mesos-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From James Peach <jpe...@apache.org>
Subject Re: Review Request 60766: Ignored containers that join CNI networks.
Date Tue, 19 Sep 2017 18:57:36 GMT


> On Sept. 19, 2017, 3:01 a.m., Qian Zhang wrote:
> > src/slave/containerizer/mesos/isolators/network/ports.cpp
> > Line 511 (original), 586-589 (patched)
> > <https://reviews.apache.org/r/60766/diff/18/?file=1828711#file1828711line586>
> >
> >     I still think it is better to raise the limitation against the nested container
rather than the root container because that will give framework more fine-grained debugging
information so that it can know which specific nested container triggered the limitation.
> >     
> >     So I think we need to enhance the implementation of `waitNestedContainer()`
to make it propagate the `reason` and `message` to the default executor, and then the default
executor can send the limitation for the nested container.

We discussed this a bit and I thought about it for a while. Right now, the resources model
for nested containers accrues resources to the root of the container tree. In all the other
isolators, when anything in the tree violates a resource constraint the whole tree is torn
down. If we send the limitation to the nested container, then an executor could reasonably
choose to leave the container tree in place and we would have some inexplicable inconsistent
behaviour.

I do generally agree that allowing leaf containers to fail would be kinder, but that seems
like part of a larger discussion about how nested containers should work. In [MESOS-7963](https://issues.apache.org/jira/browse/MESOS-7963)
I would propose retaining the current semantics of the `network/ports` isolator but ensuring
the limitation is correctly propagated.


- James


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/60766/#review185637
-----------------------------------------------------------


On Sept. 5, 2017, 5:57 p.m., James Peach wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/60766/
> -----------------------------------------------------------
> 
> (Updated Sept. 5, 2017, 5:57 p.m.)
> 
> 
> Review request for mesos, Qian Zhang and Jiang Yan Xu.
> 
> 
> Bugs: MESOS-7675
>     https://issues.apache.org/jira/browse/MESOS-7675
> 
> 
> Repository: mesos
> 
> 
> Description
> -------
> 
> Working on the assumption that containers with CNI networks will
> get their own IP addresses and don't need port isolation, ignore
> any containers that are joining CNI networks.
> 
> 
> Diffs
> -----
> 
>   src/slave/containerizer/mesos/containerizer.cpp 4d5dc13f363f5d8886983d7dd06a5cecc177c345

>   src/slave/containerizer/mesos/isolators/network/ports.hpp PRE-CREATION 
>   src/slave/containerizer/mesos/isolators/network/ports.cpp PRE-CREATION 
> 
> 
> Diff: https://reviews.apache.org/r/60766/diff/18/
> 
> 
> Testing
> -------
> 
> make check (Fedora 26).
> 
> 
> Thanks,
> 
> James Peach
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message