mesos-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sagar Patwardhan <sagar...@gmail.com>
Subject Re: Review Request 65987: Allow nested containers in pods to have separate namespaces(Ref: MESOS-8534).
Date Tue, 13 Mar 2018 00:44:19 GMT


> On March 9, 2018, 11:40 p.m., Jie Yu wrote:
> > src/slave/containerizer/mesos/isolators/network/cni/cni.cpp
> > Line 389 (original), 389-397 (patched)
> > <https://reviews.apache.org/r/65987/diff/1/?file=1972679#file1972679line389>
> >
> >     Instead of relying on an additional checkpoint file, I think we can infer if
a nested container joins its parent container's network or not by first listing all entries
in `rootDir`, and then recover those known containers, and then cleanup unknown orphans. Something
like the following:
> >     
> >     ```
> >     // Build ContainerID -> ContainerState mapping
> >     // List rootDir
> >     // For each entry, find the corresponding ContainerState state (state is optional)
> >     // Call _recover(containerId, state), if containerId is nested, set joinsParentsNetwork
to false.
> >     // Cleanup unknown orphans (not in container state mapping or orphans map)
> >     ```

This is a good idea.


> On March 9, 2018, 11:40 p.m., Jie Yu wrote:
> > src/slave/containerizer/mesos/isolators/network/cni/cni.cpp
> > Lines 1269-1285 (patched)
> > <https://reviews.apache.org/r/65987/diff/1/?file=1972679#file1972679line1303>
> >
> >     I don't think we need to checkpoint this additional information. You should
be able to infer if a nested container has its own network namespace or not by checking if
there's a container directory under `cni::paths::ROOT_DIR`. See src/slave/containerizer/mesos/isolators/network/cni/paths.hpp

Yeah, you are right. Did not consider this! :(


> On March 9, 2018, 11:40 p.m., Jie Yu wrote:
> > src/slave/containerizer/mesos/isolators/network/cni/cni.cpp
> > Lines 1488 (patched)
> > <https://reviews.apache.org/r/65987/diff/1/?file=1972679#file1972679line1526>
> >
> >     What about top level containers? I think `joinParentsNetwork` should be orthogonol
to whether it is nested or not. Top level container can join its parent's network (agent)
too.
> >     
> >     If you think about that way, here we should do
> >     ```
> >     if (isNestedContainer && joinsParentsNetwork)
> >     ```

hmm.. did not think about it.


- Sagar


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/65987/#review198968
-----------------------------------------------------------


On March 8, 2018, 5:07 p.m., Sagar Patwardhan wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/65987/
> -----------------------------------------------------------
> 
> (Updated March 8, 2018, 5:07 p.m.)
> 
> 
> Review request for mesos and Jie Yu.
> 
> 
> Bugs: MESOS-8534
>     https://issues.apache.org/jira/browse/MESOS-8534
> 
> 
> Repository: mesos
> 
> 
> Description
> -------
> 
> Continued from https://github.com/apache/mesos/pull/263
> 
> 
> Diffs
> -----
> 
>   src/master/validation.cpp f0b86775b7919ba6aa4a73038edb78a0adca68f4 
>   src/slave/containerizer/mesos/isolators/network/cni/cni.hpp 1d01915c2db66e54ed68a3dbaa12ea061ca5f6b2

>   src/slave/containerizer/mesos/isolators/network/cni/cni.cpp 896656987012b3ffe5008ce6873c9a5249c058de

>   src/slave/containerizer/mesos/isolators/network/cni/paths.hpp 7678a7c81c3cdb27410c1f066021eb34bd02a83f

>   src/slave/containerizer/mesos/isolators/network/cni/paths.cpp f9056c90f1075cb19c4f554e7d5b629561d06035

> 
> 
> Diff: https://reviews.apache.org/r/65987/diff/1/
> 
> 
> Testing
> -------
> 
> Manually tested.
> 
> Working on unit tests.
> 
> 
> Thanks,
> 
> Sagar Patwardhan
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message