Haosdent is right that “nsenter” is used by docker users but wanted to add that it is not a docker only command. It is a linux utility that can be used to enter the namespaces of processes using their “procfs” files [1]. Mesos containerizer can be configured to use linux isolators (filesystem for example) which uses namespaces. So these namespaces (say mount namespace) can be then entered using “nsenter”. If i understand what you are trying to achieve, the certificates can be placed into the container by entering the mount namespace of the container process. Mount namespace will give you view of the file system as viewed by the container process.
-Jojy [1] http://man7.org/linux/man-pages/man1/nsenter.1.html <http://man7.org/linux/man-pages/man1/nsenter.1.html> > On Nov 29, 2015, at 4:51 AM, haosdent <[email protected]> wrote: > > If you use Docker container, you could use "nsenter" command > https://docs.docker.com/engine/reference/commandline/exec/ . But because > you use Mesos container, I think in your task, you need send the data to > some store, maybe just print data to task logs or save them in database. So > that we could inspect them outside Mesos container. > > On Sun, Nov 29, 2015 at 8:39 PM, Shuai Lin <[email protected]> wrote: > >> This ticket may be related: >> https://issues.apache.org/jira/browse/MESOS-2724 >> "Support running custom commands on slaves when launching a docker >> container" >> >> On Sun, Nov 29, 2015 at 6:13 PM, Adam Medziński <[email protected]> >> wrote: >> >>> So if I understand all correctly - I can (as Sargun Dhillon suggests) >>> write my own mesos hook and inject data through environment variables, >>> or try to use nsenter if I need something more sophisticated? >>> >>> On 28 November 2015 at 17:23, Jojy Varghese <[email protected]> wrote: >>>> Although its not possible today directly using Mesos, we could always >>> use “nsenter” to enter the container namespace and do things. I haven’t >>> tried it myself but conceptually thats the way to do it. >>>> >>>> -Jojy >>>> >>>> >>>>> On Nov 28, 2015, at 3:30 AM, Sargun Dhillon <[email protected]> wrote: >>>>> >>>>> You can do this using Mesos Modules - Documented here: >>>>> http://mesos.apache.org/documentation/latest/modules/ >>>>> >>>>> I think you're probably looking at writing a hooks module for the >>>>> agent, and taking advantage of the slaveExecutorEnvironmentDecorator >>>>> callback. >>>>> >>>>> On Sat, Nov 28, 2015 at 3:12 AM, tommy xiao <[email protected]> wrote: >>>>>> feel no way, you need some tricks on it. >>>>>> >>>>>> 2015-11-27 19:23 GMT+08:00 Adam Medziński <[email protected] >>> : >>>>>> >>>>>>> It is possible to inject dynamically generated data (for example >>>>>>> certificate generated for task) into mesos container? Data should be >>>>>>> available only to task process. >>>>>>> >>>>>>> -- >>>>>>> Best Regards, >>>>>>> Adam Medziński >>>>>>> >>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Deshi Xiao >>>>>> Twitter: xds2000 >>>>>> E-mail: xiaods(AT)gmail.com >>>> >>> >>> >>> >>> -- >>> Best Regards, >>> Adam Medziński >>> >> > > > > -- > Best Regards, > Haosdent Huang
