Re: cni / public port questions

[Jie Yu]

Olivier,

Sorry for the late response. I think in that case, you'll have to wait a
little bit. We'll likely provide native CNI bridge support in Mesos (i.e.,
Mesos distribution will include the corresponding bridge plugin and port
mapping plugin) so that operators does not have to explicitly setup CNI to
use bridge/port mapping. cc @avinash.

- Jie


On Fri, Jul 29, 2016 at 12:44 AM, Olivier Sallou 
wrote:

>
>
> - Mail original -
> > De: "Jie Yu" 
> > À: "dev" 
> > Cc: "Qian AZ Zhang" , "Avinash Sridharan" <
> avin...@mesosphere.io>
> > Envoyé: Jeudi 28 Juillet 2016 18:41:33
> > Objet: Re: cni / public port questions
> >
> > you can still use bridge with CNI (you'll need to use the built-in bridge
> > plugin of CNI).
> >
> > Port mapping is still under development. Expecting this coming soon.
>
> Yes, I had seen that feature ni JIRA, but was wondering if there were
> other solutions in the meanwhile. As my containers need to expose some
> ports to public, port mapping is needed for bridge. So either I keep my
> existing docker containerizer with Docker bridge, either I switch to
> unified with CNI and port management (more complex to setup and more
> complex to manage by framework).
>
> I would have like not to force my framework users to use a CNI tool while
> switching my code to unified containerizer. This would complexify code
> upgrades (impacts mesos install, even for simple bridge CNI).
>
> This means that frameworks willing to switch to unifed cont. need to
> continue to provide docker cont. for existing installations (we can't force
> a mesos admin to switch to CNI just for a framework).
>
> Thanks
>
> Olivier
>
> >
> > - Jie
> >
> > On Thu, Jul 28, 2016 at 2:44 AM, haosdent  wrote:
> >
> > > Hi, @Olivier. The port forwarding of mesos is still under
> implementing. You
> > > could subscribe https://issues.apache.org/jira/browse/MESOS-4823 to
> track
> > > the progress.
> > >
> > > On Thu, Jul 28, 2016 at 4:42 PM, Olivier Sallou <
> olivier.sal...@irisa.fr>
> > > wrote:
> > >
> > > > Hi,
> > > > I am looking at using unified containerizer. As it only support host
> > > mode,
> > > > it needs cni.
> > > > However, it is not really clear for me regarding "public" ports.
> > > >
> > > > If I have a container that needs to expose a port (let's say port
> 123),
> > > > can I expose it via the Mesos API only?
> > > >
> > > > When I use cni, as I understood, I allocate an IP per container. If
> IP is
> > > > routable in network, are all ports reachable (from any host / other
> > > > container) ? Or should it be explicitly opened ?
> > > >
> > > > To be simple, can I launch a container that would expose to public
> (any
> > > > host) only port 123 and other ports reachable only but containers in
> same
> > > > "private network" :
> > > >
> > > > - container 1 expose public port 123 and private port 456
> (accessible by
> > > > container 2 only)
> > > > - container 2 connects to container 1 port 456.
> > > >
> > > > For the moment, I am using the Docker containerizer with bridge
> mode, so
> > > > exposing port was simply a matter of mapping ports. Private networks
> are
> > > > managed by user networks of Docker.
> > > >
> > > >
> > > > Thanks
> > > >
> > > > Olivier
> > > >
> > > >
> > >
> > >
> > > --
> > > Best Regards,
> > > Haosdent Huang
> > >
> >
>

[GitHub] mesos issue #36: replace unsafe "find | xargs" with "find -exec"

[vinodkone]

Github user vinodkone commented on the issue:

https://github.com/apache/mesos/pull/36
  
I think this broke the ReviewBot. See 
https://issues.apache.org/jira/browse/MESOS-5958


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

Re: cni / public port questions

[Avinash Sridharan]

Hi Oliver,
 As Jie mentioned we are working on getting the port mapping support into
Mesos and having a default bridge and port mapping plugin in Mesos that
will provide you with functionality similar to the docker bridge network.
We are trying to get the CNI spec to support port mapping as a plugin (by
allowing CNI config to specify chains). The proposal is still under debate:
https://github.com/containernetworking/cni/issues/46

Having port mapping as a plugin will greatly simplify the network/cni
isolator and make it more extensible to allow for port mapping to be
offloaded to a different data-plane (as in the case of OVS), other than the
linux kernel, if the data-plane supports it.

