subject:"Review Request 51857\: Modified the `network\/cni` isolator to be nesting aware."

Re: Review Request 51857: Modified the `network/cni` isolator to be nesting aware.

2016-09-21 Thread Jie Yu


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/51857/#review149935
---


Ship it!




Ship It!

- Jie Yu


On Sept. 21, 2016, 8:18 p.m., Avinash sridharan wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/51857/
> ---
> 
> (Updated Sept. 21, 2016, 8:18 p.m.)
> 
> 
> Review request for mesos, Gilbert Song, Jie Yu, Joseph Wu, and Qian Zhang.
> 
> 
> Bugs: MESOS-6156
> https://issues.apache.org/jira/browse/MESOS-6156
> 
> 
> Repository: mesos
> 
> 
> Description
> ---
> 
> The network file setup in the `network/cni` isolator is now nesting
> aware. Since the children share the network and UTS namespace with the
> parent, the network files need to be created only for the parent
> container. For the child containers, the network files will be simply
> a bind mount of the parents network files.
> 
> 
> Diffs
> -
> 
>   src/slave/containerizer/mesos/isolators/network/cni/cni.hpp 
> 949da8f70fb1cd13d6359780b032cb170693ea3e 
>   src/slave/containerizer/mesos/isolators/network/cni/cni.cpp 
> 359479083894e887647a694a1a133dce44817073 
> 
> Diff: https://reviews.apache.org/r/51857/diff/
> 
> 
> Testing
> ---
> 
> make 
> make check
> and
> sudo ./bin/mesos-tests.sh
> 
> The only tests that failed were the SUDO make check tests:
> [  FAILED  ] 3 tests, listed below:
> [  FAILED  ] CgroupsAnyHierarchyWithCpuMemoryTest.ROOT_CGROUPS_Listen
> [  FAILED  ] CgroupsAnyHierarchyMemoryPressureTest.ROOT_IncreaseRSS
> [  FAILED  ] LinuxFilesystemIsolatorTest.ROOT_RecoverOrphanedPersistentVolume
> 
> 
> Thanks,
> 
> Avinash sridharan
> 
>

Re: Review Request 51857: Modified the `network/cni` isolator to be nesting aware.

2016-09-21 Thread Jie Yu


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/51857/#review149934
---




src/slave/containerizer/mesos/isolators/network/cni/cni.cpp (line 814)


We should do that for nested container with rootfs as well. The reason 
being non of the process in the network namespace should see host etc files. If 
a container joins non-host network, we should mask the host network files in 
the container.

This is also consistent with top level contaiener case. I did the change 
for you. Let me know if that makes sense to you or not.


- Jie Yu


On Sept. 21, 2016, 8:18 p.m., Avinash sridharan wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/51857/
> ---
> 
> (Updated Sept. 21, 2016, 8:18 p.m.)
> 
> 
> Review request for mesos, Gilbert Song, Jie Yu, Joseph Wu, and Qian Zhang.
> 
> 
> Bugs: MESOS-6156
> https://issues.apache.org/jira/browse/MESOS-6156
> 
> 
> Repository: mesos
> 
> 
> Description
> ---
> 
> The network file setup in the `network/cni` isolator is now nesting
> aware. Since the children share the network and UTS namespace with the
> parent, the network files need to be created only for the parent
> container. For the child containers, the network files will be simply
> a bind mount of the parents network files.
> 
> 
> Diffs
> -
> 
>   src/slave/containerizer/mesos/isolators/network/cni/cni.hpp 
> 949da8f70fb1cd13d6359780b032cb170693ea3e 
>   src/slave/containerizer/mesos/isolators/network/cni/cni.cpp 
> 359479083894e887647a694a1a133dce44817073 
> 
> Diff: https://reviews.apache.org/r/51857/diff/
> 
> 
> Testing
> ---
> 
> make 
> make check
> and
> sudo ./bin/mesos-tests.sh
> 
> The only tests that failed were the SUDO make check tests:
> [  FAILED  ] 3 tests, listed below:
> [  FAILED  ] CgroupsAnyHierarchyWithCpuMemoryTest.ROOT_CGROUPS_Listen
> [  FAILED  ] CgroupsAnyHierarchyMemoryPressureTest.ROOT_IncreaseRSS
> [  FAILED  ] LinuxFilesystemIsolatorTest.ROOT_RecoverOrphanedPersistentVolume
> 
> 
> Thanks,
> 
> Avinash sridharan
> 
>

Re: Review Request 51857: Modified the `network/cni` isolator to be nesting aware.

