Repository: mesos Updated Branches: refs/heads/master aca54a479 -> 3eb6382f8
Documentation for filesystem/shared isolator. Review: https://reviews.apache.org/r/27584 Project: http://git-wip-us.apache.org/repos/asf/mesos/repo Commit: http://git-wip-us.apache.org/repos/asf/mesos/commit/47da3b8d Tree: http://git-wip-us.apache.org/repos/asf/mesos/tree/47da3b8d Diff: http://git-wip-us.apache.org/repos/asf/mesos/diff/47da3b8d Branch: refs/heads/master Commit: 47da3b8dec270a05843f0dfb17ec59421d7c21eb Parents: aca54a4 Author: Ian Downes <[email protected]> Authored: Tue Nov 4 11:25:31 2014 -0800 Committer: Ian Downes <[email protected]> Committed: Tue Nov 4 12:10:48 2014 -0800 ---------------------------------------------------------------------- docs/mesos-containerizer.md | 42 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/mesos/blob/47da3b8d/docs/mesos-containerizer.md ---------------------------------------------------------------------- diff --git a/docs/mesos-containerizer.md b/docs/mesos-containerizer.md new file mode 100644 index 0000000..7170a83 --- /dev/null +++ b/docs/mesos-containerizer.md @@ -0,0 +1,42 @@ +--- +layout: documentaiton +--- + +# Mesos Containerizer + +The MesosContainerizer provides lightweight containerization and +resource isolation of executors using Linux-specific functionality +such as control cgroups and namespaces. It is composable so operators +can selectively enable different isolators. + +It also provides basic support for POSIX systems (e.g., OSX) but +without any actual isolation, only resource usage reporting. + +### Shared Filesystem + +The SharedFilesystem isolator can optionally be used on Linux hosts to +enable modifications to each container's view of the shared +filesystem. + +The modifications are specified in the ContainerInfo included in the +ExecutorInfo, either by a framework or by using the +--default\_container\_info slave flag. + +ContainerInfo specifies Volumes which map parts of the shared +filesystem (host\_path) into the container's view of the filesystem +(container\_path), as read-write or read-only. The host\_path can be +absolute, in which case it will make the filesystem subtree rooted at +host\_path also accessible under container\_path for each container. +If host\_path is relative then it is considered as a directory +relative to the executor's work directory. The directory will be +created and permissions copied from the corresponding directory (which +must exist) in the shared filesystem. + +The primary use-case for this isolator is to selectively make parts of +the shared filesystem private to each container. For example, a +private "/tmp" directory can be achieved with host\_path="tmp" and +container\_path="/tmp" which will create a directory "tmp" inside the +executor's work directory (mode 1777) and simultaneously mount it as +/tmp inside the container. This is transparent to processes running +inside the container. Containers will not be able to see the host's +/tmp or any other container's /tmp.
