[
https://issues.apache.org/jira/browse/MESOS-1574?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14061243#comment-14061243
]
Ian Downes commented on MESOS-1574:
-----------------------------------
ip_local_port_range sets the range for local ports when opening outgoing
connections; it does not restrict processes from binding to ports inside that
range.
[~jaybuff] are you using a cgroups isolator? If so, you can check if the
process' cgroup is managed by mesos, implying it's a descendent of a terminated
mesos-slave:
$ cat /proc/$pid/cgroup
4:memory:/sys/fs/cgroup/memory/mesos/XXX
3:freezer:/sys/fs/cgroup/freezer/mesos/XXX
2:cpuacct:/sys/fs/cgroup/cpuacct/mesos/XXX
1:cpu:/sys/fs/cgroup/cpu/mesos/XXX
> what to do when a rogue process binds to a port mesos didn't allocate to it?
> ----------------------------------------------------------------------------
>
> Key: MESOS-1574
> URL: https://issues.apache.org/jira/browse/MESOS-1574
> Project: Mesos
> Issue Type: Improvement
> Components: allocation, isolation
> Reporter: Jay Buffington
> Priority: Minor
>
> I recently had an issue where a slave had a process who's parent was init
> that was bound to a port in the range that mesos thought was a free resource.
> I'm not sure if this is due to a bug in mesos (it lost track of this process
> during an upgrade?) or if there was a bad user who started a process on the
> host manually outside of mesos. The process is over a month old and I have
> no history in mesos to ask it if/when it launched the task :(
> If a rogue process binds to a port that mesos-slave has offered to the master
> as an available resource there should be some sort of reckoning. Mesos could:
> * kill the rogue process
> * rescind the offer for that port
> * have an api that can be plugged into a monitoring system to alert humans
> of this inconsistency
--
This message was sent by Atlassian JIRA
(v6.2#6252)