2016-09-21 Thread Avinash sridharan



> On Sept. 21, 2016, 12:54 a.m., Jie Yu wrote:
> > src/slave/containerizer/mesos/isolators/network/cni/cni.cpp, lines 1647-1652
> > 
> >
> > What if the top level container join non-host network but its child 
> > container join host network without a rootfs? Looks like we do need to 
> > setup etc files in that case because the host etc files won't work?
> > 
> > Maybe, it's time to address this TODO?
> 
> Jie Yu wrote:
> Sorry, i typed to fast. I mean the child container does not have a rootfs.

Introduced a new flag called `--bind_host_files`


- Avinash


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/51857/#review149767
---


On Sept. 21, 2016, 8:18 p.m., Avinash sridharan wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/51857/
> ---
> 
> (Updated Sept. 21, 2016, 8:18 p.m.)
> 
> 
> Review request for mesos, Gilbert Song, Jie Yu, Joseph Wu, and Qian Zhang.
> 
> 
> Bugs: MESOS-6156
> https://issues.apache.org/jira/browse/MESOS-6156
> 
> 
> Repository: mesos
> 
> 
> Description
> ---
> 
> The network file setup in the `network/cni` isolator is now nesting
> aware. Since the children share the network and UTS namespace with the
> parent, the network files need to be created only for the parent
> container. For the child containers, the network files will be simply
> a bind mount of the parents network files.
> 
> 
> Diffs
> -
> 
>   src/slave/containerizer/mesos/isolators/network/cni/cni.hpp 
> 949da8f70fb1cd13d6359780b032cb170693ea3e 
>   src/slave/containerizer/mesos/isolators/network/cni/cni.cpp 
> 359479083894e887647a694a1a133dce44817073 
> 
> Diff: https://reviews.apache.org/r/51857/diff/
> 
> 
> Testing
> ---
> 
> make 
> make check
> and
> sudo ./bin/mesos-tests.sh
> 
> The only tests that failed were the SUDO make check tests:
> [  FAILED  ] 3 tests, listed below:
> [  FAILED  ] CgroupsAnyHierarchyWithCpuMemoryTest.ROOT_CGROUPS_Listen
> [  FAILED  ] CgroupsAnyHierarchyMemoryPressureTest.ROOT_IncreaseRSS
> [  FAILED  ] LinuxFilesystemIsolatorTest.ROOT_RecoverOrphanedPersistentVolume
> 
> 
> Thanks,
> 
> Avinash sridharan
> 
>

Re: Review Request 51857: Modified the `network/cni` isolator to be nesting aware.

2016-09-21 Thread Avinash sridharan


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/51857/
---

(Updated Sept. 21, 2016, 8:18 p.m.)


Review request for mesos, Gilbert Song, Jie Yu, Joseph Wu, and Qian Zhang.


Changes
---

Addressed Jie's comments.


Bugs: MESOS-6156
https://issues.apache.org/jira/browse/MESOS-6156


Repository: mesos


Description
---

The network file setup in the `network/cni` isolator is now nesting
aware. Since the children share the network and UTS namespace with the
parent, the network files need to be created only for the parent
container. For the child containers, the network files will be simply
a bind mount of the parents network files.


Diffs (updated)
-

  src/slave/containerizer/mesos/isolators/network/cni/cni.hpp 
949da8f70fb1cd13d6359780b032cb170693ea3e 
  src/slave/containerizer/mesos/isolators/network/cni/cni.cpp 
359479083894e887647a694a1a133dce44817073 

Diff: https://reviews.apache.org/r/51857/diff/


Testing
---

make 
make check
and
sudo ./bin/mesos-tests.sh

The only tests that failed were the SUDO make check tests:
[  FAILED  ] 3 tests, listed below:
[  FAILED  ] CgroupsAnyHierarchyWithCpuMemoryTest.ROOT_CGROUPS_Listen
[  FAILED  ] CgroupsAnyHierarchyMemoryPressureTest.ROOT_IncreaseRSS
[  FAILED  ] LinuxFilesystemIsolatorTest.ROOT_RecoverOrphanedPersistentVolume


Thanks,

Avinash sridharan

Re: Review Request 51857: Modified the `network/cni` isolator to be nesting aware.

