mesos-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jie Yu <yujie....@gmail.com>
Subject Re: Review Request 51857: Modified the `network/cni` isolator to be nesting aware.
Date Wed, 21 Sep 2016 00:54:01 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/51857/#review149767
-----------------------------------------------------------




src/slave/containerizer/mesos/isolators/network/cni/cni.cpp (line 378)
<https://reviews.apache.org/r/51857/#comment217471>

    Should we skip nested container recover here? It's better to be explicit.



src/slave/containerizer/mesos/isolators/network/cni/cni.cpp (line 612)
<https://reviews.apache.org/r/51857/#comment217468>

    We need to return failure if parent does not exist.



src/slave/containerizer/mesos/isolators/network/cni/cni.cpp (lines 684 - 685)
<https://reviews.apache.org/r/51857/#comment217469>

    I would also mentioned that we need a mount namespace because we need to bind mount /etc/
files



src/slave/containerizer/mesos/isolators/network/cni/cni.cpp (line 706)
<https://reviews.apache.org/r/51857/#comment217470>

    For the contaienr (both top level or nested)



src/slave/containerizer/mesos/isolators/network/cni/cni.cpp (line 1249)
<https://reviews.apache.org/r/51857/#comment217473>

    Let's add a nested container check similar to what we have in cgroups isolator:
    ```
    if (containerId.has_parent()) {
      return Failure("Not supported for nested containers");
    }
    ```



src/slave/containerizer/mesos/isolators/network/cni/cni.cpp (line 1253)
<https://reviews.apache.org/r/51857/#comment217472>

    Also, you should mention that we don't maintain info for nested container. IP address
can be obtained from its parent container.



src/slave/containerizer/mesos/isolators/network/cni/cni.cpp (line 1312)
<https://reviews.apache.org/r/51857/#comment217474>

    s/child/nested/



src/slave/containerizer/mesos/isolators/network/cni/cni.cpp (lines 1644 - 1649)
<https://reviews.apache.org/r/51857/#comment217476>

    What if the top level container join non-host network but its child container join host
network without a rootfs? Looks like we do need to setup etc files in that case because the
host etc files won't work?
    
    Maybe, it's time to address this TODO?


- Jie Yu


On Sept. 21, 2016, 12:06 a.m., Avinash sridharan wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/51857/
> -----------------------------------------------------------
> 
> (Updated Sept. 21, 2016, 12:06 a.m.)
> 
> 
> Review request for mesos, Gilbert Song, Jie Yu, Joseph Wu, and Qian Zhang.
> 
> 
> Bugs: MESOS-6156
>     https://issues.apache.org/jira/browse/MESOS-6156
> 
> 
> Repository: mesos
> 
> 
> Description
> -------
> 
> The network file setup in the `network/cni` isolator is now nesting
> aware. Since the children share the network and UTS namespace with the
> parent, the network files need to be created only for the parent
> container. For the child containers, the network files will be simply
> a bind mount of the parents network files.
> 
> 
> Diffs
> -----
> 
>   src/slave/containerizer/mesos/isolators/network/cni/cni.hpp 949da8f70fb1cd13d6359780b032cb170693ea3e

>   src/slave/containerizer/mesos/isolators/network/cni/cni.cpp 359479083894e887647a694a1a133dce44817073

> 
> Diff: https://reviews.apache.org/r/51857/diff/
> 
> 
> Testing
> -------
> 
> make 
> make check
> and
> sudo ./bin/mesos-tests.sh
> 
> The only tests that failed were the SUDO make check tests:
> [  FAILED  ] 3 tests, listed below:
> [  FAILED  ] CgroupsAnyHierarchyWithCpuMemoryTest.ROOT_CGROUPS_Listen
> [  FAILED  ] CgroupsAnyHierarchyMemoryPressureTest.ROOT_IncreaseRSS
> [  FAILED  ] LinuxFilesystemIsolatorTest.ROOT_RecoverOrphanedPersistentVolume
> 
> 
> Thanks,
> 
> Avinash sridharan
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message