mesos-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andrei Budnik <abud...@mesosphere.com>
Subject Re: Review Request 71965: Cgroups isolator: added support for nested cgroups during launch.
Date Thu, 16 Jan 2020 17:43:19 GMT


> On Янв. 13, 2020, 3:21 д.п., Qian Zhang wrote:
> > src/slave/containerizer/mesos/isolators/cgroups/cgroups.cpp
> > Line 411 (original), 425 (patched)
> > <https://reviews.apache.org/r/71965/diff/1/?file=2199231#file2199231line425>
> >
> >     s/root/parent/, see the definition of the field `share_cgroups`: https://github.com/apache/mesos/blob/master/include/mesos/v1/mesos.proto#L3335:L3348
.

I have to update `CgroupsIsolatorProcess::__prepare` method to add a search for the first
ancestor who has `share_cgroups=false`. Does it make sense?


> On Янв. 13, 2020, 3:21 д.п., Qian Zhang wrote:
> > src/slave/containerizer/mesos/isolators/cgroups/cgroups.cpp
> > Lines 435 (patched)
> > <https://reviews.apache.org/r/71965/diff/1/?file=2199231#file2199231line435>
> >
> >     Here I think we need a special handling for 2nd level nested containers, i.e.,
for such containers the `share_cgroups` field will be ignored and they should always share
cgroups from its parent container, see https://github.com/apache/mesos/blob/master/include/mesos/v1/mesos.proto#L3340:L3343
.

Is this still actual after our discussion?


> On Янв. 13, 2020, 3:21 д.п., Qian Zhang wrote:
> > src/slave/containerizer/mesos/isolators/cgroups/cgroups.cpp
> > Line 459 (original), 480 (patched)
> > <https://reviews.apache.org/r/71965/diff/1/?file=2199231#file2199231line480>
> >
> >     I think now we need to do this for nested containers whose `share_cgroups` is
false, because they may need to create cgroups under their own nested cgroups.

Do we allow creating cgroups under nested cgroups of those nested containers? Since we do
not use a `mesos` separator, the cgroups isolator may pick up those underlying cgroups during
recovery, which is not what expected.


> On Янв. 13, 2020, 3:21 д.п., Qian Zhang wrote:
> > src/slave/containerizer/mesos/isolators/cgroups/cgroups.cpp
> > Lines 610-614 (original), 634 (patched)
> > <https://reviews.apache.org/r/71965/diff/1/?file=2199231#file2199231line634>
> >
> >     Linux launcher creates freezer and systemd cgroups with `mesos` as separator,
but here you use `""` as separator, will that be a problem? Or you want to change Linux launcher's
code to make it consistent with the code here?

Empty separator shouldn't be a problem.
I'd prefer making it consistent by not using a separator in the Linux launcher, but it seems
that it's a non-goal for the vertical bursting feature.

I can file a ticket for that and add a comment here, which refers to the ticket.


> On Янв. 13, 2020, 3:21 д.п., Qian Zhang wrote:
> > src/slave/containerizer/mesos/isolators/cgroups/cgroups.cpp
> > Lines 779-785 (original), 797-803 (patched)
> > <https://reviews.apache.org/r/71965/diff/1/?file=2199231#file2199231line806>
> >
> >     This logic is correct for root container since we will return an `Unknown container`
failure for it if `infos` does not contain it, but it seems not correct for the nested container
whose `share_cgroup` is false, for such container, if `infos` does not contain it, we will
always return a pending future but never return the `unknown container` failure, that might
hide some errors in our code. I think we should also return an `Unknown container` failure
for the nested container whose `share_cgroup` is false and somehow `infos` does not contain
it. HDYT?

That's a good point!
Unfortunately, `share_cgroup` flag is unknown for terminated containers. A terminated nested
container with `share_cgroup=false` is indistinguishable from a running container with `share_cgroup=true`,
because they both are not presented in the `infos`.
We can keep `Info` for all existing containers and add `share_cgroup` field to it.


- Andrei


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/71965/#review219227
-----------------------------------------------------------


On Янв. 9, 2020, 9:03 п.п., Andrei Budnik wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/71965/
> -----------------------------------------------------------
> 
> (Updated Янв. 9, 2020, 9:03 п.п.)
> 
> 
> Review request for mesos, Greg Mann and Qian Zhang.
> 
> 
> Bugs: MESOS-10076
>     https://issues.apache.org/jira/browse/MESOS-10076
> 
> 
> Repository: mesos
> 
> 
> Description
> -------
> 
> This patch adds support for nested cgroups for nested containers.
> Nested cgroups are created only for a nested container with explicitly
> enabled `share_cgroups` flag. The cgroups isolator stores info about
> nested cgroups in the `infos` class variable, which is used to
> determine whether a nested container has its nested cgroup.
> 
> 
> Diffs
> -----
> 
>   src/slave/containerizer/mesos/isolators/cgroups/cgroups.hpp 4bd3d6dad37dee031660c15e957cc36f63e21fcb

>   src/slave/containerizer/mesos/isolators/cgroups/cgroups.cpp b12b73d8e0161d448075378765e77867521de04e

> 
> 
> Diff: https://reviews.apache.org/r/71965/diff/1/
> 
> 
> Testing
> -------
> 
> 
> Thanks,
> 
> Andrei Budnik
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message