2016-09-21 Thread Jie Yu



> On Sept. 21, 2016, 12:54 a.m., Jie Yu wrote:
> > src/slave/containerizer/mesos/isolators/network/cni/cni.cpp, line 615
> > 
> >
> > We need to return failure if parent does not exist.
> 
> Avinash sridharan wrote:
> Actually, I think we will need to retrieve the `containerNetworks` from 
> the root container. Reason being that since we do not `recover` nested 
> container, the parent might actually not exist in the `infos`. 
> 
> For the root container, doing an `at` should be the same as a `CHECK`. 
> Wouldn't it be a bug if the root container does not exist?

Please avoid using CHECK. Return Failure if root container does not exist.


- Jie


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/51857/#review149767
---


On Sept. 21, 2016, 12:06 a.m., Avinash sridharan wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/51857/
> ---
> 
> (Updated Sept. 21, 2016, 12:06 a.m.)
> 
> 
> Review request for mesos, Gilbert Song, Jie Yu, Joseph Wu, and Qian Zhang.
> 
> 
> Bugs: MESOS-6156
> https://issues.apache.org/jira/browse/MESOS-6156
> 
> 
> Repository: mesos
> 
> 
> Description
> ---
> 
> The network file setup in the `network/cni` isolator is now nesting
> aware. Since the children share the network and UTS namespace with the
> parent, the network files need to be created only for the parent
> container. For the child containers, the network files will be simply
> a bind mount of the parents network files.
> 
> 
> Diffs
> -
> 
>   src/slave/containerizer/mesos/isolators/network/cni/cni.hpp 
> 949da8f70fb1cd13d6359780b032cb170693ea3e 
>   src/slave/containerizer/mesos/isolators/network/cni/cni.cpp 
> 359479083894e887647a694a1a133dce44817073 
> 
> Diff: https://reviews.apache.org/r/51857/diff/
> 
> 
> Testing
> ---
> 
> make 
> make check
> and
> sudo ./bin/mesos-tests.sh
> 
> The only tests that failed were the SUDO make check tests:
> [  FAILED  ] 3 tests, listed below:
> [  FAILED  ] CgroupsAnyHierarchyWithCpuMemoryTest.ROOT_CGROUPS_Listen
> [  FAILED  ] CgroupsAnyHierarchyMemoryPressureTest.ROOT_IncreaseRSS
> [  FAILED  ] LinuxFilesystemIsolatorTest.ROOT_RecoverOrphanedPersistentVolume
> 
> 
> Thanks,
> 
> Avinash sridharan
> 
>

Re: Review Request 51857: Modified the `network/cni` isolator to be nesting aware.

2016-09-21 Thread Avinash sridharan



> On Sept. 21, 2016, 12:54 a.m., Jie Yu wrote:
> > src/slave/containerizer/mesos/isolators/network/cni/cni.cpp, line 378
> > 
> >
> > Should we skip nested container recover here? It's better to be 
> > explicit.

Yeah, I think being explicit here makes sense.


> On Sept. 21, 2016, 12:54 a.m., Jie Yu wrote:
> > src/slave/containerizer/mesos/isolators/network/cni/cni.cpp, line 615
> > 
> >
> > We need to return failure if parent does not exist.

Actually, I think we will need to retrieve the `containerNetworks` from the 
root container. Reason being that since we do not `recover` nested container, 
the parent might actually not exist in the `infos`. 

For the root container, doing an `at` should be the same as a `CHECK`. Wouldn't 
it be a bug if the root container does not exist?


