Windows: Tied task lifetimes to executors.

To enable recovery of checkpointed tasks, the agent must be able to die
without also killing the executors and tasks, thus we cannot set the
"job object kill on close" limit unconditionally. However, the executors
must still be able to kill their tasks when they die, so we explicitly
enable this limit through a parent hook when launching the container for
the task. In this way, the agent can be restarted (e.g. for an upgrade)
without killing the executors, but the executors are still capable of
killing their tasks on catastrophic death.



Branch: refs/heads/master
Commit: 42d57869b46fe2333fb3c0ac43572c95d0ac577c
Parents: 65df55a
Author: Andrew Schwartzmeyer <>
Authored: Wed Jan 17 13:45:03 2018 -0800
Committer: Andrew Schwartzmeyer <>
Committed: Fri Feb 9 11:55:15 2018 -0800

 src/launcher/executor.cpp | 8 ++++++++
 1 file changed, 8 insertions(+)
diff --git a/src/launcher/executor.cpp b/src/launcher/executor.cpp
index 050f5a0..164ecc7 100644
--- a/src/launcher/executor.cpp
+++ b/src/launcher/executor.cpp
@@ -62,6 +62,9 @@
 #include <stout/os/environment.hpp>
 #include <stout/os/kill.hpp>
 #include <stout/os/killtree.hpp>
+#ifdef __WINDOWS__
+#include <stout/windows/os.hpp>
+#endif // __WINDOWS__
 #include "checks/checker.hpp"
 #include "checks/health_checker.hpp"
@@ -485,6 +488,11 @@ protected:
     vector<process::Subprocess::ParentHook> parentHooks;
 #ifdef __WINDOWS__
+    // Setting the "kill on close" job object limit ties the lifetime of the
+    // task to that of the executor. This ensures that if the executor exits,
+    // its task exits too.
+    parentHooks.emplace_back(Subprocess::ParentHook(
+        [](pid_t pid) { return os::set_job_kill_on_close_limit(pid); }));
 #endif // __WINDOWS__
     Try<Subprocess> s = subprocess(

Reply via email to