----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/58200/#review171402 -----------------------------------------------------------
src/slave/containerizer/docker.cpp Lines 366 (patched) <https://reviews.apache.org/r/58200/#comment244303> I think it is fine to use priviliged to lauch mesos-executor. But after discussed with @xiaods, let me find if we could avoid to use privileged via --cap-add. - haosdent huang On April 8, 2017, 11:12 a.m., Deshi Xiao wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/58200/ > ----------------------------------------------------------- > > (Updated April 8, 2017, 11:12 a.m.) > > > Review request for mesos, Alexander Rukletsov and haosdent huang. > > > Bugs: MESOS-7210 > https://issues.apache.org/jira/browse/MESOS-7210 > > > Repository: mesos > > > Description > ------- > > Becuase MESOS HTTP checks doesn't work when mesos runs with > --docker_mesos_image ( pid namespace mismatch ).So let docker > executor run with container add host pid mapping(--pid=host) > > > Diffs > ----- > > src/slave/containerizer/docker.cpp be1a298b12374bced44e2467cb7e90a1599abb8f > > > Diff: https://reviews.apache.org/r/58200/diff/3/ > > > Testing > ------- > > 1. Build the image with latest code. Let's name the image with `mesos-build` > here. > > 2. Launch mesos master. > > ``` > $ docker run \ > -it \ > --pid host \ > --net host \ > --privileged \ > -v /var/run/docker.sock:/var/run/docker.sock \ > -v /sys/fs/cgroup:/sys/fs/cgroup \ > mesos-build \ > mesos-master \ > --hostname=127.0.0.1 \ > --ip=127.0.0.1 \ > --port=5050 \ > --work_dir=/tmp/mesos > ``` > > 3. Launch mesos agent. > > ``` > $ docker run \ > -it \ > --pid host \ > --net host \ > --privileged \ > -v /var/run/docker.sock:/var/run/docker.sock \ > -v /sys/fs/cgroup:/sys/fs/cgroup \ > mesos-build \ > mesos-agent \ > --hostname=127.0.0.1 \ > --ip=127.0.0.1 \ > --master=127.0.0.1:5050 \ > --systemd_enable_support=false \ > --work_dir=/tmp/mesos \ > --containerizers=docker,mesos \ > --docker_mesos_image=mesos-build > ``` > > 4. Launch task with health check. > > Define the task with health check. > > ``` > $ cat /tmp/task.json > { > "name": "test-health-check", > "task_id": {"value" : "test-health-check"}, > "agent_id": {"value" : ""}, > "resources": [ > { > "name": "cpus", > "type": "SCALAR", > "scalar": { > "value": 0.1 > }, > "role": "*" > }, > { > "name": "mem", > "type": "SCALAR", > "scalar": { > "value": 32 > }, > "role": "*" > } > ], > "command": { > "value": "sleep 1000" > }, > "container": { > "type": "DOCKER", > "volumes": [], > "docker": { > "image": "mesos-build", > "network": "HOST" > } > }, > "health_check": { > "type": "HTTP", > "http": { > "scheme": "http", > "port": 5050 > }, > "gracePeriodSeconds": 300, > "intervalSeconds": 60, > "timeoutSeconds": 20, > "maxConsecutiveFailures": 3 > } > } > ``` > > Lauch task > > ``` > $ mesos-execute --master=127.0.0.1:5050 --task=/tmp/task.json > ``` > > And verified the healthy status of task is correct. > > ``` > I0407 16:29:57.258509 88767 health_checker.cpp:123] Entered the net namespace > of task (pid: '88727') successfully > I0407 16:29:57.334801 88643 health_checker.cpp:395] Performed HTTP health > check for task 'test-health-check' in 86.311186ms > I0407 16:29:57.334872 88643 health_checker.cpp:319] HTTP health check for > task 'test-health-check' passed > ``` > > > Thanks, > > Deshi Xiao > >