-Avinash

On Tue, Aug 2, 2016 at 9:44 AM, Jie Yu  wrote:

> Olivier,
>
> Sorry for the late response. I think in that case, you'll have to wait a
> little bit. We'll likely provide native CNI bridge support in Mesos (i.e.,
> Mesos distribution will include the corresponding bridge plugin and port
> mapping plugin) so that operators does not have to explicitly setup CNI to
> use bridge/port mapping. cc @avinash.
>
> - Jie
>
>
> On Fri, Jul 29, 2016 at 12:44 AM, Olivier Sallou 
> wrote:
>
> >
> >
> > - Mail original -
> > > De: "Jie Yu" 
> > > À: "dev" 
> > > Cc: "Qian AZ Zhang" , "Avinash Sridharan" <
> > avin...@mesosphere.io>
> > > Envoyé: Jeudi 28 Juillet 2016 18:41:33
> > > Objet: Re: cni / public port questions
> > >
> > > you can still use bridge with CNI (you'll need to use the built-in
> bridge
> > > plugin of CNI).
> > >
> > > Port mapping is still under development. Expecting this coming soon.
> >
> > Yes, I had seen that feature ni JIRA, but was wondering if there were
> > other solutions in the meanwhile. As my containers need to expose some
> > ports to public, port mapping is needed for bridge. So either I keep my
> > existing docker containerizer with Docker bridge, either I switch to
> > unified with CNI and port management (more complex to setup and more
> > complex to manage by framework).
> >
> > I would have like not to force my framework users to use a CNI tool while
> > switching my code to unified containerizer. This would complexify code
> > upgrades (impacts mesos install, even for simple bridge CNI).
> >
> > This means that frameworks willing to switch to unifed cont. need to
> > continue to provide docker cont. for existing installations (we can't
> force
> > a mesos admin to switch to CNI just for a framework).
> >
> > Thanks
> >
> > Olivier
> >
> > >
> > > - Jie
> > >
> > > On Thu, Jul 28, 2016 at 2:44 AM, haosdent  wrote:
> > >
> > > > Hi, @Olivier. The port forwarding of mesos is still under
> > implementing. You
> > > > could subscribe https://issues.apache.org/jira/browse/MESOS-4823 to
> > track
> > > > the progress.
> > > >
> > > > On Thu, Jul 28, 2016 at 4:42 PM, Olivier Sallou <
> > olivier.sal...@irisa.fr>
> > > > wrote:
> > > >
> > > > > Hi,
> > > > > I am looking at using unified containerizer. As it only support
> host
> > > > mode,
> > > > > it needs cni.
> > > > > However, it is not really clear for me regarding "public" ports.
> > > > >
> > > > > If I have a container that needs to expose a port (let's say port
> > 123),
> > > > > can I expose it via the Mesos API only?
> > > > >
> > > > > When I use cni, as I understood, I allocate an IP per container. If
> > IP is
> > > > > routable in network, are all ports reachable (from any host / other
> > > > > container) ? Or should it be explicitly opened ?
> > > > >
> > > > > To be simple, can I launch a container that would expose to public
> > (any
> > > > > host) only port 123 and other ports reachable only but containers
> in
> > same
> > > > > "private network" :
> > > > >
> > > > > - container 1 expose public port 123 and private port 456
> > (accessible by
> > > > > container 2 only)
> > > > > - container 2 connects to container 1 port 456.
> > > > >
> > > > > For the moment, I am using the Docker containerizer with bridge
> > mode, so
> > > > > exposing port was simply a matter of mapping ports. Private
> networks
> > are
> > > > > managed by user networks of Docker.
> > > > >
> > > > >
> > > > > Thanks
> > > > >
> > > > > Olivier
> > > > >
> > > > >
> > > >
> > > >
> > > > --
> > > > Best Regards,
> > > > Haosdent Huang
> > > >
> > >
> >
>



-- 
Avinash Sridharan, Mesosphere
+1 (323) 702 5245