[
https://issues.apache.org/jira/browse/MESOS-1895?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14165978#comment-14165978
]
Ian Downes commented on MESOS-1895:
-----------------------------------
I agree that generally everyone running on Linux will want to use the cgroups
isolators but there are a few things to determine:
1. We should verify first that all checks (privilege, cgroups layout, ???) are
robust and present useful information to the user on failure. The Mesos
containerizer with posix is a safe option that should always work so new users
get a slave running easily. This is probably not true for cgroups as the code
stands.
2. I don't think we can make cgroups "default if root else posix" or some other
conditional enable because users may have configured something like non-root
access to their cgroups. The code could be improved to check that it has
sufficient privilege to do what it needs, rather than privilege to do anything.
For upgrading:
cgroups enabled --> cgroups default is ok
posix default --> posix enabled is okay
posix default --> cgroups default will fail to recover. Code would need to be
modified in the launchers and isolators to handle this better. Alternative is
to require a slave drain for this upgrade path.
> Enable cgroups isolation by default
> -----------------------------------
>
> Key: MESOS-1895
> URL: https://issues.apache.org/jira/browse/MESOS-1895
> Project: Mesos
> Issue Type: Improvement
> Components: slave
> Affects Versions: 0.20.1
> Environment: Linux!
> Reporter: Sunil Shah
>
> cgroups isolation is not enabled by default on mesos-slave. For people
> deploying Mesos in a production environment, it makes sense that this would
> default - given the assumption that Mesos uses cgroups to isolate running
> tasks.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
