Repository: mesos Updated Branches: refs/heads/1.1.x 85e2da519 -> ea5056aaa
Fixed health check bug when running agents with `docker_mesos_image`. When running Mesos agents in docker with the `docker_mesos_image` flag, HTTP health check would fail because the `mesos-docker-executor` could not find the pid of the task and don't have permissions to enter the namespaces of the task. This patch updated the options used to run `mesos-docker-executor` in a separate docker container and ensure `mesos-docker-executor` got the appropriate permissions to enter the namespaces of the tasks. Review: https://reviews.apache.org/r/58200/ Project: http://git-wip-us.apache.org/repos/asf/mesos/repo Commit: http://git-wip-us.apache.org/repos/asf/mesos/commit/c32bd1ce Tree: http://git-wip-us.apache.org/repos/asf/mesos/tree/c32bd1ce Diff: http://git-wip-us.apache.org/repos/asf/mesos/diff/c32bd1ce Branch: refs/heads/1.1.x Commit: c32bd1ce77b2c04568b7bc8e1d0462c3a28efba5 Parents: 85e2da5 Author: Deshi Xiao <xia...@gmail.com> Authored: Mon Apr 17 02:00:47 2017 +0800 Committer: Haosdent Huang <haosd...@apache.org> Committed: Tue Apr 18 10:23:54 2017 +0800 ---------------------------------------------------------------------- src/slave/containerizer/docker.cpp | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/mesos/blob/c32bd1ce/src/slave/containerizer/docker.cpp ---------------------------------------------------------------------- diff --git a/src/slave/containerizer/docker.cpp b/src/slave/containerizer/docker.cpp index 750f1b6..33b8f67 100644 --- a/src/slave/containerizer/docker.cpp +++ b/src/slave/containerizer/docker.cpp @@ -328,6 +328,24 @@ DockerContainerizerProcess::Container::create( ContainerInfo::DockerInfo dockerInfo; dockerInfo.set_image(flags.docker_mesos_image.get()); + // `--pid=host` is required for `mesos-docker-executor` to find + // the pid of the task in `/proc` when running + // `mesos-docker-executor` in a separate docker container. + Parameter* pidParameter = dockerInfo.add_parameters(); + pidParameter ->set_key("pid"); + pidParameter->set_value("host"); + + // `--cap-add=SYS_ADMIN` and `--cap-add=SYS_PTRACE` are required + // for `mesos-docker-executor` to enter the namespaces of the task + // during health checking when running `mesos-docker-executor` in a + // separate docker container. + Parameter* capAddParameter = dockerInfo.add_parameters(); + capAddParameter->set_key("cap-add"); + capAddParameter->set_value("SYS_ADMIN"); + capAddParameter = dockerInfo.add_parameters(); + capAddParameter->set_key("cap-add"); + capAddParameter->set_value("SYS_PTRACE"); + newContainerInfo.mutable_docker()->CopyFrom(dockerInfo); // NOTE: We do not set the optional `taskEnvironment` here as