> On Aug. 12, 2015, 6:13 p.m., Timothy Chen wrote:
> > src/slave/flags.cpp, line 391
> > <https://reviews.apache.org/r/37114/diff/2/?file=1034775#file1034775line391>
> >
> >     This will cause problem in the docker containerizer since we also try 
> > to mount in the socket when we launch executors in a image, as I don't 
> > think docker run -v takes a host volume with unix:///
> 
> Vaibhav Khanduja wrote:
>     run would bind mount the path inside the container and would not like 
> unix:: in the volume path ...
>     
>     From man pages of docker 
>     
>     -H, --host=[unix:///var/run/docker.sock]: tcp://[host:port] to bind or 
> unix://[/path/to/socket] to use.
>              The socket(s) to bind to in daemon mode specified using one or 
> more
>              tcp://host:port, unix:///path/to/socket, fd://* or fd://socketfd.
>              
>     which means either
>     
>     a) in src/docker.cpp, we bring a check, which looks for prefix fd or tcp 
> or unix, if nothing we add unix:/// to it
>     or 
>     b) the code which in run docker, wipes off prefix from the path 
>     
>     even though slave may not connect with docker daemon running a different 
> host, it might have to connect with docker daemon running a tcp port on the 
> same host.
>     
>     Kindly suggest?

To me I think it's safer to not even allow a prefix, and just assume it's a 
path to the UNIX socket as it's already mentioned in the flag help text.
And when we want to use a -H flag we just add unix:/// to it.

Reason being that the logic of talking to another docker daemon when running a 
docker executor in a docker container is different now when it comes to tcp://, 
so we definitely want to make sure that whole logic is hanlded before we move 
to that.

Another reason is that right now Mesos is working around Docker by updating the 
cgroup limits dynamically, and we can only do this if we're in the same host 
and in the same pid namespace, therefore when we allow tcp:/// it also suggests 
we can talk to another host which is not possible yet.


- Timothy


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/37114/#review95137
-----------------------------------------------------------


On Aug. 7, 2015, 9:19 p.m., Vaibhav Khanduja wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/37114/
> -----------------------------------------------------------
> 
> (Updated Aug. 7, 2015, 9:19 p.m.)
> 
> 
> Review request for mesos, Benjamin Hindman, Ben Mahler, Timothy Chen, and 
> Vinod Kone.
> 
> 
> Bugs: MESOS-3187
>     https://issues.apache.org/jira/browse/MESOS-3187
> 
> 
> Repository: mesos
> 
> 
> Description
> -------
> 
> MESOS-3187, support docker host command line option.
> 
> Docker daemon supports starting on a non-default port. Such scenarios would 
> needed when starting Docker daemon on TCP or non-default unix port. Mesos 
> slave does not work if Docker daemon is started on any of such non-default 
> port. The code change is needed in Mesos slave to accept this parameter so as 
> connect for its operations to the right Docker daemon. The change is made in 
> Mesos slave, so as it is available to any framework making using Docker 
> executor. 
> 
> The code is added to start slave binary with --docker_host, instructing it to 
> connect on port as specified in the parameter. The default value of 
> --default_host is "unix:///var/run/docker.sock, which is default port for 
> Docker daemon.
> 
> The main class src/docker.cpp/.hpp is kept backward compartible to make 
> Docker cli execute on default Docker port.
> 
> 
> Diffs
> -----
> 
>   src/docker/docker.hpp 38e5299ad38b9e20501387f2193b0fa448e49e3e 
>   src/docker/docker.cpp 1367de8a7bbbda6348a30e4ef4c616378e450250 
>   src/docker/executor.hpp fa13b6e9905051eef27d3a51b75a5c86fdad0dd7 
>   src/docker/executor.cpp 256d53d59d5cda63bbeb8c987ce0019e24b9fb77 
>   src/slave/containerizer/docker.cpp 8f5d302477b216df9ac2f59156304bbc4a96f24b 
>   src/slave/flags.cpp 82b6cf47af26f0533ff603a67240777e9a9b986e 
>   src/tests/containerizer/docker_containerizer_tests.cpp 
> 80ed60e2b0fa39e8302867a7cb6a7388c25f9a40 
>   src/tests/containerizer/docker_tests.cpp 
> a4a2725c05ae0cb88426c587f7ded0da77154edc 
>   src/tests/environment.cpp 525347090f38b61f2085a2b2a6002d28d11b222f 
>   src/tests/flags.hpp 364495695c5915e54257014aeebb1e212d3da6fc 
> 
> Diff: https://reviews.apache.org/r/37114/diff/
> 
> 
> Testing
> -------
> 
> Following scenarios were executed to test the code changes. Kindly suggest if 
> more test-cases are required:
> 
> 
> a) Mesos slave with unix port : unix:///var/run/docker_myport.sock
>  
>    i) Start slave with --docker_host parameter 
> "unix:///var/run/docker_myport.sock
>    ii) Using a framework, in my case Marathon, post a Docker job
>    iii) The docker job does get started on the slave, confirmed with docker 
> ps command output 
>    
> docker -H unix:///var/run/docker_myport.sock ps
> 
> CONTAINER ID        IMAGE               COMMAND                CREATED        
>      STATUS              PORTS               NAMES
> 07fc4ec86bac        mygoserver          "/bin/sh -c /mygoser   19 minutes ago 
>      Up 19 minutes       */tcp, */udp        
> mesos-20150731-104052-1051068938-5050-7913-S33.17b355cd-2754-4fb2-a558-66820dff033c
> 
>     iv) Stop or destroy the job from Marathon GUI
>     
> b) Two mesos slave with non-default docker port
>     i) On two different hosts, start slave, with one running on default port 
> and other non-default. The start slaves with attributes - default and or 
> non-default.
>     ii) Give jobs to these slaves, using Marathon UNIQUE attribute, selecting 
> slave - non-default & default
>     iii) Stop/destroy the jobs
>     
> d) Modified unit test-case taking docker port value - make check
> 
> 
> Thanks,
> 
> Vaibhav Khanduja
> 
>

Reply via email to