- Avinash


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/51857/#review149767
---


On Sept. 21, 2016, 12:06 a.m., Avinash sridharan wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/51857/
> ---
> 
> (Updated Sept. 21, 2016, 12:06 a.m.)
> 
> 
> Review request for mesos, Gilbert Song, Jie Yu, Joseph Wu, and Qian Zhang.
> 
> 
> Bugs: MESOS-6156
> https://issues.apache.org/jira/browse/MESOS-6156
> 
> 
> Repository: mesos
> 
> 
> Description
> ---
> 
> The network file setup in the `network/cni` isolator is now nesting
> aware. Since the children share the network and UTS namespace with the
> parent, the network files need to be created only for the parent
> container. For the child containers, the network files will be simply
> a bind mount of the parents network files.
> 
> 
> Diffs
> -
> 
>   src/slave/containerizer/mesos/isolators/network/cni/cni.hpp 
> 949da8f70fb1cd13d6359780b032cb170693ea3e 
>   src/slave/containerizer/mesos/isolators/network/cni/cni.cpp 
> 359479083894e887647a694a1a133dce44817073 
> 
> Diff: https://reviews.apache.org/r/51857/diff/
> 
> 
> Testing
> ---
> 
> make 
> make check
> and
> sudo ./bin/mesos-tests.sh
> 
> The only tests that failed were the SUDO make check tests:
> [  FAILED  ] 3 tests, listed below:
> [  FAILED  ] CgroupsAnyHierarchyWithCpuMemoryTest.ROOT_CGROUPS_Listen
> [  FAILED  ] CgroupsAnyHierarchyMemoryPressureTest.ROOT_IncreaseRSS
> [  FAILED  ] LinuxFilesystemIsolatorTest.ROOT_RecoverOrphanedPersistentVolume
> 
> 
> Thanks,
> 
> Avinash sridharan
> 
>

Re: Review Request 51857: Modified the `network/cni` isolator to be nesting aware.

2016-09-20 Thread Jie Yu



> On Sept. 21, 2016, 12:54 a.m., Jie Yu wrote:
> > src/slave/containerizer/mesos/isolators/network/cni/cni.cpp, lines 1647-1652
> > 
> >
> > What if the top level container join non-host network but its child 
> > container join host network without a rootfs? Looks like we do need to 
> > setup etc files in that case because the host etc files won't work?
> > 
> > Maybe, it's time to address this TODO?

Sorry, i typed to fast. I mean the child container does not have a rootfs.


- Jie


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/51857/#review149767
---


On Sept. 21, 2016, 12:06 a.m., Avinash sridharan wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/51857/
> ---
> 
> (Updated Sept. 21, 2016, 12:06 a.m.)
> 
> 
> Review request for mesos, Gilbert Song, Jie Yu, Joseph Wu, and Qian Zhang.
> 
> 
> Bugs: MESOS-6156
> https://issues.apache.org/jira/browse/MESOS-6156
> 
> 
> Repository: mesos
> 
> 
> Description
> ---
> 
> The network file setup in the `network/cni` isolator is now nesting
> aware. Since the children share the network and UTS namespace with the
> parent, the network files need to be created only for the parent
> container. For the child containers, the network files will be simply
> a bind mount of the parents network files.
> 
> 
> Diffs
> -
> 
>   src/slave/containerizer/mesos/isolators/network/cni/cni.hpp 
> 949da8f70fb1cd13d6359780b032cb170693ea3e 
>   src/slave/containerizer/mesos/isolators/network/cni/cni.cpp 
> 359479083894e887647a694a1a133dce44817073 
> 
> Diff: https://reviews.apache.org/r/51857/diff/
> 
> 
> Testing
> ---
> 
> make 
> make check
> and
> sudo ./bin/mesos-tests.sh
> 
> The only tests that failed were the SUDO make check tests:
> [  FAILED  ] 3 tests, listed below:
> [  FAILED  ] CgroupsAnyHierarchyWithCpuMemoryTest.ROOT_CGROUPS_Listen
> [  FAILED  ] CgroupsAnyHierarchyMemoryPressureTest.ROOT_IncreaseRSS
> [  FAILED  ] LinuxFilesystemIsolatorTest.ROOT_RecoverOrphanedPersistentVolume
> 
> 
> Thanks,
> 
> Avinash sridharan
> 
>

Re: Review Request 51857: Modified the `network/cni` isolator to be nesting aware.

