Repository: mesos Updated Branches: refs/heads/master c229d1b83 -> d1c549e8c
Fixed health check bug when running agents with `docker_mesos_image`. When running Mesos agents in docker with the `docker_mesos_image` flag, HTTP health check would fail because the `mesos-docker-executor` could not find the pid of the task and don't have permissions to enter the namespaces of the task. This patch updated the options used to run `mesos-docker-executor` in a separate docker container and ensure `mesos-docker-executor` got the appropriate permissions to enter the namespaces of the tasks. Review: https://reviews.apache.org/r/58200/ Project: http://git-wip-us.apache.org/repos/asf/mesos/repo Commit: http://git-wip-us.apache.org/repos/asf/mesos/commit/d1c549e8 Tree: http://git-wip-us.apache.org/repos/asf/mesos/tree/d1c549e8 Diff: http://git-wip-us.apache.org/repos/asf/mesos/diff/d1c549e8 Branch: refs/heads/master Commit: d1c549e8c8c788d5a7bcf4017c107a25ff02f80a Parents: c229d1b Author: Deshi Xiao <[email protected]> Authored: Mon Apr 17 02:00:47 2017 +0800 Committer: Haosdent Huang <[email protected]> Committed: Mon Apr 17 02:22:11 2017 +0800 ---------------------------------------------------------------------- src/slave/containerizer/docker.cpp | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/mesos/blob/d1c549e8/src/slave/containerizer/docker.cpp ---------------------------------------------------------------------- diff --git a/src/slave/containerizer/docker.cpp b/src/slave/containerizer/docker.cpp index ef04a21..060ae1e 100644 --- a/src/slave/containerizer/docker.cpp +++ b/src/slave/containerizer/docker.cpp @@ -358,6 +358,24 @@ DockerContainerizerProcess::Container::create( ContainerInfo::DockerInfo dockerInfo; dockerInfo.set_image(flags.docker_mesos_image.get()); + // `--pid=host` is required for `mesos-docker-executor` to find + // the pid of the task in `/proc` when running + // `mesos-docker-executor` in a separate docker container. + Parameter* pidParameter = dockerInfo.add_parameters(); + pidParameter ->set_key("pid"); + pidParameter->set_value("host"); + + // `--cap-add=SYS_ADMIN` and `--cap-add=SYS_PTRACE` are required + // for `mesos-docker-executor` to enter the namespaces of the task + // during health checking when running `mesos-docker-executor` in a + // separate docker container. + Parameter* capAddParameter = dockerInfo.add_parameters(); + capAddParameter->set_key("cap-add"); + capAddParameter->set_value("SYS_ADMIN"); + capAddParameter = dockerInfo.add_parameters(); + capAddParameter->set_key("cap-add"); + capAddParameter->set_value("SYS_PTRACE"); + newContainerInfo.mutable_docker()->CopyFrom(dockerInfo); // NOTE: We do not set the optional `taskEnvironment` here as
