----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/46835/#review131153 -----------------------------------------------------------
I've hung back from a detailed review base on Maxim's comment. It may be that we need a bridge from old docker support to new unified container support that uses old(current)-style embedding of thermos in the image, but I'd like to hear that is definitely the case before repeating this tactic. RELEASE-NOTES.md (line 18) <https://reviews.apache.org/r/46835/#comment195084> Can you just say that Aurora requires Mesos 0.28.0+ to use this feature? src/main/python/apache/aurora/config/schema/base.py (line 172) <https://reviews.apache.org/r/46835/#comment195249> The MesosJob is trending more and more towards a c-style union, different parts of the config are active depending on the setup and its not clear which except by reading docs carefully. I put some effort towards supporting nicer pystachio evolution in an experiment documented in [this review feedback](https://reviews.apache.org/r/44745/) and there is a [new release](https://github.com/wickman/pystachio/releases) not used by Aurora yet that supports Choice fields. It seems like work along these lines would be useful to stop the bleeding in general. I'm not sure if that should of work should be coupled to this review though. - John Sirois On April 29, 2016, 10:22 a.m., Joshua Cohen wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/46835/ > ----------------------------------------------------------- > > (Updated April 29, 2016, 10:22 a.m.) > > > Review request for Aurora, John Sirois, Maxim Khutornenko, and Bill Farner. > > > Bugs: AURORA-1636, AURORA-1637, AURORA-1638, and AURORA-1639 > https://issues.apache.org/jira/browse/AURORA-1636 > https://issues.apache.org/jira/browse/AURORA-1637 > https://issues.apache.org/jira/browse/AURORA-1638 > https://issues.apache.org/jira/browse/AURORA-1639 > > > Repository: aurora > > > Description > ------- > > A few notes: > > 1. It's not possible to configure Mesos 0.27.x to launch docker tasks due to > a bug in parsing the docker_store_dir flag. Fixed here: > https://reviews.apache.org/r/43451/ but has not been backported to Mesos > 0.27. This means we can only launch tasks that use AppC images until we > upgrade our Mesos dependency to 0.28.x. The good news is I've confirmed that > launching tasks with Docker images *does* work by using Aurora linked against > 0.27.x but running Mesos 0.28.x in Vagrant. > 1. In order to work around the setuid issues (i.e. task is launched as root, > but the executor cannot setuid because the role-user does not exist), I've > mounted /etc/passwd and /etc/group into the container and added a new flag, > `thermos_run_as_job_role`, to the scheduler. This flag is only used when > launching a task with a filesystem image, and causes us to add > `--execute-as-user <role from job key>` to the thermos executor commandline. > 1. The Mesos unified containerizer does not automatically create mount points > in the filesystem from the image. It expects the full path to the mount to > exist in the image. For /etc/passwd and /etc/groups this is not a problem, > but for the announcer acls file it was. I ended up moving the announcer acl > file into its own directory and mount that instead. In conjunction with this > I also had to modify our http_example Dockerfile to explicitly create that > mount point. A case could be made for sticking with the current path and just > creating an empty file in the image, I felt that creating an empty directory > was slightly less gross. This is tracked by > https://issues.apache.org/jira/browse/MESOS-5229. > 1. The AppC image for end to end tests is created by running > [docker2aci](https://github.com/appc/docker2aci) on our http_example docker > image. The base box needed to be upgraded to add this utility. I haven't > published the new base box yet even though I've updated the Vagrantfile to > point to version 6. Once this review has been approved and I'm sure there's > no further changes that need to be made I'll publish the base box before > committing. > > > Diffs > ----- > > RELEASE-NOTES.md 7a37d0d69f688bece624628fe5b98efc85d506a2 > Vagrantfile 3f126ee348d0f95d6f159b62280de79f41e87e2e > build-support/packer/build.sh 76197c31c365aa3d8a67049da40b2976c1e25d22 > docs/reference/configuration.md 9fcfdfcd9ab793e888ca2bba2035d5122142a5ab > docs/reference/scheduler-configuration.md > d2262f79edfde23eccd87bae7f1cf319b63b1103 > examples/vagrant/announcer-auth.json > examples/vagrant/mesos_config/etc_mesos-slave/appc_store_dir PRE-CREATION > examples/vagrant/mesos_config/etc_mesos-slave/image_providers PRE-CREATION > examples/vagrant/mesos_config/etc_mesos-slave/image_provisioner_backend > PRE-CREATION > examples/vagrant/mesos_config/etc_mesos-slave/isolation PRE-CREATION > examples/vagrant/upstart/aurora-scheduler.conf > 084016abc169ed82b7ed00f5d14aea2e0ff38a49 > > src/main/java/org/apache/aurora/scheduler/configuration/executor/ExecutorModule.java > 32f2fa90b21189180e2bcd65a3cebf13f6551646 > > src/main/java/org/apache/aurora/scheduler/configuration/executor/ExecutorSettings.java > 501e6431f21822d9816952377546586da02ce42a > src/main/java/org/apache/aurora/scheduler/mesos/MesosTaskFactory.java > b325106c7f45b1ad1657221aaa39e3a428719ab0 > src/main/java/org/apache/aurora/scheduler/mesos/TestExecutorSettings.java > 9aadcebf547bd1eb4b4e238507e27ae2b699f473 > src/main/python/apache/aurora/config/schema/base.py > 00be8747d70dbf1cb370f09536588f8602d8fcce > src/main/python/apache/aurora/config/thrift.py > 928ca9313b2c2062a322ba80b504a09c55e5377f > src/main/python/apache/aurora/executor/common/sandbox.py > 36f1eabedc3ae47b23d9ab2ac0ab7a576ea36fd7 > > src/test/java/org/apache/aurora/scheduler/mesos/MesosTaskFactoryImplTest.java > bf18d5d53f7eda62120299146a956fa0a0985f71 > src/test/python/apache/aurora/config/test_thrift.py > 7a076f0350ab2967abc6b8b7a2e5da0817926a56 > src/test/python/apache/aurora/executor/common/test_sandbox.py > bd402fc03c7790eab0198dd48414ad4de138e195 > src/test/sh/org/apache/aurora/e2e/Dockerfile > b2557b5a20cc369e31bd10ea92462bdb1879add7 > src/test/sh/org/apache/aurora/e2e/http/http_example.aurora > 2813b6c79e4d44007dde79a10e2c7c9e9c1cecd9 > src/test/sh/org/apache/aurora/e2e/http/http_example_bad_healthcheck.aurora > 0534c9e589d10c53b834850477f95ad15b50010e > src/test/sh/org/apache/aurora/e2e/http/http_example_updated.aurora > b33e8f5cd95ce25ba0dc4c08da32783cecf1c44d > src/test/sh/org/apache/aurora/e2e/test_end_to_end.sh > eee6b4c62130567ecd5c32603feae88fce1c13a8 > > Diff: https://reviews.apache.org/r/46835/diff/ > > > Testing > ------- > > ./gradlew build -Pq > e2e tests with new base box. > > > Thanks, > > Joshua Cohen > >
