[
https://issues.apache.org/jira/browse/MESOS-7027?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15854834#comment-15854834
]
Joseph Wu edited comment on MESOS-7027 at 2/7/17 1:20 AM:
----------------------------------------------------------
Reviews (in progress):
| https://reviews.apache.org/r/56339/ | Change tests to account for this case |
| https://reviews.apache.org/r/56340/ | Dis-allow one failure case |
| https://reviews.apache.org/r/56341/ | Change to {{docker/runtime}} for this
case |
was (Author: kaysoky):
Reviews (in progress):
| https://reviews.apache.org/r/56339/ | Change tests to account for this case |
| https://reviews.apache.org/r/56340/ | Dis-allow one failure case |
| https://reviews.apache.org/r/56341/ | Partial fix for this JIRA |
> CommandExecutor ENV overwritten by Docker Image ENV in Unified Containerizer
> ----------------------------------------------------------------------------
>
> Key: MESOS-7027
> URL: https://issues.apache.org/jira/browse/MESOS-7027
> Project: Mesos
> Issue Type: Bug
> Reporter: Kevin Klues
> Assignee: Joseph Wu
> Priority: Critical
> Labels: environment, mesosphere
>
> Using the unified containerizer, if a docker image is provisioned and has
> environment variables set via the ENV directive, those environment variables
> will be inherited by the {{mesos-executor}} process and overwrite similarly
> named environment variables that otherwise would have been inherited from the
> agent.
> This causes problems (for example) in DC/OS when trying to launch tasks based
> off the {{nvidia/cuda}} image. The {{nvidia/cuda}} image explicitly sets
> {{LD_LIBRARY_PATH}} to its own value so that the proper nvidia libraries will
> be available to whatever command is launched inside the container.
> However, DC/OS relies on {{LD_LIBRARY_PATH}} to contain a path to
> {{/opt/mesosphere/lib}} so that all of the mesosphere libraries are available
> to the mesos binaries launched by the agent ({{mesos-containerizer}},
> {{mesos-execute}}, etc.). This is necessary to make sure that any external
> dependencies they might have (e.g. libssl.so) can be resolved at runtime.
> By overwriting the executor's environment with the Docker Image environment,
> {{LD_LIBRARY_PATH}} will not be set properly and {{mesos-execute}} will fail.
> It seems to me, the Docker Image environment should *only* actually overwrite
> the environment of the user process (not its executor). However, this can get
> complicated, because the executor actually is the user process in the case of
> launching a custom executor.
> We need to rethink how the environment is inherited/overwritten through all
> the various processes that get spawned while launching a container as well as
> how to make it work for tasks launched by arbitrary executors.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
