[jira] [Commented] (MESOS-3836) `--executor-environment-variables` may not apply to docker containers

Sun, 08 Nov 2015 23:07:51 -0800 

    [ 
https://issues.apache.org/jira/browse/MESOS-3836?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14996140#comment-14996140
 ] 

Cody Maloney commented on MESOS-3836:
-------------------------------------

Any solution which comes up here is going to land (at the soonest) in Mesos 
0.27. That would likely mean not the next DCOS, but the one after, so this is 
all about mid term planning at this point.

When I say fully containerized I mean every executor should adhere to the same 
isolators that tasks do. A framework shouldn't be able to write a custom 
executor which uses more than its share of a CPU when cpu isolation is enabled. 
Or more of it's disk than it's disk quota allows / the framework has accepted 
offers on the host for.

> `--executor-environment-variables` may not apply to docker containers
> ---------------------------------------------------------------------
>
>                 Key: MESOS-3836
>                 URL: https://issues.apache.org/jira/browse/MESOS-3836
>             Project: Mesos
>          Issue Type: Bug
>          Components: containerization, slave
>    Affects Versions: 0.25.0
>         Environment: Mesos 0.25.0 configured with 
> --executor-environment-variables
>            Reporter: Cody Maloney
>            Assignee: Marco Massenzio
>            Priority: Minor
>              Labels: mesosphere
>
> In our use case we set {{PATH}} as part of the 
> {{\-\-executor_environment_variables}} in order to limit what binaries all 
> tasks which are launched via Mesos have readily available to them, making it 
> much harder for people launching tasks on mesos to accidentally depend on 
> something which isn't part of the "guaranteed" environment / platform.
> Docker containers can be used as executors, and have a fully isolated 
> filesystem. For executors which run in docker containers setting {{PATH}}  to 
> our path on the host filesystem may potentially break the docker container.
> The previous code of only copying across environment variables when 
> {{includeOsEnvironment}} is set dealt with this 
> (https://github.com/apache/mesos/blob/56510afe149758a69a5a714dfaab16111dd0d9c3/src/slave/containerizer/containerizer.cpp#L267)
> if {{includeOsEnvironment}} is set than we should copy across the current 
> {{\-\-executor_environment_variables}}. If it isn't, then 
> {{\-\-executor_environment_variables}} shouldn't be used at all.
> Another option which could be useful is to make it so that there are two sets 
> of "Executor Environment Variables". One for when {{includeOsEnvironment}} is 
> set, and one for when it is not.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to