Updated Isolator to return required namespaces. This would enable the MesosContainerizer to pass on a list of namespaces to LinuxLauncher instead of having LinuxLauncher guess it from the isolation flags.
Review: https://reviews.apache.org/r/35585 Project: http://git-wip-us.apache.org/repos/asf/mesos/repo Commit: http://git-wip-us.apache.org/repos/asf/mesos/commit/2143ae03 Tree: http://git-wip-us.apache.org/repos/asf/mesos/tree/2143ae03 Diff: http://git-wip-us.apache.org/repos/asf/mesos/diff/2143ae03 Branch: refs/heads/master Commit: 2143ae0315990ed663bf5810a801adeacff3a986 Parents: 06af7a3 Author: Kapil Arya <[email protected]> Authored: Tue Jun 23 12:32:32 2015 -0700 Committer: Jie Yu <[email protected]> Committed: Tue Jun 23 12:59:33 2015 -0700 ---------------------------------------------------------------------- include/mesos/slave/isolator.hpp | 12 ++++++++++++ src/slave/containerizer/isolator.cpp | 6 ++++++ src/slave/containerizer/isolators/filesystem/shared.cpp | 8 ++++++++ src/slave/containerizer/isolators/filesystem/shared.hpp | 2 ++ src/slave/containerizer/isolators/namespaces/pid.cpp | 6 ++++++ src/slave/containerizer/isolators/namespaces/pid.hpp | 2 ++ .../containerizer/isolators/network/port_mapping.cpp | 6 ++++++ .../containerizer/isolators/network/port_mapping.hpp | 2 ++ 8 files changed, 44 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/mesos/blob/2143ae03/include/mesos/slave/isolator.hpp ---------------------------------------------------------------------- diff --git a/include/mesos/slave/isolator.hpp b/include/mesos/slave/isolator.hpp index 18edc03..ef2205d 100644 --- a/include/mesos/slave/isolator.hpp +++ b/include/mesos/slave/isolator.hpp @@ -30,6 +30,7 @@ #include <process/process.hpp> #include <stout/hashset.hpp> +#include <stout/option.hpp> #include <stout/try.hpp> namespace mesos { @@ -81,6 +82,15 @@ public: explicit Isolator(process::Owned<IsolatorProcess> process); ~Isolator(); + // Returns the namespaces required by the isolator. The namespaces + // are created while launching the executor. Isolators may return + // a None() to indicate that they don't require any namespaces + // (e.g., Isolators for OS X). + // TODO(karya): Since namespaces are Linux-only, create a separate + // LinuxIsolator (and corresponding LinuxIsolatorProcess) class + // for Linux-specific isolators. + process::Future<Option<int>> namespaces(); + // Recover containers from the run states and the orphan containers // (known to the launcher but not known to the slave) detected by // the launcher. @@ -137,6 +147,8 @@ class IsolatorProcess : public process::Process<IsolatorProcess> public: virtual ~IsolatorProcess() {} + virtual process::Future<Option<int>> namespaces() { return None(); } + virtual process::Future<Nothing> recover( const std::list<ExecutorRunState>& state, const hashset<ContainerID>& orphans) = 0; http://git-wip-us.apache.org/repos/asf/mesos/blob/2143ae03/src/slave/containerizer/isolator.cpp ---------------------------------------------------------------------- diff --git a/src/slave/containerizer/isolator.cpp b/src/slave/containerizer/isolator.cpp index d51ecc9..278824c 100644 --- a/src/slave/containerizer/isolator.cpp +++ b/src/slave/containerizer/isolator.cpp @@ -42,6 +42,12 @@ Isolator::~Isolator() } +Future<Option<int>> Isolator::namespaces() +{ + return dispatch(process.get(), &IsolatorProcess::namespaces); +} + + Future<Nothing> Isolator::recover( const list<ExecutorRunState>& state, const hashset<ContainerID>& orphans) http://git-wip-us.apache.org/repos/asf/mesos/blob/2143ae03/src/slave/containerizer/isolators/filesystem/shared.cpp ---------------------------------------------------------------------- diff --git a/src/slave/containerizer/isolators/filesystem/shared.cpp b/src/slave/containerizer/isolators/filesystem/shared.cpp index 5049306..24f3074 100644 --- a/src/slave/containerizer/isolators/filesystem/shared.cpp +++ b/src/slave/containerizer/isolators/filesystem/shared.cpp @@ -18,6 +18,8 @@ #include <set> +#include "linux/ns.hpp" + #include "slave/containerizer/isolators/filesystem/shared.hpp" using namespace