> On Sept. 19, 2017, 3:01 a.m., Qian Zhang wrote: > > src/slave/containerizer/mesos/isolators/network/ports.cpp > > Line 511 (original), 586-589 (patched) > > <https://reviews.apache.org/r/60766/diff/18/?file=1828711#file1828711line586> > > > > I still think it is better to raise the limitation against the nested > > container rather than the root container because that will give framework > > more fine-grained debugging information so that it can know which specific > > nested container triggered the limitation. > > > > So I think we need to enhance the implementation of > > `waitNestedContainer()` to make it propagate the `reason` and `message` to > > the default executor, and then the default executor can send the limitation > > for the nested container.
We discussed this a bit and I thought about it for a while. Right now, the resources model for nested containers accrues resources to the root of the container tree. In all the other isolators, when anything in the tree violates a resource constraint the whole tree is torn down. If we send the limitation to the nested container, then an executor could reasonably choose to leave the container tree in place and we would have some inexplicable inconsistent behaviour. I do generally agree that allowing leaf containers to fail would be kinder, but that seems like part of a larger discussion about how nested containers should work. In [MESOS-7963](https://issues.apache.org/jira/browse/MESOS-7963) I would propose retaining the current semantics of the `network/ports` isolator but ensuring the limitation is correctly propagated. - James ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/60766/#review185637 ----------------------------------------------------------- On Sept. 5, 2017, 5:57 p.m., James Peach wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/60766/ > ----------------------------------------------------------- > > (Updated Sept. 5, 2017, 5:57 p.m.) > > > Review request for mesos, Qian Zhang and Jiang Yan Xu. > > > Bugs: MESOS-7675 > https://issues.apache.org/jira/browse/MESOS-7675 > > > Repository: mesos > > > Description > ------- > > Working on the assumption that containers with CNI networks will > get their own IP addresses and don't need port isolation, ignore > any containers that are joining CNI networks. > > > Diffs > ----- > > src/slave/containerizer/mesos/containerizer.cpp > 4d5dc13f363f5d8886983d7dd06a5cecc177c345 > src/slave/containerizer/mesos/isolators/network/ports.hpp PRE-CREATION > src/slave/containerizer/mesos/isolators/network/ports.cpp PRE-CREATION > > > Diff: https://reviews.apache.org/r/60766/diff/18/ > > > Testing > ------- > > make check (Fedora 26). > > > Thanks, > > James Peach > >
