Repository: mesos Updated Branches: refs/heads/master babb1c06e -> 93fb57f36
Synced container network configurations with host network configurations. Review: https://reviews.apache.org/r/26197 Project: http://git-wip-us.apache.org/repos/asf/mesos/repo Commit: http://git-wip-us.apache.org/repos/asf/mesos/commit/93fb57f3 Tree: http://git-wip-us.apache.org/repos/asf/mesos/tree/93fb57f3 Diff: http://git-wip-us.apache.org/repos/asf/mesos/diff/93fb57f3 Branch: refs/heads/master Commit: 93fb57f36931d8985d501fb21f710e755e2770f2 Parents: babb1c0 Author: Jie Yu <[email protected]> Authored: Tue Sep 30 15:02:00 2014 -0700 Committer: Jie Yu <[email protected]> Committed: Tue Sep 30 16:42:30 2014 -0700 ---------------------------------------------------------------------- .../isolators/network/port_mapping.cpp | 52 ++++++++++++++++++++ .../isolators/network/port_mapping.hpp | 7 +++ 2 files changed, 59 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/mesos/blob/93fb57f3/src/slave/containerizer/isolators/network/port_mapping.cpp ---------------------------------------------------------------------- diff --git a/src/slave/containerizer/isolators/network/port_mapping.cpp b/src/slave/containerizer/isolators/network/port_mapping.cpp index 2766a00..8ddfb18 100644 --- a/src/slave/containerizer/isolators/network/port_mapping.cpp +++ b/src/slave/containerizer/isolators/network/port_mapping.cpp @@ -124,6 +124,7 @@ static net::IP LOOPBACK_IP = net::IP::fromDotDecimal("127.0.0.1/8").get(); static const Interval<uint16_t> WELL_KNOWN_PORTS = (Bound<uint16_t>::closed(0), Bound<uint16_t>::open(1024)); + ///////////////////////////////////////////////// // Helper functions for the isolator. ///////////////////////////////////////////////// @@ -998,6 +999,47 @@ Try<Isolator*> PortMappingIsolatorProcess::create(const Flags& flags) ": " + write.error()); } + // Reading host network configurations. Each container will match + // these configurations. + hashset<string> procs; + + // TODO(jieyu): The following is a partial list of all the + // configurations. In the future, we may want to expose these + // configurations using ContainerInfo. + + // The kernel will use a default value for the following + // configurations inside a container. Therefore, we need to set them + // in the container to match that on the host. + procs.insert("/proc/sys/net/core/somaxconn"); + + // As of kernel 3.10, the following configurations are shared + // between host and containers, and therefore are not required to be + // set in containers. We keep them here just in case the kernel + // changes in the future. + procs.insert("/proc/sys/net/core/netdev_max_backlog"); + procs.insert("/proc/sys/net/core/rmem_max"); + procs.insert("/proc/sys/net/core/wmem_max"); + procs.insert("/proc/sys/net/ipv4/tcp_keepalive_time"); + procs.insert("/proc/sys/net/ipv4/tcp_keepalive_intvl"); + procs.insert("/proc/sys/net/ipv4/tcp_keepalive_probes"); + procs.insert("/proc/sys/net/ipv4/tcp_max_syn_backlog"); + procs.insert("/proc/sys/net/ipv4/tcp_rmem"); + procs.insert("/proc/sys/net/ipv4/tcp_retries2"); + procs.insert("/proc/sys/net/ipv4/tcp_synack_retries"); + procs.insert("/proc/sys/net/ipv4/tcp_wmem"); + procs.insert("/proc/sys/net/ipv4/neigh/default/gc_thresh1"); + procs.insert("/proc/sys/net/ipv4/neigh/default/gc_thresh2"); + procs.insert("/proc/sys/net/ipv4/neigh/default/gc_thresh3"); + + hashmap<string, string> hostNetworkConfigurations; + foreach (const string& proc, procs) { + Try<string> value = os::read(proc); + if (value.isSome()) { + LOG(INFO) << proc << " = '" << strings::trim(value.get()) << "'"; + hostNetworkConfigurations[proc] = strings::trim(value.get()); + } + } + // Self bind mount BIND_MOUNT_ROOT. Since we use a new mount // namespace for each container, for this mount point, we set // '--make-rshared' on the host and set '--make-rslave' inside each @@ -1079,6 +1121,7 @@ Try<Isolator*> PortMappingIsolatorProcess::create(const Flags& flags) hostIP.get(), hostEth0MTU.get(), hostDefaultGateway.get(), + hostNetworkConfigurations, egressRateLimitPerContainer, nonEphemeralPorts, ephemeralPortsAllocator))); @@ -2412,6 +2455,15 @@ string PortMappingIsolatorProcess::scripts(Info* info) script << "echo 1 > /proc/sys/net/ipv4/conf/" << lo << "/route_localnet\n"; } + // Configure container network to match host network configurations. + foreachpair (const string& proc, + const string& value, + hostNetworkConfigurations) { + script << "if [ -f \"" << proc << "\" ]; then\n"; + script << " echo '" << value << "' > " << proc << "\n"; + script << "fi\n"; + } + // Set up filters on lo and eth0. script << "tc qdisc add dev " << lo << " ingress\n"; script << "tc qdisc add dev " << eth0 << " ingress\n"; http://git-wip-us.apache.org/repos/asf/mesos/blob/93fb57f3/src/slave/containerizer/isolators/network/port_mapping.hpp ---------------------------------------------------------------------- diff --git a/src/slave/containerizer/isolators/network/port_mapping.hpp b/src/slave/containerizer/isolators/network/port_mapping.hpp index b624c4d..2395ec2 100644 --- a/src/slave/containerizer/isolators/network/port_mapping.hpp +++ b/src/slave/containerizer/isolators/network/port_mapping.hpp @@ -225,6 +225,7 @@ private: const net::IP& _hostIP, const size_t _hostEth0MTU, const net::IP& _hostDefaultGateway, + const hashmap<std::string, std::string>& _hostNetworkConfigurations, const Option<Bytes>& _egressRateLimitPerContainer, const IntervalSet<uint16_t>& _managedNonEphemeralPorts, const process::Owned<EphemeralPortsAllocator>& _ephemeralPortsAllocator) @@ -235,6 +236,7 @@ private: hostIP(_hostIP), hostEth0MTU(_hostEth0MTU), hostDefaultGateway(_hostDefaultGateway), + hostNetworkConfigurations(_hostNetworkConfigurations), egressRateLimitPerContainer(_egressRateLimitPerContainer), managedNonEphemeralPorts(_managedNonEphemeralPorts), ephemeralPortsAllocator(_ephemeralPortsAllocator) {} @@ -269,6 +271,11 @@ private: const size_t hostEth0MTU; const net::IP hostDefaultGateway; + // Describe the host network configurations. It is a map between + // configure proc files (e.g., /proc/sys/net/core/somaxconn) and + // values of the configure proc files. + const hashmap<std::string, std::string> hostNetworkConfigurations; + // The optional throughput limit to containers' egress traffic. const Option<Bytes> egressRateLimitPerContainer;
