-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/28920/
-----------------------------------------------------------

(Updated Dec. 26, 2014, 9:05 p.m.)


Review request for Aurora, Jay Buffington, Kevin Sweeney, and Bill Farner.


Changes
-------

This should address almost all code review comments.  Some notable 
architectural changes:

* A wrapper script is no longer needed, instead arguments (such as the 
announcer config) can be supplied by the scheduler via 
-thermos_executor_extra_args.  In addition, the task factory will correctly 
configure the command line for the executor inside docker.  There is still a 
small WIP here, although the executor's working directory is now the same 
inside and outside the container, it still believes it's running in 
$MESOS_SANDBOX because of how getcwd() works (it resolves symlinks).
* What was previously cryptically named --execute_as_container is now 
--nosetuid.  This causes the runner to not setuid on launch.  It is intended 
for docker containers but we're already using it outside docker as well.  In 
this case processes will run was whatever the ambient user is (either inside 
the container or outside).
* A flag was added to the scheduler, -allow_docker_mounts, which is an "opt in" 
to allow jobs to bind mount into a docker process.  As was previously 
mentioned, this can compromise security on the host, as any job could bind 
mount any part of the file system into the docker container and gain full 
access.
* The RunnerHeader no longer has/needs host_log_dir and host_sandbox_dir, and 
these are now autodetected if running inside a docker container and correctly 
reported to the observer.
* Support for running a container with no executor has been dropped (for now?). 
 This was because it caused issues with the aurora GC and jobs being lost / 
abandoned because there was no executor to check into the observer.


Bugs: AURORA-633
    https://issues.apache.org/jira/browse/AURORA-633


Repository: aurora


Description
-------

This change adds support for launching docker containers through aurora.  These 
changes are based off of the discussion in 
https://issues.apache.org/jira/browse/AURORA-633

As of now, a special thermos_executor.sh script is needed to launch the 
executor inside docker containers.  A sample script is in examples/jobs/docker, 
as well as an example aurora file.

In addition, mesos-slave must be run with `--containerizers=docker,mesos`, the 
example upstart config in examples/vagrant/upstart has been updated to reflect 
this.

The thermos root path defaults to /var/run/thermos, however if a different path 
is used, it must be passed to the scheduler via `--thermos_observer_root=<some 
path>`


Diffs (updated)
-----

  Vagrantfile f8b7db8eebdc6a10989de3bc9a2c3e89ce17f5fc 
  api/src/main/thrift/org/apache/aurora/gen/api.thrift 
5665c69cd7b49c3fd7345074c9f16a3b224496ab 
  examples/jobs/docker/hello_docker.aurora PRE-CREATION 
  examples/vagrant/aurorabuild.sh 69983d0140b76c6869cd04e55d760f3e3a1e4262 
  examples/vagrant/upstart/mesos-slave.conf 
512ce7ecf34042ed68dda55efb2dd0415f8469db 
  src/main/java/org/apache/aurora/scheduler/app/SchedulerMain.java 
72c7545e7f16549f6a9ccb5fb74a06f154a7ea94 
  src/main/java/org/apache/aurora/scheduler/async/GcExecutorLauncher.java 
5226e3d1b303b1773a057078f2911c5ec2aa97f5 
  src/main/java/org/apache/aurora/scheduler/async/TaskScheduler.java 
ead9d28100673440168a32d114ecaa15874978a6 
  src/main/java/org/apache/aurora/scheduler/base/CommandUtil.java 
d885b224ec5a1d529347d84e03ba98ab6734a126 
  src/main/java/org/apache/aurora/scheduler/mesos/MesosTaskFactory.java 
5bf283062c9d119ff91ed45da8b236e36d0fc9aa 
  src/main/python/apache/aurora/config/thrift.py 
ba94ac3c0cbaf3c91eb1a1d86a244ed6fa3b649c 
  src/main/python/apache/aurora/executor/aurora_executor.py 
636b23d30a897b557eb8c3f8733c90b23cb807ef 
  src/main/python/apache/aurora/executor/bin/thermos_executor_main.py 
9df9b4b79c0c7d29c5088409bf15c0d32a621df0 
  src/main/python/apache/aurora/executor/common/sandbox.py 
f47a32b3fefb4a89940b1ddc473b8316ac00df12 
  src/main/python/apache/aurora/executor/thermos_task_runner.py 
5e4bd65537d186459003c0b9434f1b769e04f448 
  src/main/python/apache/thermos/config/schema_base.py 
f9143cc1b83143d6147f59d90c79435d055d0518 
  src/main/python/apache/thermos/core/runner.py 
8aac6b50c66080abbb5308b367e9f74c487f42e3 
  src/test/java/org/apache/aurora/scheduler/app/SchedulerIT.java 
5e54364a49a208bd5f19b9649633dc8feca591e9 
  src/test/java/org/apache/aurora/scheduler/base/CommandUtilTest.java 
876e173ccbac04e4a06a245648c7c6af15eaaa92 
  src/test/java/org/apache/aurora/scheduler/mesos/MesosTaskFactoryImplTest.java 
ddcb511d108220ab5e4efcf3496458f7ab4a20c2 
  src/test/python/apache/aurora/executor/test_thermos_executor.py 
503e62f4cac872b14f6985b5bccc3e4dfcf81789 

Diff: https://reviews.apache.org/r/28920/diff/


Testing
-------


Thanks,

Steve Niemitz

Reply via email to