[
https://issues.apache.org/jira/browse/MESOS-9125?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16568923#comment-16568923
]
Greg Mann commented on MESOS-9125:
----------------------------------
Backports:
1.6.x:
{code}
commit 2119fd15eda6d35bc2c50410771072156bf92b76
Author: Greg Mann <[email protected]>
Date: Fri Aug 3 13:41:33 2018 -0700
Added missing iptables argument in CNI port mapper.
Previously, the CNI port mapper was using the `-w` option in all
invocations of `iptables` except one. This option ensures that if
an application is currently holding the xtables lock, then `iptables`
will wait for the lock to be released and then continue execution.
Without setting the `-w` option, `iptables` will fail immediately if
the lock is currently held.
This patch adds the missing `-w` option to the port mapper code.
Review: https://reviews.apache.org/r/68152/
{code}
1.5.x:
{code}
commit 5510d85998e302880f92401fdb0467d10712e963
Author: Greg Mann <[email protected]>
Date: Fri Aug 3 13:41:33 2018 -0700
Added missing iptables argument in CNI port mapper.
Previously, the CNI port mapper was using the `-w` option in all
invocations of `iptables` except one. This option ensures that if
an application is currently holding the xtables lock, then `iptables`
will wait for the lock to be released and then continue execution.
Without setting the `-w` option, `iptables` will fail immediately if
the lock is currently held.
This patch adds the missing `-w` option to the port mapper code.
Review: https://reviews.apache.org/r/68152/
{code}
1.4.x:
{code}
commit 2110c85b2d0657267c901193f404743dcdc6cbc1
Author: Greg Mann <[email protected]>
Date: Fri Aug 3 13:41:33 2018 -0700
Added missing iptables argument in CNI port mapper.
Previously, the CNI port mapper was using the `-w` option in all
invocations of `iptables` except one. This option ensures that if
an application is currently holding the xtables lock, then `iptables`
will wait for the lock to be released and then continue execution.
Without setting the `-w` option, `iptables` will fail immediately if
the lock is currently held.
This patch adds the missing `-w` option to the port mapper code.
Review: https://reviews.apache.org/r/68152/
{code}
> Port mapper CNI plugin might fail with "Resource temporarily unavailable"
> -------------------------------------------------------------------------
>
> Key: MESOS-9125
> URL: https://issues.apache.org/jira/browse/MESOS-9125
> Project: Mesos
> Issue Type: Bug
> Components: network
> Affects Versions: 1.4.1, 1.5.1, 1.6.1
> Reporter: Jie Yu
> Assignee: Greg Mann
> Priority: Major
> Labels: mesosphere
> Fix For: 1.5.2, 1.7.0, 1.6.2
>
>
> https://github.com/apache/mesos/blob/master/src/slave/containerizer/mesos/isolators/network/cni/plugins/port_mapper/port_mapper.cpp#L345
> Looks like we're missing a `-w` for the iptable command. This will lead to
> issues like
> {noformat}
> The CNI plugin
> '/opt/mesosphere/active/mesos/libexec/mesos/mesos-cni-port-mapper' failed to
> attach container a710dc89-7b22-493b-b8bb-fb80a99d5321 to CNI network
> 'mesos-bridge': stdout='{"cniVersion":"0.3.0","code":103,"msg":"Failed to add
> DNAT rule with tag: Resource temporarily unavailable"}
> {noformat}
> This becomes more likely if there are many concurrent launches of Mesos
> contianers that uses port mapper on the box.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
