mesos-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From James Peach <jpe...@apache.org>
Subject Re: Review Request 69086: Moved container root construction to the isolators.
Date Fri, 09 Nov 2018 22:48:55 GMT


> On Nov. 5, 2018, 5:14 a.m., Jie Yu wrote:
> > src/slave/containerizer/mesos/isolators/filesystem/linux.cpp
> > Lines 623-631 (patched)
> > <https://reviews.apache.org/r/69086/diff/6/?file=2103846#file2103846line624>
> >
> >     I don't think this is needed. `prepareMount` in launch.cpp will actual do this
implicitly. Bindly doing rslave will cause shared mount propagation feature to not work (needed
by CSI integration)

`chroot::prepare()` currently does this, which is why I kept it here. Maybe it is now OK to
drop this since `prepareMounts()` does it better?


- James


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/69086/#review210318
-----------------------------------------------------------


On Nov. 9, 2018, 12:53 a.m., James Peach wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/69086/
> -----------------------------------------------------------
> 
> (Updated Nov. 9, 2018, 12:53 a.m.)
> 
> 
> Review request for mesos, Gilbert Song, Jason Lai, Jie Yu, and Jiang Yan Xu.
> 
> 
> Bugs: MESOS-9319
>     https://issues.apache.org/jira/browse/MESOS-9319
> 
> 
> Repository: mesos
> 
> 
> Description
> -------
> 
> Previously, if the container was configured with a root filesytem,
> the root was populated by a combination of the `fs::chroot:prepare`
> API and the various isolators. The implementation details of some
> isolators had leaked into the chroot code, which had a special case
> for adding GPU devices.
> 
> This change moves all the responsibility for defining the
> root filesystem from the `fs::chroot::prepare()` API to the
> `filesystem/linux` isolator. The `filesystem/linux` isolator is
> now the single place that captures how to mount the container
> pseudo-filesystems as well as how to construct a proper `/dev`
> directory.
> 
> Since the `linux/filesystem` isolator is now entirely responsible
> for creating and mounting the container `/dev`, any other isolators
> that enable access to devices should populate device nodes in the
> container devices directory and add a corresponding bind mount.
> 
> 
> Diffs
> -----
> 
>   src/linux/fs.hpp 31969f6ba82bf5ee549bfdf9698a21adaa486a90 
>   src/linux/fs.cpp 5cdffe1f4c7f00aee5b8f640e7cfa4a0018cfa0a 
>   src/slave/containerizer/mesos/isolators/filesystem/linux.cpp c7d753ac2e5575a8d687600bfb9e0617fa72c990

>   src/slave/containerizer/mesos/isolators/gpu/isolator.hpp 4645c625877d9451516133b24bd3959e0f49c0a9

>   src/slave/containerizer/mesos/isolators/gpu/isolator.cpp 56d835779618fd965d928c6926664583e9141f79

>   src/slave/containerizer/mesos/isolators/linux/devices.cpp 8f8ff95ec3856ba06647637a80315365d0e66e23

>   src/slave/containerizer/mesos/launch.cpp 882bcdf89e2b0cca3d3f62e6d017849a51ceaead 
> 
> 
> Diff: https://reviews.apache.org/r/69086/diff/10/
> 
> 
> Testing
> -------
> 
> sudo make check (Fedora 28)
> 
> 
> Thanks,
> 
> James Peach
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message