> On Aug. 21, 2017, 7:15 a.m., Qian Zhang wrote: > > src/slave/containerizer/mesos/isolators/network/ports.cpp > > Lines 183 (patched) > > <https://reviews.apache.org/r/60591/diff/10/?file=1800291#file1800291line183> > > > > This method is only called by `NetworkPortsIsolatorProcess::create()` > > and its logic is pretty straightforward, so I would suggest to kill it and > > move its logic into `NetworkPortsIsolatorProcess::create()`.
Actually, keeping this in a helper function makes the caller significantly less complex. We can put the condition directly in the `if` statement and give it a meaningful name. The alternative is to have a number of similarly-named temporaries and a comment explaining what is going on. This is much cleaner. > On Aug. 21, 2017, 7:15 a.m., Qian Zhang wrote: > > src/slave/containerizer/mesos/isolators/network/ports.cpp > > Lines 239 (patched) > > <https://reviews.apache.org/r/60591/diff/10/?file=1800291#file1800291line239> > > > > What if `ports.isSome()` is `false`? And what if ports resource is > > specified in `--resources` as `ports:[]`? Good point. In that case, we need to specify an empty ports interval set. I added a new test to [r/60765](https://reviews.apache.org/r/60765/) to cover the case where we run a test with an empty ports resource. > On Aug. 21, 2017, 7:15 a.m., Qian Zhang wrote: > > src/slave/containerizer/mesos/isolators/network/ports.cpp > > Lines 245-246 (patched) > > <https://reviews.apache.org/r/60591/diff/10/?file=1800291#file1800291line245> > > > > Won't agent listen on another available ephemeral port when it is > > restarted? The port the agent listens on is never ephemeral; the default is `0.0.0.0:5051`. Thinking some more about this, it is quite difficult to prevent a container listening on the agent port. If the agent is running, a container could only listen on this port if `SO_REUSEPORT` is being used. If the agent isn't running, then we could not prevent a container taking this port and thereby preventing the agent starting. > On Aug. 21, 2017, 7:15 a.m., Qian Zhang wrote: > > src/slave/flags.cpp > > Lines 1012-1018 (patched) > > <https://reviews.apache.org/r/60591/diff/10/?file=1800293#file1800293line1012> > > > > So by default this flag is not enabled, that means any libprocess-based > > exectuors (e.g., command executor and default executor) will be killed > > since they will listen on ephemeral port? Yes, that's correct. - James ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/60591/#review183303 ----------------------------------------------------------- On July 3, 2017, 10:30 a.m., James Peach wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/60591/ > ----------------------------------------------------------- > > (Updated July 3, 2017, 10:30 a.m.) > > > Review request for mesos, Qian Zhang and Jiang Yan Xu. > > > Bugs: MESOS-7675 > https://issues.apache.org/jira/browse/MESOS-7675 > > > Repository: mesos > > > Description > ------- > > Normally, the `network/ports` isolator will kill any task that > listens on a port that it does not have resources for. However, > executors that are based on the libprocess API will always listen > on a port in the ephemeral range, and we want to make it possible > to use libprocess-based executors. > > Added the `--container_ports_watch_resources_only` option to only > kill tasks when they listen on un-allocated ports within the port > range published by the agent resources. This still prevents port > collisions between tasks, but doesn't kill them just because the > executor is listening on a port. > > > Diffs > ----- > > src/slave/containerizer/mesos/isolators/network/ports.hpp PRE-CREATION > src/slave/containerizer/mesos/isolators/network/ports.cpp PRE-CREATION > src/slave/flags.hpp 2970fea0cfac6af275a758d4bfedfe9a943c2b60 > src/slave/flags.cpp 3b02f3e909a554f15104739832ae3f252926b45f > > > Diff: https://reviews.apache.org/r/60591/diff/11/ > > > Testing > ------- > > make check (Fedora 26) > > > Thanks, > > James Peach > >
