CRIU Support

Navigation:  Apache mod_lsapi >

CRIU Support

Previous pageReturn to chapter overviewNext page

[CloudLinux 7 only]

 

What is CRIU

 

CRIU is Checkpoint/Restore In Userspace, (pronounced kree-oo), is a software tool for Linux operating system. Using this tool, you can freeze a running application (or part of it) and checkpoint it as a collection of files on disk. You can then use the files to restore the application and run it exactly as it was during the time of freeze (more information on the link https://criu.org/Main_Page).

 

mod_lsapi-1.1-1 is the first beta version with freezing PHP implemented. mod_lsapi now supports the following parameters:

 

Option name

Description

Values

Default

lsapi_criu

Enable/disable CRIU for lsphp freezing.

On/Off

Off

lsapi_criu_socket_path

Set path to socket for communication with criu service.

[path to socket]

/var/run/criu/criu_service.socket

lsapi_backend_semtimedwait

Enable/disable flag for notification about lsphp started. This method avoid cycles of waiting for lsphp start.

On/Off

Off

lsapi_backend_initial_start

Number of request when lsphp should be freezed.

[number]

0 - no freezing

0

lsapi_criu_use_shm

Method of requests counting. Off - use shared memory. Signals - use signals from child processes to parent.

Off/Signals

Off

lsapi_criu_imgs_dir_path

Path to folder where imgs of freezed PHP will be stored.

[path]

/var/run/mod_lsapi/

lsapi_criu_debug

Enable/Disable CRIU related debug logging.

On/Off

Off

 

Example:

 

lsapi_criu On

lsapi_criu_socket_path /var/run/criu/criu_service.socket

lsapi_backend_semtimedwait On

lsapi_backend_initial_start 15

lsapi_criu_use_shm Off

lsapi_criu_debug Off

 

How it works

 

When Apache module mod_lsapi detects CRIU enabled (lsapi_criu On) it prepares a directory for images (on the first request of virtualhost) to store (lsapi_criu_imgs_dir_path /var/run/mod_lsapi/[dir_name]), and starts lsphp process. Lsphp increases counter (lsapi_criu_use_shm Off|Signals) via shared memory or signals, when counter reaches limit (lsapi_backend_initial_start 15), lsphp sends the request to CRIU for freezing. CRIU service makes images of requested processes. Lsphp will not be frozen if counter has not reached the limit. The next time when lsphp will be stopped, it will be unfrozen from the images.

 

The images of the processes will be saved even if Apache is restarted. But all images will be deleted after server restart by default configuration. This can be modified by setting the new path lsapi_criu_imgs_dir_path.

 

Important! If php.ini or configuration file from php.d is changed, the images must be deleted manually. We are working on automation of this action.

 

Note that CRIU can't correctly freeze lsphp with PrivateTmp enabled. For correct work, PrivateTmp must be false in httpd.service file. For disabling:

 

Copy httpd.service to /etc/systemd/system and change there PrivateTmp:

 

# cat httpd.service

[Unit]

Description=Apache web server managed by cPanel EasyApache

ConditionPathExists=!/etc/httpddisable

ConditionPathExists=!/etc/apachedisable

ConditionPathExists=!/etc/httpdisable

 

[Service]

Type=forking

ExecStart=/usr/local/cpanel/scripts/restartsrv_httpd --no-verbose

PIDFile=/var/run/apache2/httpd.pid

PrivateTmp=false

 

[Install]

WantedBy=multi-user.target

 

Or it would be technically better to provide a small override of service file rather than copying the whole new version in /etc/systemd/system … (www.freedesktop.org/software/systemd/man/systemd.unit.html).

 

mkdir /etc/systemd/system/httpd.service.d

echo "[Service]" >  /etc/systemd/system/httpd.service.d/nopt.conf

echo "PrivateTmp=false" >> /etc/systemd/system/httpd.service.d/nopt.conf

 

and

 

# systemctl daemon-reload

 

Installation

 

Criu is installed with dependency to mod_lsapi-1.1 package. To activate it:

 

1. Enable service and start it:

 

systemctl enable criu

systemctl start criu

 

2. Edit lsapi.conf file, turn CRIU On and set some defaults:

 

lsapi_criu On

 

lsapi_criu_socket_path /var/run/criu/criu_service.socket

 

lsapi_backend_semtimedwait On

 

lsapi_backend_initial_start 15

 

lsapi_criu_use_shm Off

 

3. Restart apache:

 

service httpd restart

 

Managing CRIU Images

 

1. An option added to the Apache configuration for cleaning all the images earlier saved by CRIU.

 

Option name

Description

Value

Default

lsapi_reset_criu_on_apache_restart

This option allows cleaning all CRIU images on Apache restart.

On/Off

Off

 

On the next restart of Apache all of the images will be cleaned.

 

It can be enabled by writing lsapi_reset_criu_on_apache_restart On in lsapi.conf (Virtual Host and .htaccess do not allow to use this option).

 

Note that this option works only if lsapi_terminate_backends_on_exit is On (default value is On, it is set in lsapi.conf too).

 

2. If you need to clean CRIU images for one user you can simply add mod_lsapi_reset_me file to the user's directory with CRIU images (default /var/run/mod_lsapi/lsapi_ * _criu_imgs). On the next restart of lsphp the images will be cleaned.

 

3. Global reset flag for cleaning all earlier saved images by CRIU.

 

Current mod_lsapi allows cleaning all images only with one flag file.

 

Create /usr/share/criu/mod_lsapi/lsphp.criu.reset file. Also don't forget to set such permissions [nobody:nobody] (or [apache:apache] for non cPanel) and access mode [700] to the /usr/share/criu/mod_lsapi directory.

 

Steps to do :

 

mkdir /usr/share/criu

mkdir /usr/share/criu/mod_lsapi

chown nobody:nobody /usr/share/criu/mod_lsapi

touch /usr/share/criu/mod_lsapi/lsphp.criu.reset

 

On the next requests to all virtual hosts images will be recreated (deleted first and created again later - it depends on lsapi_backend_initial_start value).

 

4. Аdded possibility to clean CRIU images from user space.

 

If a user needs to clean CRIU images for lsphp, he should create a file: ~/mod_lsapi_reset_me_[vhost_name]. Where [vhost_name] is a ServerName from the VirtualHost block in the configuration file. On the next restart of lsphp, the images will be cleaned.

 

Example:

 

cd; touch mod_lsapi_reset_me_criu.test.com

 

where vhost.conf contains:

ServerName criu.test.com

 

This mode is enabled by default and creates a separate lsphp process for each virtual host.

 

mod_lsapi_reset_me_[vhost_name] flag will not work for a user when lsapi_per_user option is On.

 

5. There is lsapi_per_user (default off) option in mod_lsapi that creates only one lsphp process for a user, regardless of the number of his virtual hosts. We don't recommend to use this option with CRIU, but if you use it, make sure that your virtual hosts (under the same user) have the same environment configurations. If they are not the same, this may cause undesirable lsphp process operation.