2016-09-20 Thread Jie Yu


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/51857/#review149767
---




src/slave/containerizer/mesos/isolators/network/cni/cni.cpp (line 378)


Should we skip nested container recover here? It's better to be explicit.



src/slave/containerizer/mesos/isolators/network/cni/cni.cpp (line 612)


We need to return failure if parent does not exist.



src/slave/containerizer/mesos/isolators/network/cni/cni.cpp (lines 684 - 685)


I would also mentioned that we need a mount namespace because we need to 
bind mount /etc/ files



src/slave/containerizer/mesos/isolators/network/cni/cni.cpp (line 706)


For the contaienr (both top level or nested)



src/slave/containerizer/mesos/isolators/network/cni/cni.cpp (line 1249)


Let's add a nested container check similar to what we have in cgroups 
isolator:
```
if (containerId.has_parent()) {
  return Failure("Not supported for nested containers");
}
```



src/slave/containerizer/mesos/isolators/network/cni/cni.cpp (line 1253)


Also, you should mention that we don't maintain info for nested container. 
IP address can be obtained from its parent container.



src/slave/containerizer/mesos/isolators/network/cni/cni.cpp (line 1312)


s/child/nested/



src/slave/containerizer/mesos/isolators/network/cni/cni.cpp (lines 1644 - 1649)


What if the top level container join non-host network but its child 
container join host network without a rootfs? Looks like we do need to setup 
etc files in that case because the host etc files won't work?

Maybe, it's time to address this TODO?


- Jie Yu


On Sept. 21, 2016, 12:06 a.m., Avinash sridharan wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/51857/
> ---
> 
> (Updated Sept. 21, 2016, 12:06 a.m.)
> 
> 
> Review request for mesos, Gilbert Song, Jie Yu, Joseph Wu, and Qian Zhang.
> 
> 
> Bugs: MESOS-6156
> https://issues.apache.org/jira/browse/MESOS-6156
> 
> 
> Repository: mesos
> 
> 
> Description
> ---
> 
> The network file setup in the `network/cni` isolator is now nesting
> aware. Since the children share the network and UTS namespace with the
> parent, the network files need to be created only for the parent
> container. For the child containers, the network files will be simply
> a bind mount of the parents network files.
> 
> 
> Diffs
> -
> 
>   src/slave/containerizer/mesos/isolators/network/cni/cni.hpp 
> 949da8f70fb1cd13d6359780b032cb170693ea3e 
>   src/slave/containerizer/mesos/isolators/network/cni/cni.cpp 
> 359479083894e887647a694a1a133dce44817073 
> 
> Diff: https://reviews.apache.org/r/51857/diff/
> 
> 
> Testing
> ---
> 
> make 
> make check
> and
> sudo ./bin/mesos-tests.sh
> 
> The only tests that failed were the SUDO make check tests:
> [  FAILED  ] 3 tests, listed below:
> [  FAILED  ] CgroupsAnyHierarchyWithCpuMemoryTest.ROOT_CGROUPS_Listen
> [  FAILED  ] CgroupsAnyHierarchyMemoryPressureTest.ROOT_IncreaseRSS
> [  FAILED  ] LinuxFilesystemIsolatorTest.ROOT_RecoverOrphanedPersistentVolume
> 
> 
> Thanks,
> 
> Avinash sridharan
> 
>

Re: Review Request 51857: Modified the `network/cni` isolator to be nesting aware.

2016-09-20 Thread Jie Yu



> On Sept. 20, 2016, 9:10 p.m., Jie Yu wrote:
> > src/slave/containerizer/mesos/isolators/network/cni/cni.cpp, lines 725-733
> > 
> >
> > This is problematic.
> > 
> > If both rootDir and pluginDir is not set, meaning that containers will 
> > only join host network. Say the parent container joins the host network. 
> > The child container will join host network as well, but it has a rootfs so 
> > we need to setup network files for it.
> > 
> > First of all, the CHECK_SOME above will fail. Then the 
> > `CHECK(!infos.contains(...))` will fail as well.
> > 
> > That's the reason I highly suggested previously that you combine the 
> > logic here with the if block in line 701.
> > 
> > For child containers, do not add 'containerNetworks' to its info 
> > because itself does not create/join a new CNI network. You'll need to get 
> > the Info for its parent container anyway, so that's redundant information.
> > 
> > In that way, the 'if' condition at line 701 still applies to child 
> > containers:
> > ```
> > if (infos[containerId]->containerNetworks.empty() &&
> > infos[containerId]->rootfs.isSome()) {
> > ```
> > 
> > However, instead of using the host file directly, you may want to check 
> > if the parent container has network files or not. It's likely that the 
> > parent container joins host network without rootfs. In that case, it does 
> > not have network files.
> 
> Avinash sridharan wrote:
> Why is this is an issue for a child container with a rootfs ? 
> The child container with a rootfs is no different than the parent 
> container. For these containers, the code would never reach line `727`. The 
> execution would be that of code block `707` to `725`. This shouldn't any 
> different than the way it is working today.
> 
> Avinash sridharan wrote:
> By the way my above comment is valid only for child containers with 
> rootfs joining the host network.

oops. my bad. I forgot that the if block starting from line 701 will short 
circuit.

