Repository: mesos Updated Branches: refs/heads/master 06af7a322 -> 1a82a3fb2
Updated LinuxLauncher to receive list of namespaces. MesosContainerizer looks up the list of required namespaces by calling Isolator::namespaces() for all enabled isolators and passes on this value to LinuxLauncher. Review: https://reviews.apache.org/r/35586 Project: http://git-wip-us.apache.org/repos/asf/mesos/repo Commit: http://git-wip-us.apache.org/repos/asf/mesos/commit/1a82a3fb Tree: http://git-wip-us.apache.org/repos/asf/mesos/tree/1a82a3fb Diff: http://git-wip-us.apache.org/repos/asf/mesos/diff/1a82a3fb Branch: refs/heads/master Commit: 1a82a3fb2bc717c468218384190a115b770f88c3 Parents: 2143ae0 Author: Kapil Arya <[email protected]> Authored: Tue Jun 23 12:33:41 2015 -0700 Committer: Jie Yu <[email protected]> Committed: Tue Jun 23 12:59:33 2015 -0700 ---------------------------------------------------------------------- src/slave/containerizer/linux_launcher.cpp | 36 ++++---------------- src/slave/containerizer/linux_launcher.hpp | 4 ++- src/slave/containerizer/mesos/containerizer.cpp | 14 +++++--- src/tests/isolator_tests.cpp | 15 +++++--- src/tests/port_mapping_tests.cpp | 33 ++++++++++++------ 5 files changed, 51 insertions(+), 51 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/mesos/blob/1a82a3fb/src/slave/containerizer/linux_launcher.cpp ---------------------------------------------------------------------- diff --git a/src/slave/containerizer/linux_launcher.cpp b/src/slave/containerizer/linux_launcher.cpp index 8eae258..7b24db8 100644 --- a/src/slave/containerizer/linux_launcher.cpp +++ b/src/slave/containerizer/linux_launcher.cpp @@ -75,13 +75,9 @@ LinuxLauncher::LinuxLauncher( hierarchy(_hierarchy) {} -// An old glibc might not have this symbol. -#ifndef CLONE_NEWNET -#define CLONE_NEWNET 0x40000000 -#endif - - -Try<Launcher*> LinuxLauncher::create(const Flags& flags) +Try<Launcher*> LinuxLauncher::create( + const Flags& flags, + const Option<int>& namespaces) { Try<string> hierarchy = cgroups::prepare( flags.cgroups_hierarchy, @@ -107,28 +103,10 @@ Try<Launcher*> LinuxLauncher::create(const Flags& flags) LOG(INFO) << "Using " << hierarchy.get() << " as the freezer hierarchy for the Linux launcher"; - int namespaces = 0; - -#ifdef WITH_NETWORK_ISOLATOR - // The network port mapping isolator requires network namespaces - // (CLONE_NEWNET). - if (strings::contains(flags.isolation, "network/port_mapping")) { - namespaces |= CLONE_NEWNET; - } -#endif - - if (strings::contains(flags.isolation, "filesystem/shared")) { - namespaces |= CLONE_NEWNS; - } - - // The pid namespace isolator requires pid and mount namespaces (CLONE_NEWPID - // and CLONE_NEWNS). - if (strings::contains(flags.isolation, "namespaces/pid")) { - namespaces |= CLONE_NEWPID; - namespaces |= CLONE_NEWNS; - } - - return new LinuxLauncher(flags, namespaces, hierarchy.get()); + return new LinuxLauncher( + flags, + namespaces.isSome() ? namespaces.get() : 0, + hierarchy.get()); } http://git-wip-us.apache.org/repos/asf/mesos/blob/1a82a3fb/src/slave/containerizer/linux_launcher.hpp ---------------------------------------------------------------------- diff --git a/src/slave/containerizer/linux_launcher.hpp b/src/slave/containerizer/linux_launcher.hpp index ec08e24..28a7d35 100644 --- a/src/slave/containerizer/linux_launcher.hpp +++ b/src/slave/containerizer/linux_launcher.hpp @@ -30,7 +30,9 @@ namespace slave { class LinuxLauncher : public Launcher { public: - static Try<Launcher*> create(const Flags& flags); + static Try<Launcher*> create( + const Flags& flags, + const Option<int>& namespaces); virtual ~LinuxLauncher() {} http://git-wip-us.apache.org/repos/asf/mesos/blob/1a82a3fb/src/slave/containerizer/mesos/containerizer.cpp ---------------------------------------------------------------------- diff --git a/src/slave/containerizer/mesos/containerizer.cpp b/src/slave/containerizer/mesos/containerizer.cpp