> On Sept. 19, 2016, 11:43 p.m., Jie Yu wrote: > > src/slave/containerizer/mesos/isolators/network/cni/cni.cpp, line 607 > > <https://reviews.apache.org/r/51857/diff/4/?file=1500782#file1500782line607> > > > > Why we need to do that? If we copy containerNetworks, that means > > 'isolate' will try to create containerDir? I think we should ignore > > contaienrNetworks for nested containers, and only record 'rootfs' (similar > > to the containers that want to join host network, but have rootfs defined)
If you look at the code below we handle container's joinging the host network vs container's joining a new network namespace differently, based on whether the contianerNetworks is empty or not. I wanted to keep the logic the same for child containers in pods. As far as isolate is concerned we do an indireciton to __isolate in isolate based on whether the container has a rootfs and joins the host network. We do a similar indirection in a separate patch for isolate for child containers. > On Sept. 19, 2016, 11:43 p.m., Jie Yu wrote: > > src/slave/containerizer/mesos/isolators/network/cni/cni.cpp, lines 600-604 > > <https://reviews.apache.org/r/51857/diff/4/?file=1500782#file1500782line600> > > > > Hum, why this change? What if i just want to launch a command without > > extra container info? I was under the impressesion child container's always need to have the container_info set? If it does not have contianer_info set, does it mean it just shares the paren't network namespace? > On Sept. 19, 2016, 11:43 p.m., Jie Yu wrote: > > src/slave/containerizer/mesos/isolators/network/cni/cni.cpp, lines 666-668 > > <https://reviews.apache.org/r/51857/diff/4/?file=1500782#file1500782line666> > > > > Do we need a new mount namespace if i just want execute some command on > > the host mount table without a rootfs? This code is part of the else block, which means that the container is joining a non-host network, implying that it needs its own mount namespace, since the network files will be different than the host network files? This is a child container, so it doesn't need a new NETNS or UTS namespace but it will require a new MNT namespace. - Avinash ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/51857/#review149563 ----------------------------------------------------------- On Sept. 16, 2016, 11 p.m., Avinash sridharan wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/51857/ > ----------------------------------------------------------- > > (Updated Sept. 16, 2016, 11 p.m.) > > > Review request for Gilbert Song, Jie Yu, Joseph Wu, and Qian Zhang. > > > Bugs: MESOS-6156 > https://issues.apache.org/jira/browse/MESOS-6156 > > > Repository: mesos > > > Description > ------- > > Modified the `prepare` method to be aware of nested containers. > > > Diffs > ----- > > src/slave/containerizer/mesos/isolators/network/cni/cni.cpp > 822f11eab5b00c014563322a8c3b2c14cb440e0b > > Diff: https://reviews.apache.org/r/51857/diff/ > > > Testing > ------- > > make > make check > and > sudo ./bin/mesos-tests.sh > > The only tests that failed were the SUDO make check tests: > [ FAILED ] 3 tests, listed below: > [ FAILED ] CgroupsAnyHierarchyWithCpuMemoryTest.ROOT_CGROUPS_Listen > [ FAILED ] CgroupsAnyHierarchyMemoryPressureTest.ROOT_IncreaseRSS > [ FAILED ] LinuxFilesystemIsolatorTest.ROOT_RecoverOrphanedPersistentVolume > > > Thanks, > > Avinash sridharan > >
