> On Sept. 16, 2017, 3 a.m., Qian Zhang wrote: > > src/slave/containerizer/mesos/isolators/network/ports.cpp > > Lines 421-424 (patched) > > <https://reviews.apache.org/r/60496/diff/18/?file=1818175#file1818175line421> > > > > I did some experiments and found when I launch a comman task which is > > allocated with ports [31001-31005] and the command (`nc`) actually listens > > on 31006, then I found this task can be killed, but here the message is: > > ``` > > "Container aa99dab3-2a25-44e0-bc88-16c485c5c87a is listening on > > unallocated port(s) {[31006,31007)}" > > ``` > > This message seems not correct: > > 1. why 31007? The `nc` command only listens on 31006. And if I change > > the `nc` command to listen on 31009, the message will be "`... > > {[31009,31010)}`". > > 2. The brackets in `{[31006,31007)}` are not correct, it should be > > either `[]` or `()` but not `[)`.
This is interval set notation produces by converting an `IntervalSet` to a string. `[31006,31007)` means the interval that is `>= 31006` and `< 31007`. > On Sept. 16, 2017, 3 a.m., Qian Zhang wrote: > > src/slave/containerizer/mesos/isolators/network/ports.cpp > > Lines 421-424 (patched) > > <https://reviews.apache.org/r/60496/diff/18/?file=1818175#file1818175line421> > > > > We need to log this message like what we did here: > > > > https://github.com/apache/mesos/blob/1.3.1/src/slave/containerizer/mesos/isolators/cgroups/subsystems/memory.cpp#L556 Do you mean that we should add a second log message of the form "Ports limit exceeded: Requested: <resources1> Maximum Used: <resources2>"? If we are strictly consistent, then "<resources2>" would be the actual ports used and the operator would need to mentally perform the subtraction. We previously agreed to log only the ports outside the allocated range. I'm fine with the general form of the message, but we probably want to rephrase is slightly? - James ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/60496/#review185517 ----------------------------------------------------------- On Sept. 8, 2017, 12:09 a.m., James Peach wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/60496/ > ----------------------------------------------------------- > > (Updated Sept. 8, 2017, 12:09 a.m.) > > > Review request for mesos, Qian Zhang and Jiang Yan Xu. > > > Bugs: MESOS-7675 > https://issues.apache.org/jira/browse/MESOS-7675 > > > Repository: mesos > > > Description > ------- > > Implemented ports resource restrictions in the network ports isolator. > Periodically, scan for listening sockets and match them up to all > the open sockets in the containers we are tracking in the network. > Check any sockets we find against the ports resource and trigger a > resource limitation if the port has not been allocated. > > > Diffs > ----- > > src/slave/containerizer/mesos/isolators/network/ports.hpp PRE-CREATION > src/slave/containerizer/mesos/isolators/network/ports.cpp PRE-CREATION > > > Diff: https://reviews.apache.org/r/60496/diff/18/ > > > Testing > ------- > > make check (Fedora 26) > > > Thanks, > > James Peach > >
