mesos-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jie Yu <yujie....@gmail.com>
Subject Re: Review Request 50065: Enhancement for containers which have image and join host network.
Date Fri, 15 Jul 2016 19:27:26 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/50065/#review142394
-----------------------------------------------------------


Fix it, then Ship it!




LGTM! Thanks for fixing it and being detail oriented in this patch! Really appreciated!

I'll fix the issue and commit for you. Thanks!

Please follow up with a test (container uses rootfs).


src/slave/containerizer/mesos/isolators/network/cni/cni.cpp (line 358)
<https://reviews.apache.org/r/50065/#comment207960>

    add a space after `rootDir`



src/slave/containerizer/mesos/isolators/network/cni/cni.cpp (line 435)
<https://reviews.apache.org/r/50065/#comment207981>

    I would:
    ```
    3. The container joined the host network (both w/ or w/o container rootfs).
    ```



src/slave/containerizer/mesos/isolators/network/cni/cni.cpp (lines 624 - 631)
<https://reviews.apache.org/r/50065/#comment207968>

    I would move this up and add a NOTE here:
    ```
    
    if (containerNetworks.empty()) {
      // This is for the container which has an image and wants to join host
      // network, we will make sure it has access to host /etc/* files.
      if (containerConfig.has_rootfs()) {
        ...
      }
      
      // NOTE: No additional namespace needed. If container has a rootfs,
      // the filesystem/linux isolator will put the container in a new
      // mount namespace.
      return None();
    } else {
      ...
      
      return launchInfo;
    }
    ```



src/slave/containerizer/mesos/isolators/network/cni/cni.cpp (line 1198)
<https://reviews.apache.org/r/50065/#comment207990>

    I'd be safe here to do:
    ```
    if (infos[containerId]->containerNetworks.empty() &&
        infos[containerId]->rootfs.isSome()) {
      ...
    }
    ```


- Jie Yu


On July 15, 2016, 6:21 a.m., Qian Zhang wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/50065/
> -----------------------------------------------------------
> 
> (Updated July 15, 2016, 6:21 a.m.)
> 
> 
> Review request for mesos, Avinash sridharan and Jie Yu.
> 
> 
> Bugs: MESOS-5806
>     https://issues.apache.org/jira/browse/MESOS-5806
> 
> 
> Repository: mesos
> 
> 
> Description
> -------
> 
> For the containers which have image and join host network, we enhanced
> 'network/cni' isolator to make sure they have access to host /etc/hosts
> , /etc/hostname and /etc/resolv.conf files.
> 
> 
> Diffs
> -----
> 
>   src/slave/containerizer/mesos/isolators/network/cni/cni.hpp 09890cedf2e7a1846bd1cb250e117be1680a1b80

>   src/slave/containerizer/mesos/isolators/network/cni/cni.cpp 92b33111799cb4e1c8bc2051381e1254d701d95c

> 
> Diff: https://reviews.apache.org/r/50065/diff/
> 
> 
> Testing
> -------
> 
> make check
> 
> 1. Start Mesos master
> ```
> sudo ./bin/mesos-master.sh --work_dir=/opt/mesos
> ```
> 
> 2. Start Mesos agent
> ```
> sudo ./bin/mesos-slave.sh --master=192.168.122.171:5050 --containerizers=mesos --image_providers=appc,docker
--isolation=filesystem/linux,docker/runtime,network/cni,cgroups/cpu,cgroups/mem --network_cni_config_dir=/opt/cni/net_configs
--network_cni_plugins_dir=/opt/cni/plugins --work_dir=/opt/mesos
> ```
> 
> 3. Launch a container which has image and joins host network
> ```
> sudo src/mesos-execute --master=192.168.122.171:5050 --name=test --docker_image=library/busybox
--command="sleep 120"
> ```
> 
> 4. Check if the container has access to host network files
> ```
> # 26927 is the PID of the container
> 
> $ sudo nsenter -t 26927 -m -n -u ls -la /etc/
> total 36
> drwxr-xr-x    2 root     root          4096 Jul 15 05:52 .
> drwxr-xr-x   13 root     root          4096 Jul 15 05:52 ..
> -rw-rw-r--    1 root     root           304 Dec  5  2015 group
> -rw-r--r--    1 root     root             6 Aug 10  2015 hostname
> -rw-r--r--    1 root     root           272 Apr 18 08:37 hosts
> -rw-r--r--    1 root     root           118 Jun  8 16:29 localtime
> -rw-rw-r--    1 root     root           334 Dec  5  2015 passwd
> -rw-r--r--    1 root     root           176 Jul  9 14:44 resolv.conf
> -rw-rw-r--    1 root     root           243 Dec  5  2015 shadow
> 
> $ sudo nsenter -t 26927 -m -n -u mount 
> rootfs on / type rootfs (rw)
> /dev/mapper/u1404u1--vg-root on / type ext4 (rw,relatime,errors=remount-ro,data=ordered)
> tmpfs on /etc/resolv.conf type tmpfs (rw,nosuid,noexec,relatime,size=1643388k,mode=755)
> /dev/mapper/u1404u1--vg-root on /etc/hostname type ext4 (rw,relatime,errors=remount-ro,data=ordered)
> /dev/mapper/u1404u1--vg-root on /etc/hosts type ext4 (rw,relatime,errors=remount-ro,data=ordered)
> /dev/mapper/u1404u1--vg-root on /mnt/mesos/sandbox type ext4 (rw,relatime,errors=remount-ro,data=ordered)
> proc on /proc type proc (rw,nosuid,nodev,noexec,relatime)
> proc on /proc/sys type proc (ro,relatime)
> sysfs on /sys type sysfs (ro,nosuid,nodev,noexec,relatime)
> tmpfs on /dev type tmpfs (rw,nosuid,mode=755)
> devpts on /dev/pts type devpts (rw,nosuid,noexec,relatime,mode=600,ptmxmode=666)
> tmpfs on /dev/shm type tmpfs (rw,nosuid,nodev)
> ```
> 
> 
> Thanks,
> 
> Qian Zhang
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message