mesos-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From James Peach <jpe...@apache.org>
Subject Re: Review Request 60496: Added socket checking to the network ports isolator.
Date Mon, 18 Sep 2017 23:42:10 GMT


> On Sept. 16, 2017, 3 a.m., Qian Zhang wrote:
> > src/slave/containerizer/mesos/isolators/network/ports.cpp
> > Lines 421-424 (patched)
> > <https://reviews.apache.org/r/60496/diff/18/?file=1818175#file1818175line421>
> >
> >     I did some experiments and found when I launch a comman task which is allocated
with ports [31001-31005] and the command (`nc`) actually listens on 31006, then I found this
task can be killed, but here the message is:
> >     ```
> >     "Container aa99dab3-2a25-44e0-bc88-16c485c5c87a is listening on unallocated
port(s) {[31006,31007)}"
> >     ```
> >     This message seems not correct:
> >     1. why 31007? The `nc` command only listens on 31006. And if I change the `nc`
command to listen on 31009, the message will be "`... {[31009,31010)}`".
> >     2. The brackets in `{[31006,31007)}` are not correct, it should be either `[]`
or `()` but not `[)`.

This is interval set notation produces by converting an `IntervalSet` to a string. `[31006,31007)`
means the interval that is `>= 31006` and `< 31007`.


> On Sept. 16, 2017, 3 a.m., Qian Zhang wrote:
> > src/slave/containerizer/mesos/isolators/network/ports.cpp
> > Lines 421-424 (patched)
> > <https://reviews.apache.org/r/60496/diff/18/?file=1818175#file1818175line421>
> >
> >     We need to log this message like what we did here:
> >     https://github.com/apache/mesos/blob/1.3.1/src/slave/containerizer/mesos/isolators/cgroups/subsystems/memory.cpp#L556

Do you mean that we should add a second log message of the form "Ports limit exceeded: Requested:
<resources1> Maximum Used: <resources2>"? If we are strictly consistent, then
"<resources2>" would be the actual ports used and the operator would need to mentally
perform the subtraction. We previously agreed to log only the ports outside the allocated
range.

I'm fine with the general form of the message, but we probably want to rephrase is slightly?


- James


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/60496/#review185517
-----------------------------------------------------------


On Sept. 8, 2017, 12:09 a.m., James Peach wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/60496/
> -----------------------------------------------------------
> 
> (Updated Sept. 8, 2017, 12:09 a.m.)
> 
> 
> Review request for mesos, Qian Zhang and Jiang Yan Xu.
> 
> 
> Bugs: MESOS-7675
>     https://issues.apache.org/jira/browse/MESOS-7675
> 
> 
> Repository: mesos
> 
> 
> Description
> -------
> 
> Implemented ports resource restrictions in the network ports isolator.
> Periodically, scan for listening sockets and match them up to all
> the open sockets in the containers we are tracking in the network.
> Check any sockets we find against the ports resource and trigger a
> resource limitation if the port has not been allocated.
> 
> 
> Diffs
> -----
> 
>   src/slave/containerizer/mesos/isolators/network/ports.hpp PRE-CREATION 
>   src/slave/containerizer/mesos/isolators/network/ports.cpp PRE-CREATION 
> 
> 
> Diff: https://reviews.apache.org/r/60496/diff/18/
> 
> 
> Testing
> -------
> 
> make check (Fedora 26)
> 
> 
> Thanks,
> 
> James Peach
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message