mesos-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jie Yu <yujie....@gmail.com>
Subject Re: Review Request 53354: Updated namespace isolators to customize based on 'ContainerClass'.
Date Thu, 03 Nov 2016 21:03:26 GMT


> On Nov. 3, 2016, 6:18 p.m., Jie Yu wrote:
> > src/slave/containerizer/mesos/isolators/filesystem/linux.cpp, lines 383-399
> > <https://reviews.apache.org/r/53354/diff/1/?file=1551051#file1551051line383>
> >
> >     Do you need to do this if the container class is DEBUG? Since you are entering
the mount namespace of the parent and the parent container has already done this, do you need
this?
> 
> Kevin Klues wrote:
>     We don't do this. If you look in `prepare()` we exit out in the `DEBUG` case before
we ever call this function.

aha, nvm. I missed the short circut above.


> On Nov. 3, 2016, 6:18 p.m., Jie Yu wrote:
> > src/slave/containerizer/mesos/isolators/filesystem/linux.cpp, line 408
> > <https://reviews.apache.org/r/53354/diff/1/?file=1551051#file1551051line408>
> >
> >     I think with the validation I mentioned above, you probably should add a CHECK
to make sure it's not a debug container.
> 
> Kevin Klues wrote:
>     As above, we never call this in teh case of a DEBUG container.

my bad. But let's add some validation above to make sure we return an error if someone specifies
volumes or container image for a debug container.


- Jie


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/53354/#review154782
-----------------------------------------------------------


On Nov. 1, 2016, 10:29 p.m., Kevin Klues wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/53354/
> -----------------------------------------------------------
> 
> (Updated Nov. 1, 2016, 10:29 p.m.)
> 
> 
> Review request for mesos and Jie Yu.
> 
> 
> Bugs: MESOS-6464
>     https://issues.apache.org/jira/browse/MESOS-6464
> 
> 
> Repository: mesos
> 
> 
> Description
> -------
> 
> The namespace-related isolators now do different things depending on
> whether they are launching a "normal" nested container or a "debug"
> nested container. Normal nested containers clone a new mount namespace
> as well as a new pid namespace. Debug nested cotnainers do not -- they
> simply inherit these namespaces from their parent.
> 
> 
> Diffs
> -----
> 
>   src/slave/containerizer/mesos/containerizer.cpp 67cc595278f124cdf518d2f4fcfb257439f067e2

>   src/slave/containerizer/mesos/isolators/docker/volume/isolator.cpp af9f3736b487b595e8768e56ce60dc4823db28a1

>   src/slave/containerizer/mesos/isolators/filesystem/linux.cpp df16b8fee6799a69c7d96f33a5049bd9787c48f5

>   src/slave/containerizer/mesos/isolators/filesystem/shared.cpp a1283e5ee92c916baaf9fca8ce314d597e8421b3

>   src/slave/containerizer/mesos/isolators/gpu/isolator.cpp e3756c920081f2944bf4b640edf0a83f42784586

>   src/slave/containerizer/mesos/isolators/namespaces/pid.cpp 0d9ec57d9aa83bcc6cc2e5a8d75f2e2251179b1b

>   src/slave/containerizer/mesos/isolators/network/cni/cni.cpp 939142e36b926d9e4201d35dedd25e32e9f8c63c

>   src/slave/containerizer/mesos/isolators/network/port_mapping.cpp 48202fb5bf1ede71b80760844c6d8a36ca7c700c

>   src/slave/containerizer/mesos/isolators/volume/image.cpp 210e67ad0d84f52135e77184f21e574c9e31628d

>   src/slave/containerizer/mesos/isolators/volume/sandbox_path.cpp 7b976d29226c3e0a4d52922e9d2f7e685de72297

>   src/slave/containerizer/mesos/linux_launcher.cpp 0305d14c1f791c93edcd3b32786b483b15f40a2d

>   src/tests/containerizer/nested_mesos_containerizer_tests.cpp e6c690c411f57138207044f31b4816bd4090c1b7

> 
> Diff: https://reviews.apache.org/r/53354/diff/
> 
> 
> Testing
> -------
> 
> make -j check
> (Some tests are still fialing though -- need to debug)
> 
> 
> Thanks,
> 
> Kevin Klues
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message