mesos-reviews mailing list archives

Site index · List index

Message view	« Date » · « Thread »
Top	« Date » · « Thread »
From	Qian Zhang <zhq527...@gmail.com>
Subject	Re: Review Request 60496: Added socket checking to the network ports isolator.
Date	Sat, 16 Sep 2017 03:00:28 GMT
----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/60496/#review185517 ----------------------------------------------------------- src/slave/containerizer/mesos/isolators/network/ports.cpp Lines 421-424 (patched) <https://reviews.apache.org/r/60496/#comment261833> I did some experiments and found when I launch a comman task which is allocated with ports [31001-31005] and the command (`nc`) actually listens on 31006, then I found this task can be killed, but here the message is: ``` "Container aa99dab3-2a25-44e0-bc88-16c485c5c87a is listening on unallocated port(s) {[31006,31007)}" ``` This message seems not correct: 1. why 31007? The `nc` command only listens on 31006. And if I change the `nc` command to listen on 31009, the message will be "`... {[31009,31010)}`". 2. The brackets in `{[31006,31007)}` are not correct, it should be either `[]` or `()` but not `[)`. src/slave/containerizer/mesos/isolators/network/ports.cpp Lines 421-424 (patched) <https://reviews.apache.org/r/60496/#comment261834> We need to log this message like what we did here: https://github.com/apache/mesos/blob/1.3.1/src/slave/containerizer/mesos/isolators/cgroups/subsystems/memory.cpp#L556 - Qian Zhang On Sept. 8, 2017, 8:09 a.m., James Peach wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/60496/ > ----------------------------------------------------------- > > (Updated Sept. 8, 2017, 8:09 a.m.) > > > Review request for mesos, Qian Zhang and Jiang Yan Xu. > > > Bugs: MESOS-7675 > https://issues.apache.org/jira/browse/MESOS-7675 > > > Repository: mesos > > > Description > ------- > > Implemented ports resource restrictions in the network ports isolator. > Periodically, scan for listening sockets and match them up to all > the open sockets in the containers we are tracking in the network. > Check any sockets we find against the ports resource and trigger a > resource limitation if the port has not been allocated. > > > Diffs > ----- > > src/slave/containerizer/mesos/isolators/network/ports.hpp PRE-CREATION > src/slave/containerizer/mesos/isolators/network/ports.cpp PRE-CREATION > > > Diff: https://reviews.apache.org/r/60496/diff/18/ > > > Testing > ------- > > make check (Fedora 26) > > > Thanks, > > James Peach > >
Mime	Unnamed multipart/alternative (inline, None, 0 bytes) Unnamed text/plain (inline, 7-Bit, 2524 bytes)
	View raw message