index 8dd2cb6..7e3d4ba 100644 --- a/src/slave/containerizer/mesos/containerizer.cpp +++ b/src/slave/containerizer/mesos/containerizer.cpp @@ -158,13 +158,17 @@ Try<MesosContainerizer*> MesosContainerizer::create( } #ifdef __linux__ + int namespaces = 0; + foreach (const Owned<Isolator>& isolator, isolators) { + if (isolator->namespaces().get().isSome()) { + namespaces |= isolator->namespaces().get().get(); + } + } + // Determine which launcher to use based on the isolation flag. Try<Launcher*> launcher = - (strings::contains(isolation, "cgroups") || - strings::contains(isolation, "network/port_mapping") || - strings::contains(isolation, "filesystem/shared") || - strings::contains(isolation, "namespaces")) - ? LinuxLauncher::create(flags_) + (strings::contains(isolation, "cgroups") || namespaces != 0) + ? LinuxLauncher::create(flags_, namespaces) : PosixLauncher::create(flags_); #else Try<Launcher*> launcher = PosixLauncher::create(flags_); http://git-wip-us.apache.org/repos/asf/mesos/blob/1a82a3fb/src/tests/isolator_tests.cpp ---------------------------------------------------------------------- diff --git a/src/tests/isolator_tests.cpp b/src/tests/isolator_tests.cpp index c635a4d..525a5a8 100644 --- a/src/tests/isolator_tests.cpp +++ b/src/tests/isolator_tests.cpp @@ -446,7 +446,8 @@ TEST_F(LimitedCpuIsolatorTest, ROOT_CGROUPS_Cfs) Try<Isolator*> isolator = CgroupsCpushareIsolatorProcess::create(flags); CHECK_SOME(isolator); - Try<Launcher*> launcher = LinuxLauncher::create(flags); + Try<Launcher*> launcher = + LinuxLauncher::create(flags, isolator.get()->namespaces().get()); CHECK_SOME(launcher); // Set the executor's resources to 0.5 cpu. @@ -557,7 +558,8 @@ TEST_F(LimitedCpuIsolatorTest, ROOT_CGROUPS_Cfs_Big_Quota) Try<Isolator*> isolator = CgroupsCpushareIsolatorProcess::create(flags); CHECK_SOME(isolator); - Try<Launcher*> launcher = LinuxLauncher::create(flags); + Try<Launcher*> launcher = + LinuxLauncher::create(flags, isolator.get()->namespaces().get()); CHECK_SOME(launcher); // Set the executor's resources to 100.5 cpu. @@ -641,7 +643,8 @@ TEST_F(LimitedCpuIsolatorTest, ROOT_CGROUPS_Pids_and_Tids) Try<Isolator*> isolator = CgroupsCpushareIsolatorProcess::create(flags); CHECK_SOME(isolator); - Try<Launcher*> launcher = LinuxLauncher::create(flags); + Try<Launcher*> launcher = + LinuxLauncher::create(flags, isolator.get()->namespaces().get()); CHECK_SOME(launcher); ExecutorInfo executorInfo; @@ -913,7 +916,8 @@ TEST_F(SharedFilesystemIsolatorTest, ROOT_RelativeVolume) Try<Isolator*> isolator = SharedFilesystemIsolatorProcess::create(flags); CHECK_SOME(isolator); - Try<Launcher*> launcher = LinuxLauncher::create(flags); + Try<Launcher*> launcher = + LinuxLauncher::create(flags, isolator.get()->namespaces().get()); CHECK_SOME(launcher); // Use /var/tmp so we don't mask the work directory (under /tmp). @@ -1013,7 +1017,8 @@ TEST_F(SharedFilesystemIsolatorTest, ROOT_AbsoluteVolume) Try<Isolator*> isolator = SharedFilesystemIsolatorProcess::create(flags); CHECK_SOME(isolator); - Try<Launcher*> launcher = LinuxLauncher::create(flags); + Try<Launcher*> launcher = + LinuxLauncher::create(flags, isolator.get()->namespaces().get()); CHECK_SOME(launcher); // We'll mount the absolute test work directory as /var/tmp in the http://git-wip-us.apache.org/repos/asf/mesos/blob/1a82a3fb/src/tests/port_mapping_tests.cpp ---------------------------------------------------------------------- diff --git a/src/tests/port_mapping_tests.cpp b/src/tests/port_mapping_tests.cpp index 9923aa6..ac49cdf 100644 --- a/src/tests/port_mapping_tests.cpp +++ b/src/tests/port_mapping_tests.cpp @@ -434,7 +434,8 @@ TEST_F(PortMappingIsolatorTest, ROOT_ContainerToContainerTCP) Try<Isolator*> isolator = PortMappingIsolatorProcess::create(flags); CHECK_SOME(isolator); - Try<Launcher*> launcher = LinuxLauncher::create(flags); + Try<Launcher*> launcher = + LinuxLauncher::create(flags, isolator.get()->namespaces().get()); CHECK_SOME(launcher); // Set the executor's resources. @@ -593,7 +594,8 @@ TEST_F(PortMappingIsolatorTest, ROOT_ContainerToContainerUDP) Try<Isolator*> isolator = PortMappingIsolatorProcess::create(flags); CHECK_SOME(isolator); - Try<Launcher*> launcher = LinuxLauncher::create(flags); + Try<Launcher*> launcher = + LinuxLauncher::create(flags, isolator.get()->namespaces().get()); CHECK_SOME(launcher); // Set the executor's resources. @@ -754,7 +756,8 @@ TEST_F(PortMappingIsolatorTest, ROOT_HostToContainerUDP) Try<Isolator*> isolator = PortMappingIsolatorProcess::create(flags); CHECK_SOME(isolator); - Try<Launcher*> launcher = LinuxLauncher::create(flags); + Try<Launcher*> launcher = + LinuxLauncher::create(flags, isolator.get()->namespaces().get()); CHECK_SOME(launcher); // Set the executor's resources. @@ -870,7 +873,8 @@ TEST_F(PortMappingIsolatorTest, ROOT_HostToContainerTCP) Try<Isolator*> isolator = PortMappingIsolatorProcess::create(flags); CHECK_SOME(isolator); - Try<Launcher*> launcher = LinuxLauncher::create(flags); + Try<Launcher*> launcher = + LinuxLauncher::create(flags, isolator.get()->namespaces().get()); CHECK_SOME(launcher); // Set the executor's resources. @@ -994,7 +998,8 @@ TEST_F(PortMappingIsolatorTest, ROOT_ContainerICMPExternal) Try<Isolator*> isolator = PortMappingIsolatorProcess::create(flags); CHECK_SOME(isolator); - Try<Launcher*> launcher = LinuxLauncher::create(flags); + Try<Launcher*> launcher = + LinuxLauncher::create(flags, isolator.get()->namespaces().get()); CHECK_SOME(launcher); // Set the executor's resources. @@ -1079,7 +1084,8 @@ TEST_F(PortMappingIsolatorTest, ROOT_ContainerICMPInternal) Try<Isolator*> isolator = PortMappingIsolatorProcess::create(flags); CHECK_SOME(isolator); - Try<Launcher*> launcher = LinuxLauncher::create(flags); + Try<Launcher*> launcher = + LinuxLauncher::create(flags, isolator.get()->namespaces().get()); CHECK_SOME(launcher); // Set the executor's resources. @@ -1167,7 +1173,8 @@ TEST_F(PortMappingIsolatorTest, ROOT_ContainerARPExternal) Try<Isolator*> isolator = PortMappingIsolatorProcess::create(flags); CHECK_SOME(isolator); - Try<Launcher*> launcher = LinuxLauncher::create(flags); + Try<Launcher*> launcher = + LinuxLauncher::create(flags, isolator.get()->namespaces().get()); CHECK_SOME(launcher); // Set the executor's resources. @@ -1261,7 +1268,8 @@ TEST_F(PortMappingIsolatorTest, ROOT_DNS) Try<Isolator*> isolator = PortMappingIsolatorProcess::create(flags); CHECK_SOME(isolator); - Try<Launcher*> launcher = LinuxLauncher::create(flags); + Try<Launcher*> launcher = + LinuxLauncher::create(flags, isolator.get()->namespaces().get()); CHECK_SOME(launcher); // Set the executor's resources. @@ -1351,7 +1359,8 @@ TEST_F(PortMappingIsolatorTest, ROOT_TooManyContainers) Try<Isolator*> isolator = PortMappingIsolatorProcess::create(flags); CHECK_SOME(isolator); - Try<Launcher*> launcher = LinuxLauncher::create(flags); + Try<Launcher*> launcher = + LinuxLauncher::create(flags, isolator.get()->namespaces().get()); CHECK_SOME(launcher); // Set the executor's resources. @@ -1459,7 +1468,8 @@ TEST_F(PortMappingIsolatorTest, ROOT_SmallEgressLimit) Try<Isolator*> isolator = PortMappingIsolatorProcess::create(flags); CHECK_SOME(isolator); - Try<Launcher*> launcher = LinuxLauncher::create(flags); + Try<Launcher*> launcher = + LinuxLauncher::create(flags, isolator.get()->namespaces().get()); CHECK_SOME(launcher); // Open an nc server on the host side. Note that 'invalidPort' is in @@ -1610,7 +1620,8 @@ TEST_F(PortMappingIsolatorTest, ROOT_PortMappingStatistics) Try<Isolator*> isolator = PortMappingIsolatorProcess::create(flags); CHECK_SOME(isolator); - Try<Launcher*> launcher = LinuxLauncher::create(flags); + Try<Launcher*> launcher = + LinuxLauncher::create(flags, isolator.get()->namespaces().get()); CHECK_SOME(launcher); // Open an nc server on the host side. Note that 'invalidPort' is
