Repository: mesos Updated Branches: refs/heads/1.2.x 78cf56e9e -> 6855b50a4
Fixed health check bug when running agents with `docker_mesos_image`. When running Mesos agents in docker with the `docker_mesos_image` flag, HTTP health check would fail because the `mesos-docker-executor` could not find the pid of the task and don't have permissions to enter the namespaces of the task. This patch updated the options used to run `mesos-docker-executor` in a separate docker container and ensure `mesos-docker-executor` got the appropriate permissions to enter the namespaces of the tasks. Review: https://reviews.apache.org/r/58200/ Project: http://git-wip-us.apache.org/repos/asf/mesos/repo Commit: http://git-wip-us.apache.org/repos/asf/mesos/commit/0ea4e632 Tree: http://git-wip-us.apache.org/repos/asf/mesos/tree/0ea4e632 Diff: http://git-wip-us.apache.org/repos/asf/mesos/diff/0ea4e632 Branch: refs/heads/1.2.x Commit: 0ea4e632246405561af832b04ed59e2c1e2343e2 Parents: 78cf56e Author: Deshi Xiao <[email protected]> Authored: Mon Apr 17 02:00:47 2017 +0800 Committer: Haosdent Huang <[email protected]> Committed: Tue Apr 18 10:28:58 2017 +0800 ---------------------------------------------------------------------- src/slave/containerizer/docker.cpp | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/mesos/blob/0ea4e632/src/slave/containerizer/docker.cpp ---------------------------------------------------------------------- diff --git a/src/slave/containerizer/docker.cpp b/src/slave/containerizer/docker.cpp index 029df97..ff7ab9b 100644 --- a/src/slave/containerizer/docker.cpp +++ b/src/slave/containerizer/docker.cpp @@ -353,6 +353,24 @@ DockerContainerizerProcess::Container::create( ContainerInfo::DockerInfo dockerInfo; dockerInfo.set_image(flags.docker_mesos_image.get()); + // `--pid=host` is required for `mesos-docker-executor` to find + // the pid of the task in `/proc` when running + // `mesos-docker-executor` in a separate docker container. + Parameter* pidParameter = dockerInfo.add_parameters(); + pidParameter ->set_key("pid"); + pidParameter->set_value("host"); + + // `--cap-add=SYS_ADMIN` and `--cap-add=SYS_PTRACE` are required + // for `mesos-docker-executor` to enter the namespaces of the task + // during health checking when running `mesos-docker-executor` in a + // separate docker container. + Parameter* capAddParameter = dockerInfo.add_parameters(); + capAddParameter->set_key("cap-add"); + capAddParameter->set_value("SYS_ADMIN"); + capAddParameter = dockerInfo.add_parameters(); + capAddParameter->set_key("cap-add"); + capAddParameter->set_value("SYS_PTRACE"); + newContainerInfo.mutable_docker()->CopyFrom(dockerInfo); // NOTE: We do not set the optional `taskEnvironment` here as
