> On Sept. 16, 2017, 11 a.m., Qian Zhang wrote: > > src/slave/containerizer/mesos/isolators/network/ports.cpp > > Lines 421-424 (patched) > > <https://reviews.apache.org/r/60496/diff/18/?file=1818175#file1818175line421> > > > > I did some experiments and found when I launch a comman task which is > > allocated with ports [31001-31005] and the command (`nc`) actually listens > > on 31006, then I found this task can be killed, but here the message is: > > ``` > > "Container aa99dab3-2a25-44e0-bc88-16c485c5c87a is listening on > > unallocated port(s) {[31006,31007)}" > > ``` > > This message seems not correct: > > 1. why 31007? The `nc` command only listens on 31006. And if I change > > the `nc` command to listen on 31009, the message will be "`... > > {[31009,31010)}`". > > 2. The brackets in `{[31006,31007)}` are not correct, it should be > > either `[]` or `()` but not `[)`. > > James Peach wrote: > This is interval set notation produces by converting an `IntervalSet` to > a string. `[31006,31007)` means the interval that is `>= 31006` and `< 31007`.
Thanks for the clarification! Can we just change `stringify(unallocatedPorts)` to `stringify(resource.ranges())`? That way the message will be something like: ``` "Container aa99dab3-2a25-44e0-bc88-16c485c5c87a is listening on unallocated port(s) [31006-31006]" ``` This seems a bit better. - Qian ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/60496/#review185517 ----------------------------------------------------------- On Sept. 19, 2017, 8:20 a.m., James Peach wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/60496/ > ----------------------------------------------------------- > > (Updated Sept. 19, 2017, 8:20 a.m.) > > > Review request for mesos, Qian Zhang and Jiang Yan Xu. > > > Bugs: MESOS-7675 > https://issues.apache.org/jira/browse/MESOS-7675 > > > Repository: mesos > > > Description > ------- > > Implemented ports resource restrictions in the network ports isolator. > Periodically, scan for listening sockets and match them up to all > the open sockets in the containers we are tracking in the network. > Check any sockets we find against the ports resource and trigger a > resource limitation if the port has not been allocated. > > > Diffs > ----- > > src/slave/containerizer/mesos/isolators/network/ports.hpp PRE-CREATION > src/slave/containerizer/mesos/isolators/network/ports.cpp PRE-CREATION > > > Diff: https://reviews.apache.org/r/60496/diff/19/ > > > Testing > ------- > > make check (Fedora 26) > > > Thanks, > > James Peach > >
