Repository: mesos Updated Branches: refs/heads/master 9ff4b5172 -> b416dbe0f
Docker environment gets passed on docker run command. Removes the use of `--env_file` as that does not support newlines in environment variable values. Also avoids leaking of possibly sensitive environment variables to the log. Review: https://reviews.apache.org/r/57846/ Project: http://git-wip-us.apache.org/repos/asf/mesos/repo Commit: http://git-wip-us.apache.org/repos/asf/mesos/commit/b416dbe0 Tree: http://git-wip-us.apache.org/repos/asf/mesos/tree/b416dbe0 Diff: http://git-wip-us.apache.org/repos/asf/mesos/diff/b416dbe0 Branch: refs/heads/master Commit: b416dbe0f092f032edfa89f2f9e9c41239603ec9 Parents: 9ff4b51 Author: Till Toenshoff <[email protected]> Authored: Fri Mar 24 05:46:13 2017 +0100 Committer: Alexander Rukletsov <[email protected]> Committed: Fri Mar 24 05:52:00 2017 +0100 ---------------------------------------------------------------------- src/docker/docker.cpp | 51 +++++----------------------------------------- 1 file changed, 5 insertions(+), 46 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/mesos/blob/b416dbe0/src/docker/docker.cpp ---------------------------------------------------------------------- diff --git a/src/docker/docker.cpp b/src/docker/docker.cpp index 44fbde8..9de19d4 100755 --- a/src/docker/docker.cpp +++ b/src/docker/docker.cpp @@ -805,43 +805,11 @@ Future<Option<int>> Docker::run( argv.push_back(stringify(options.memory->bytes())); } - string environmentVariables; - foreachpair(const string& key, const string& value, options.env) { - environmentVariables += key + "=" + value + "\n"; - } - - Try<string> environmentFile_ = os::mktemp(); - if (environmentFile_.isError()) { - return Failure("Failed to create temporary docker environment " - "file: " + environmentFile_.error()); + argv.push_back("-e"); + argv.push_back(key + "=" + value); } - const string& environmentFile = environmentFile_.get(); - - Try<int_fd> fd = os::open( - environmentFile, - O_WRONLY | O_CREAT | O_TRUNC | O_CLOEXEC, - S_IRUSR | S_IWUSR); - - if (fd.isError()) { - return Failure( - "Failed to open file '" + environmentFile + "': " + fd.error()); - } - - Try<Nothing> write = os::write(fd.get(), environmentVariables); - - os::close(fd.get()); - - if (write.isError()) { - return Failure( - "Failed to write docker environment file to '" + environmentFile + - "': " + write.error()); - } - - argv.push_back("--env-file"); - argv.push_back(environmentFile); - foreach(const string& volume, options.volumes) { argv.push_back("-v"); argv.push_back(volume); @@ -938,7 +906,7 @@ Future<Option<int>> Docker::run( string cmd = strings::join(" ", argv); - LOG(INFO) << "Running " << cmd; + VLOG(1) << "Running " << cmd; Try<Subprocess> s = subprocess( path, @@ -949,19 +917,10 @@ Future<Option<int>> Docker::run( nullptr); if (s.isError()) { - return Failure("Failed to create subprocess '" + cmd + "': " + s.error()); + return Failure("Failed to create subprocess '" + path + "': " + s.error()); } - s->status() - .onDiscard(lambda::bind(&commandDiscarded, s.get(), cmd)) - .onAny([environmentFile]() { - Try<Nothing> rm = os::rm(environmentFile); - - if (rm.isError()) { - LOG(WARNING) << "Failed to remove temporary docker environment file " - << "'" << environmentFile << "': " << rm.error(); - } - }); + s->status().onDiscard(lambda::bind(&commandDiscarded, s.get(), cmd)); // Ideally we could capture the stderr when docker itself fails, // however due to the stderr redirection used here we cannot.
