mesos-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kapil Arya <ka...@mesosphere.io>
Subject Re: Review Request 59001: Added volume secret isolator.
Date Sat, 06 May 2017 00:57:43 GMT


> On May 5, 2017, 2:34 p.m., Chun-Hung Hsiao wrote:
> > src/slave/containerizer/mesos/containerizer.cpp
> > Lines 228 (patched)
> > <https://reviews.apache.org/r/59001/diff/2/?file=1709304#file1709304line228>
> >
> >     <p>This might violate the assumption that there is only one filesystem
isolator. Maybe check that 'filesystem/linux' is enabled in the creator of 'volume/image'
below?</p>
> 
> Chun-Hung Hsiao wrote:
>     Please ignore the "Maybe..." question.

Thanks for the catch. I have fixed it now.


> On May 5, 2017, 2:34 p.m., Chun-Hung Hsiao wrote:
> > src/slave/containerizer/mesos/isolators/volume/secret.cpp
> > Lines 286 (patched)
> > <https://reviews.apache.org/r/59001/diff/2/?file=1709306#file1709306line286>
> >
> >     Can we just write the secret to `sandboxSecretPath`?

The idea was to have a tmpfs mount on `sandboxSecretRootDir` and copy secret file there so
that we won't persist anything on the filesystem. If my understanding is correct, we need
to copy the file _after_ the container has been created (with tmpfs mount), while the secret
is downloaded _before_ container creation. That's why the additional step.


- Kapil


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/59001/#review174051
-----------------------------------------------------------


On May 5, 2017, 8:53 p.m., Kapil Arya wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/59001/
> -----------------------------------------------------------
> 
> (Updated May 5, 2017, 8:53 p.m.)
> 
> 
> Review request for mesos, Gilbert Song, Jie Yu, and Vinod Kone.
> 
> 
> Bugs: MESOS-7418
>     https://issues.apache.org/jira/browse/MESOS-7418
> 
> 
> Repository: mesos
> 
> 
> Description
> -------
> 
> Added volume secret isolator.
> 
> 
> Diffs
> -----
> 
>   src/CMakeLists.txt 89cbd3f5a93f4891e8272d3b1136059ab1069d01 
>   src/Makefile.am 29da17bee13226e18757e2ad3a7a091427fd35f4 
>   src/slave/containerizer/mesos/containerizer.cpp b58baed64480e22f640a4852537f85922ed382ae

>   src/slave/containerizer/mesos/isolators/volume/secret.hpp PRE-CREATION 
>   src/slave/containerizer/mesos/isolators/volume/secret.cpp PRE-CREATION 
>   src/tests/CMakeLists.txt 9f2af9cdd1cf50485f4cd84ce67bcceba64b9328 
>   src/tests/containerizer/rootfs.cpp fdfecc65a3fcd19d6a4dfa574320f4d1f2755322 
>   src/tests/containerizer/volume_secret_isolator_tests.cpp PRE-CREATION 
> 
> 
> Diff: https://reviews.apache.org/r/59001/diff/3/
> 
> 
> Testing
> -------
> 
> Added new tests an ran `make check`.
> 
> 
> Thanks,
> 
> Kapil Arya
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message