----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/70863/#review215947 -----------------------------------------------------------
Fix it, then Ship it! src/slave/containerizer/mesos/isolators/cgroups/cgroups.cpp Lines 665-666 (original), 665-666 (patched) <https://reviews.apache.org/r/70863/#comment302878> Tech debt, I would suggest to put this part of codes here. ``` // We currently can't call `subsystem->isolate()` on nested // containers, because we don't call `prepare()`, `recover()`, or // `cleanup()` on them either. If we were to call `isolate()` on // them, the call would likely fail because the subsystem doesn't // know about the container. This is currently OK because the only // cgroup isolator that even implements `isolate()` is the // `NetClsSubsystem` and it doesn't do anything with the `pid` // passed in. // // TODO(klueska): In the future we should revisit this to make // sure that doing things this way is sufficient (or otherwise // update our invariants to allow us to call this here). if (containerId.has_parent()) { return Nothing(); } ``` - Gilbert Song On June 16, 2019, 7:47 p.m., James Peach wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/70863/ > ----------------------------------------------------------- > > (Updated June 16, 2019, 7:47 p.m.) > > > Review request for mesos, Gilbert Song, Jie Yu, and Qian Zhang. > > > Bugs: MESOS-9805 > https://issues.apache.org/jira/browse/MESOS-9805 > > > Repository: mesos > > > Description > ------- > > Currently, the PID targeted by the cgroups isolator is moved into > the cgroup before the subsystem runs to apply any type-specific > cgroup configuration. We should reverse the order of this so that > the PID is only moved once the cgroup is fully configured by the > subsystem. > > A specific case that can happen is where a PID is assigned to a net_cls > cgroup before that cgroup has its class ID set. This intermediate > process state can be observed by system monitoring process, causing > confusion that is hard to debug. > > > Diffs > ----- > > src/slave/containerizer/mesos/isolators/cgroups/cgroups.hpp > 4a1871b3b06b54a02dfe09289f7fb304a3f7f24c > src/slave/containerizer/mesos/isolators/cgroups/cgroups.cpp > e7819d732172bdbd215106e3b781588c1f78b2ec > > > Diff: https://reviews.apache.org/r/70863/diff/1/ > > > Testing > ------- > > sudo make check (Fedora 30) > > > Thanks, > > James Peach > >