process; @@ -62,6 +64,12 @@ Try<Isolator*> SharedFilesystemIsolatorProcess::create(const Flags& flags) } +process::Future<Option<int>> SharedFilesystemIsolatorProcess::namespaces() +{ + return CLONE_NEWNS; +} + + Future<Nothing> SharedFilesystemIsolatorProcess::recover( const list<ExecutorRunState>& states, const hashset<ContainerID>& orphans) http://git-wip-us.apache.org/repos/asf/mesos/blob/2143ae03/src/slave/containerizer/isolators/filesystem/shared.hpp ---------------------------------------------------------------------- diff --git a/src/slave/containerizer/isolators/filesystem/shared.hpp b/src/slave/containerizer/isolators/filesystem/shared.hpp index 08c6ffe..4d7d9a9 100644 --- a/src/slave/containerizer/isolators/filesystem/shared.hpp +++ b/src/slave/containerizer/isolators/filesystem/shared.hpp @@ -39,6 +39,8 @@ public: virtual ~SharedFilesystemIsolatorProcess(); + virtual process::Future<Option<int>> namespaces(); + virtual process::Future<Nothing> recover( const std::list<mesos::slave::ExecutorRunState>& states, const hashset<ContainerID>& orphans); http://git-wip-us.apache.org/repos/asf/mesos/blob/2143ae03/src/slave/containerizer/isolators/namespaces/pid.cpp ---------------------------------------------------------------------- diff --git a/src/slave/containerizer/isolators/namespaces/pid.cpp b/src/slave/containerizer/isolators/namespaces/pid.cpp index c6b28aa..5de0791 100644 --- a/src/slave/containerizer/isolators/namespaces/pid.cpp +++ b/src/slave/containerizer/isolators/namespaces/pid.cpp @@ -121,6 +121,12 @@ Result<ino_t> NamespacesPidIsolatorProcess::getNamespace( } +process::Future<Option<int>> NamespacesPidIsolatorProcess::namespaces() +{ + return CLONE_NEWPID | CLONE_NEWNS; +} + + Future<Nothing> NamespacesPidIsolatorProcess::recover( const list<ExecutorRunState>& states, const hashset<ContainerID>& orphans) http://git-wip-us.apache.org/repos/asf/mesos/blob/2143ae03/src/slave/containerizer/isolators/namespaces/pid.hpp ---------------------------------------------------------------------- diff --git a/src/slave/containerizer/isolators/namespaces/pid.hpp b/src/slave/containerizer/isolators/namespaces/pid.hpp index 6b24e29..9cda3fd 100644 --- a/src/slave/containerizer/isolators/namespaces/pid.hpp +++ b/src/slave/containerizer/isolators/namespaces/pid.hpp @@ -56,6 +56,8 @@ public: virtual ~NamespacesPidIsolatorProcess() {} + virtual process::Future<Option<int>> namespaces(); + virtual process::Future<Nothing> recover( const std::list<mesos::slave::ExecutorRunState>& states, const hashset<ContainerID>& orphans); http://git-wip-us.apache.org/repos/asf/mesos/blob/2143ae03/src/slave/containerizer/isolators/network/port_mapping.cpp ---------------------------------------------------------------------- diff --git a/src/slave/containerizer/isolators/network/port_mapping.cpp b/src/slave/containerizer/isolators/network/port_mapping.cpp index 1eb8173..f8018f2 100644 --- a/src/slave/containerizer/isolators/network/port_mapping.cpp +++ b/src/slave/containerizer/isolators/network/port_mapping.cpp @@ -1633,6 +1633,12 @@ Try<Isolator*> PortMappingIsolatorProcess::create(const Flags& flags) } +process::Future<Option<int>> PortMappingIsolatorProcess::namespaces() +{ + return CLONE_NEWNET; +} + + Future<Nothing> PortMappingIsolatorProcess::recover( const list<ExecutorRunState>& states, const hashset<ContainerID>& orphans) http://git-wip-us.apache.org/repos/asf/mesos/blob/2143ae03/src/slave/containerizer/isolators/network/port_mapping.hpp ---------------------------------------------------------------------- diff --git a/src/slave/containerizer/isolators/network/port_mapping.hpp b/src/slave/containerizer/isolators/network/port_mapping.hpp index 7777ee8..6b5cf62 100644 --- a/src/slave/containerizer/isolators/network/port_mapping.hpp +++ b/src/slave/containerizer/isolators/network/port_mapping.hpp @@ -152,6 +152,8 @@ public: virtual ~PortMappingIsolatorProcess() {} + virtual process::Future<Option<int>> namespaces(); + virtual process::Future<Nothing> recover( const std::list<mesos::slave::ExecutorRunState>& states, const hashset<ContainerID>& orphans);
