Implementing export and import for Crostini container

[DennisLfromGA]

[ I don't know if this is a good place to discuss this, I thought it might be better than flooding the crbug with comments. ]

I have a few things that I'd like to clarify about: crbug.com/912638 Implement export and import for crostini container

It looks like this implementation will export/backup and import/restore the container via lxd and dbus.

 

1. Is it just for the termina vm and the penguin container or will we be prompted for vm and container names for both operations?

This is different than the crosh> vmc implementation that exports and imports a vm (only an export option is offered currently).

2. Will the crosh> vmc method be completed with an import option?

3. Will the crosh> vmc method eventually get a UI similar to the container export/import UI now being implemented?

Any clarification would be much appreciated, thanx,

~Denny

P.S. If these questions should be discussed elsewhere please let me know.

[Dylan Reid]

On Thu, Feb 14, 2019 at 9:14 AM DennisLfromGA <denny.l...@gmail.com> wrote:
>
> [ I don't know if this is a good place to discuss this, I thought it might be better than flooding the crbug with comments. ]
>
> I have a few things that I'd like to clarify about: crbug.com/912638 Implement export and import for crostini container
>
>
> It looks like this implementation will export/backup and import/restore the container via lxd and dbus.
>
>
> 1. Is it just for the termina vm and the penguin container or will we be prompted for vm and container names for both operations?

This will be the contianer.

>
>
> This is different than the crosh> vmc implementation that exports and imports a vm (only an export option is offered currently).
>
> 2. Will the crosh> vmc method be completed with an import option?

vmc export is mostly there so we can get corrupted disks to debug.
That hasn't happened in a while.

We don't have plans to support import. External disk images can't be
trusted not to crash the guest. The container import/export solution
has a lot of benefits and maintains the existing security boundaries
we have in Crostini.

> 3. Will the crosh> vmc method eventually get a UI similar to the container export/import UI now being implemented?
>
>
> Any clarification would be much appreciated, thanx,
> ~Denny
>
> P.S. If these questions should be discussed elsewhere please let me know.
>

> --
> --
> Chromium OS Discussion mailing list: chromium-...@chromium.org
> View archives, change email options, or unsubscribe:
> https://groups.google.com/a/chromium.org/group/chromium-os-discuss

[Joel Hockey]

To clarify on question 1, the backup/restore UI feature coming soon is only for termina/penguin.

You can also manage penguin, and other containers using lxd commands in vsh (crosh> vmc start termina)

[DennisLfromGA]

Thanx Dylan & Joel,

That pretty much clears things up for me.

I'm very much looking forward to the container export/import options.

I'll leave the 'vmc export' to the pros then, it won't be very useful for users.

Thanx again,

~Denny

P.S. I suppose the 'crosh> c' (/usr/bin/run_oci ) command is a dev only command or possibly even deprecated at this point. (???)

[DennisLfromGA]

A few other questions now come to mind -

Will the backup/restore operations handle the run states of the termina vm and the penguin container? 

 

Or will the user need to start the vm and stop the container beforehand?

 

Will the restore operation overwrite an existing penguin container?

I know there are lxc/lxd commands to do these operations but it's definitely more difficult and requires more technical prowess.

I suppose one could at least temporarily rename a non-penguin container to penguin and then perform the backup/restore, then rename them again afterward.

This will make things so much easier for the developer and non-developer types so thanx much.

Thanx,

~Denny

On Thursday, February 14, 2019 at 4:15:05 PM UTC-5, Joel Hockey wrote:

[Joel Hockey]

The VM must be running for either backup or restore.  The code takes care of starting termina if it is not already running.

Backup can be done while the container is running (or stopped).  We take a snapshot first, which is well supported by btrfs which we use, and then create an image from the container snapshot.

Restore imports an image and creates a container named 'rootfs-import' and then attempts to stop and delete penguin and then rename 'rootfs-import' to penguin.  In testing, I've seen that the lxc commands to stop penguin don't always work as they should.  The container can be stopped from the terminal with command 'sudo halt'.

Restore operation overwrites the existing penguin container.  You are correct that users can use 'lxc rename <old> <new>' to shuffle containers around.

 

[DennisLfromGA]

Joel,

Wow, that is all very helpful, thanx for the detailed explanation.

I make futile attempts at reading the code but couldn't dig out those details on my own for sure.

Thanx again,

~Denny