mesos-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Adam B" <a...@mesosphere.io>
Subject Re: Review Request 35721: Set the owner of persistent volumes to frameworkInfo.user .
Date Wed, 24 Jun 2015 08:57:21 GMT


> On June 24, 2015, 1:04 a.m., Adam B wrote:
> > This seems like a positive step forward, since all volumes were previously owned
by root (or whatever user the slave was run as). However, if a persistent volume is passed
from one framework to another within the same role, they might have different users, so the
second framework would still be unable to access it. Moreover, different tasks within the
same framework might run as different users, so if two subsequent tasks try to mount the same
persistent volume as different users, they won't both be able to access it.
> > So, in addition to initially chowning the volume to the frameworkInfo.user, we should
also consider chowning the volume to the commandInfo.user within `_runTask` so that the volume
ownership is changed to the user running each task before the task begins executing, so that
each task mounting the volume is guaranteed access to the volume.
> 
> haosdent huang wrote:
>     Thank you very much for your review. If we change the persistent volume in _runTask,
does it cause the scenario like this:
>     
>     task_A use user_A, task_B use user_B. And then they running at the same time. And
the persistent volume could not belong to two different users at the same time. So one of
these two tasks would be failed. Is it acceptable?

Currently we don't allow two concurrent tasks to use the same persistent volume. I suppose
this could change in the future, but for now we should be safe chowning the volume before
each task takes ownership of the volume.
In a future with shared persistent volumes, perhaps we could create a linux group for the
role, make the volume rw for the group, and add each task user to the group. This is probably
overkill for the moment.


- Adam


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/35721/#review89138
-----------------------------------------------------------


On June 21, 2015, 6:56 p.m., haosdent huang wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/35721/
> -----------------------------------------------------------
> 
> (Updated June 21, 2015, 6:56 p.m.)
> 
> 
> Review request for mesos, Adam B and Jie Yu.
> 
> 
> Bugs: MESOS-2603
>     https://issues.apache.org/jira/browse/MESOS-2603
> 
> 
> Repository: mesos
> 
> 
> Description
> -------
> 
> Set the owner of persistent volumes to frameworkInfo.user .
> 
> 
> Diffs
> -----
> 
>   src/master/master.cpp 0135c155181546d3cb43e9e05bb874af846d928d 
>   src/messages/messages.proto 1c8d79e3fca365520cdd67051f8730593955cab6 
>   src/slave/slave.hpp f1cf3b85ccb3eaf614fe844c830f7cc44f7916fe 
>   src/slave/slave.cpp 40c0c33add392591af4767f76ce566196f24e6ee 
> 
> Diff: https://reviews.apache.org/r/35721/diff/
> 
> 
> Testing
> -------
> 
> 
> Thanks,
> 
> haosdent huang
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message