> On Oct. 18, 2016, 11:59 p.m., Joshua Cohen wrote: > > src/main/python/apache/aurora/executor/common/sandbox.py, lines 308-313 > > <https://reviews.apache.org/r/53003/diff/2/?file=1541037#file1541037line308> > > > > Is this always necessary, or only necessary when filesystem isolation > > is used in conjunction with the network/cni isolator? If the latter, does > > it make more sense to just configure these as global mounts via the > > scheduler's `-global_container_mounts` command line flag, rather than doing > > this for everyone where it may not be necessary/desirable? > > > > Alternately, I'm not super familiar w/ CNI, but is it possible to infer > > from the TaskInfo whether CNI is enabled (e.g. is NetworkInfo set > > somewhere)? > > Justin Pinkul wrote: > This is always nessisary when using a Docker image with the Mesos > containierizer. The reason I brought up the network/cni isolator is that when > you are running with a Docker image set as the rootfs this isolator will copy > these files in, even if no CNI networks are defined. Since the current > Thermos executor is using a volume instead of a rootfs this logic is > completely bypassed. It makes sense for this change to be in the executor > since it is required for DNS to function properly. > > Pod support can be used as a longer term fix. This will allow us to set > the rootfs for processes and the ownership of this logic can return to Mesos. > > Joshua Cohen wrote: > Gotcha, thanks for clarifying. Given the above, does it make sense to > only do this when the container is being launched with a Docker image? > > Justin Pinkul wrote: > Definitely, I placed the code in `FileSystemImageSandbox` which I believe > is only used when using a Docker image with the Mesos containierizer.
`FileSystemImageSandbox` is used for a task launched with any filesystem image, not just a docker image. I.e. it's also currently applicable to AppC images, and will be applicable to OCI images when they land as well. - Joshua ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/53003/#review153217 ----------------------------------------------------------- On Oct. 18, 2016, 11:41 p.m., Justin Pinkul wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/53003/ > ----------------------------------------------------------- > > (Updated Oct. 18, 2016, 11:41 p.m.) > > > Review request for Aurora, Joshua Cohen and Zameer Manji. > > > Bugs: AURORA-1798 > https://issues.apache.org/jira/browse/AURORA-1798 > > > Repository: aurora > > > Description > ------- > > The networking files /etc/resolv.conf, /etc/hosts and /etc/hostname are now > copied into the taskfs when using the Mesos containierizer with a Docker > image. > > > Diffs > ----- > > src/main/python/apache/aurora/executor/common/sandbox.py > 4a0f3b5094940cc3dad34689a0b004fb33b348a0 > src/test/python/apache/aurora/executor/common/test_sandbox.py > 41ee884a309e8cc8fedecf19cab2fbc397fcf1dc > > Diff: https://reviews.apache.org/r/53003/diff/ > > > Testing > ------- > > Ran unit tests and launched a simple ping Aurora job with and without the > change. > > > Thanks, > > Justin Pinkul > >
