mesos-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Avinash sridharan <avin...@mesosphere.io>
Subject Re: Review Request 51857: Modified the `prepare` method to be aware of nested containers.
Date Mon, 19 Sep 2016 23:56:24 GMT


> On Sept. 19, 2016, 11:43 p.m., Jie Yu wrote:
> > src/slave/containerizer/mesos/isolators/network/cni/cni.cpp, line 607
> > <https://reviews.apache.org/r/51857/diff/4/?file=1500782#file1500782line607>
> >
> >     Why we need to do that? If we copy containerNetworks, that means 'isolate' will
try to create containerDir? I think we should ignore contaienrNetworks for nested containers,
and only record 'rootfs' (similar to the containers that want to join host network, but have
rootfs defined)

If you look at the code below we handle container's joinging the host network vs container's
joining a new network namespace differently, based on whether the contianerNetworks is empty
or not. I wanted to keep the logic the same for child containers in pods.

As far as isolate is concerned we do an indireciton to __isolate in isolate based on whether
the container has a rootfs and joins the host network. We do a similar indirection in a separate
patch for isolate for child containers.


> On Sept. 19, 2016, 11:43 p.m., Jie Yu wrote:
> > src/slave/containerizer/mesos/isolators/network/cni/cni.cpp, lines 600-604
> > <https://reviews.apache.org/r/51857/diff/4/?file=1500782#file1500782line600>
> >
> >     Hum, why this change? What if i just want to launch a command without extra
container info?

I was under the impressesion child container's always need to have the container_info set?
If it does not have contianer_info set, does it mean it just shares the paren't network namespace?


> On Sept. 19, 2016, 11:43 p.m., Jie Yu wrote:
> > src/slave/containerizer/mesos/isolators/network/cni/cni.cpp, lines 666-668
> > <https://reviews.apache.org/r/51857/diff/4/?file=1500782#file1500782line666>
> >
> >     Do we need a new mount namespace if i just want execute some command on the
host mount table without a rootfs?

This code is part of the else block, which means that the container is joining a non-host
network, implying that it needs its own mount namespace, since the network files will be different
than the host network files?

This is a child container, so it doesn't need a new NETNS or UTS namespace but it will require
a new MNT namespace.


- Avinash


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/51857/#review149563
-----------------------------------------------------------


On Sept. 16, 2016, 11 p.m., Avinash sridharan wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/51857/
> -----------------------------------------------------------
> 
> (Updated Sept. 16, 2016, 11 p.m.)
> 
> 
> Review request for Gilbert Song, Jie Yu, Joseph Wu, and Qian Zhang.
> 
> 
> Bugs: MESOS-6156
>     https://issues.apache.org/jira/browse/MESOS-6156
> 
> 
> Repository: mesos
> 
> 
> Description
> -------
> 
> Modified the `prepare` method to be aware of nested containers.
> 
> 
> Diffs
> -----
> 
>   src/slave/containerizer/mesos/isolators/network/cni/cni.cpp 822f11eab5b00c014563322a8c3b2c14cb440e0b

> 
> Diff: https://reviews.apache.org/r/51857/diff/
> 
> 
> Testing
> -------
> 
> make 
> make check
> and
> sudo ./bin/mesos-tests.sh
> 
> The only tests that failed were the SUDO make check tests:
> [  FAILED  ] 3 tests, listed below:
> [  FAILED  ] CgroupsAnyHierarchyWithCpuMemoryTest.ROOT_CGROUPS_Listen
> [  FAILED  ] CgroupsAnyHierarchyMemoryPressureTest.ROOT_IncreaseRSS
> [  FAILED  ] LinuxFilesystemIsolatorTest.ROOT_RecoverOrphanedPersistentVolume
> 
> 
> Thanks,
> 
> Avinash sridharan
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message