ps in container: vzctl exec 101 ps axf
7. Enter to container: vzctl enter 101
8. Enable network intarface: ip link set em1 up
9. Assign ip address to interface: ip addr add 192.168.50.240/24 dev em1
10. Add route for interface: ip route add default via 192.168.50.254 dev em1
11. Exec ps in container directly: ps axf
12. Exit from container: logout
13. Enable virtual net interface: ip link set veth101.1 up
14. Add route for virtual net interface: ip route add 192.168.50.240/32 dev veth101.1
15. Suspend container: vzctl suspend 101
16. Restore container: vzctl restore 101 or vzctl resume 101
17. Enter to container: vzctl enter 101
18. Test network: ping -c 3 192.168.50.254
19. Exit from container: logout
20. Stop container: vzctl stop 101

Expected Results

The following must be true to consider this a successful test run. Be brief ... but explicit.

• All steps completes without error
• Steps #4, #9 shows the same. Like this:

Directory /proc/vz not found, assuming non-OpenVZ kernel
  PID TTY      STAT   TIME COMMAND
  551 pts/0    R+     0:00 ps axf
    1 ?        Ss     0:00 init
   59 ?        S<s    0:00 /sbin/udevd -d
  299 ?        S<     0:00  \_ /sbin/udevd -d
  459 ?        Sl     0:00 /sbin/rsyslogd -i /var/run/syslogd.pid -c 5
  488 ?        Ss     0:00 /usr/sbin/sshd
  495 ?        Ss     0:00 xinetd -stayalive -pidfile /var/run/xinetd.pid
  502 ?        Ss     0:00 /usr/sbin/saslauthd -m /var/run/saslauthd -a pam -n 2
  503 ?        S      0:00  \_ /usr/sbin/saslauthd -m /var/run/saslauthd -a pam -n 2
  518 ?        Ss     0:00 sendmail: accepting connections
  526 ?        Ss     0:00 sendmail: Queue runner@01:00:00 for /var/spool/clientmqueue
  534 ?        Ss     0:00 /usr/sbin/httpd
  537 ?        S      0:00  \_ /usr/sbin/httpd
  542 ?        Ss     0:00 crond

• #16 step shows like this:

PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=52 time=23.1 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=52 time=23.6 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=52 time=23.8 ms

--- 8.8.8.8 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2002ms
rtt min/avg/max/mdev = 23.104/23.544/23.856/0.343 ms

Optional

In network tests I've used two IPs, em1 network interface. More details about them:

• 192.168.50.240 - free IP from my subnet
• 192.168.50.254 - default gw for my subnet
• em1 - my work ethernet interface