> On Aug. 21, 2017, 7:15 a.m., Qian Zhang wrote:
> > src/slave/containerizer/mesos/isolators/network/ports.cpp
> > Lines 183 (patched)
> > <https://reviews.apache.org/r/60591/diff/10/?file=1800291#file1800291line183>
> >
> >     This method is only called by `NetworkPortsIsolatorProcess::create()` 
> > and its logic is pretty straightforward, so I would suggest to kill it and 
> > move its logic into `NetworkPortsIsolatorProcess::create()`.

Actually, keeping this in a helper function makes the caller significantly less 
complex. We can put the condition directly in the `if` statement and give it a 
meaningful name. The alternative is to have a number of similarly-named 
temporaries and a comment explaining what is going on. This is much cleaner.


> On Aug. 21, 2017, 7:15 a.m., Qian Zhang wrote:
> > src/slave/containerizer/mesos/isolators/network/ports.cpp
> > Lines 239 (patched)
> > <https://reviews.apache.org/r/60591/diff/10/?file=1800291#file1800291line239>
> >
> >     What if `ports.isSome()` is `false`? And what if ports resource is 
> > specified in `--resources` as `ports:[]`?

Good point. In that case, we need to specify an empty ports interval set. I 
added a new test to [r/60765](https://reviews.apache.org/r/60765/) to cover the 
case where we run a test with an empty ports resource.


> On Aug. 21, 2017, 7:15 a.m., Qian Zhang wrote:
> > src/slave/containerizer/mesos/isolators/network/ports.cpp
> > Lines 245-246 (patched)
> > <https://reviews.apache.org/r/60591/diff/10/?file=1800291#file1800291line245>
> >
> >     Won't agent listen on another available ephemeral port when it is 
> > restarted?

The port the agent listens on is never ephemeral; the default is 
`0.0.0.0:5051`. Thinking some more about this, it is quite difficult to prevent 
 a container listening on the agent port. If the agent is running, a container 
could only listen on this port if `SO_REUSEPORT` is being used. If the agent 
isn't running, then we could not prevent a container taking this port and 
thereby preventing the agent starting.


> On Aug. 21, 2017, 7:15 a.m., Qian Zhang wrote:
> > src/slave/flags.cpp
> > Lines 1012-1018 (patched)
> > <https://reviews.apache.org/r/60591/diff/10/?file=1800293#file1800293line1012>
> >
> >     So by default this flag is not enabled, that means any libprocess-based 
> > exectuors (e.g., command executor and default executor) will be killed 
> > since they will listen on ephemeral port?

Yes, that's correct.


- James


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/60591/#review183303
-----------------------------------------------------------


On July 3, 2017, 10:30 a.m., James Peach wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/60591/
> -----------------------------------------------------------
> 
> (Updated July 3, 2017, 10:30 a.m.)
> 
> 
> Review request for mesos, Qian Zhang and Jiang Yan Xu.
> 
> 
> Bugs: MESOS-7675
>     https://issues.apache.org/jira/browse/MESOS-7675
> 
> 
> Repository: mesos
> 
> 
> Description
> -------
> 
> Normally, the `network/ports` isolator will kill any task that
> listens on a port that it does not have resources for. However,
> executors that are based on the libprocess API will always listen
> on a port in the ephemeral range, and we want to make it possible
> to use libprocess-based executors.
> 
> Added the `--container_ports_watch_resources_only` option to only
> kill tasks when they listen on un-allocated ports within the port
> range published by the agent resources. This still prevents port
> collisions between tasks, but doesn't kill them just because the
> executor is listening on a port.
> 
> 
> Diffs
> -----
> 
>   src/slave/containerizer/mesos/isolators/network/ports.hpp PRE-CREATION 
>   src/slave/containerizer/mesos/isolators/network/ports.cpp PRE-CREATION 
>   src/slave/flags.hpp 2970fea0cfac6af275a758d4bfedfe9a943c2b60 
>   src/slave/flags.cpp 3b02f3e909a554f15104739832ae3f252926b45f 
> 
> 
> Diff: https://reviews.apache.org/r/60591/diff/11/
> 
> 
> Testing
> -------
> 
> make check (Fedora 26)
> 
> 
> Thanks,
> 
> James Peach
> 
>

Reply via email to