So info.containerNetworks for nested container is the networks of its parent. 
Let's document this in hpp.


- Jie


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/51857/#review149726
---


On Sept. 21, 2016, 12:06 a.m., Avinash sridharan wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/51857/
> ---
> 
> (Updated Sept. 21, 2016, 12:06 a.m.)
> 
> 
> Review request for mesos, Gilbert Song, Jie Yu, Joseph Wu, and Qian Zhang.
> 
> 
> Bugs: MESOS-6156
> https://issues.apache.org/jira/browse/MESOS-6156
> 
> 
> Repository: mesos
> 
> 
> Description
> ---
> 
> The network file setup in the `network/cni` isolator is now nesting
> aware. Since the children share the network and UTS namespace with the
> parent, the network files need to be created only for the parent
> container. For the child containers, the network files will be simply
> a bind mount of the parents network files.
> 
> 
> Diffs
> -
> 
>   src/slave/containerizer/mesos/isolators/network/cni/cni.hpp 
> 949da8f70fb1cd13d6359780b032cb170693ea3e 
>   src/slave/containerizer/mesos/isolators/network/cni/cni.cpp 
> 359479083894e887647a694a1a133dce44817073 
> 
> Diff: https://reviews.apache.org/r/51857/diff/
> 
> 
> Testing
> ---
> 
> make 
> make check
> and
> sudo ./bin/mesos-tests.sh
> 
> The only tests that failed were the SUDO make check tests:
> [  FAILED  ] 3 tests, listed below:
> [  FAILED  ] CgroupsAnyHierarchyWithCpuMemoryTest.ROOT_CGROUPS_Listen
> [  FAILED  ] CgroupsAnyHierarchyMemoryPressureTest.ROOT_IncreaseRSS
> [  FAILED  ] LinuxFilesystemIsolatorTest.ROOT_RecoverOrphanedPersistentVolume
> 
> 
> Thanks,
> 
> Avinash sridharan
> 
>

Re: Review Request 51857: Modified the `network/cni` isolator to be nesting aware.

2016-09-20 Thread Avinash sridharan


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/51857/
---

(Updated Sept. 21, 2016, 12:06 a.m.)


Review request for mesos, Gilbert Song, Jie Yu, Joseph Wu, and Qian Zhang.


Changes
---

Merged patches for `cleanup` and `supportsNesting` into this patch.


Summary (updated)
-

Modified the `network/cni` isolator to be nesting aware.


Bugs: MESOS-6156
https://issues.apache.org/jira/browse/MESOS-6156


Repository: mesos


Description
---

The network file setup in the `network/cni` isolator is now nesting
aware. Since the children share the network and UTS namespace with the
parent, the network files need to be created only for the parent
container. For the child containers, the network files will be simply
a bind mount of the parents network files.


Diffs (updated)
-

  src/slave/containerizer/mesos/isolators/network/cni/cni.hpp 
949da8f70fb1cd13d6359780b032cb170693ea3e 
  src/slave/containerizer/mesos/isolators/network/cni/cni.cpp 
359479083894e887647a694a1a133dce44817073 

Diff: https://reviews.apache.org/r/51857/diff/


Testing
---

make 
make check
and
sudo ./bin/mesos-tests.sh

The only tests that failed were the SUDO make check tests:
[  FAILED  ] 3 tests, listed below:
[  FAILED  ] CgroupsAnyHierarchyWithCpuMemoryTest.ROOT_CGROUPS_Listen
[  FAILED  ] CgroupsAnyHierarchyMemoryPressureTest.ROOT_IncreaseRSS
[  FAILED  ] LinuxFilesystemIsolatorTest.ROOT_RecoverOrphanedPersistentVolume


Thanks,

Avinash sridharan

Re: Review Request 51857: Modified the `network/cni` isolator to be nesting aware.

Re: Review Request 51857: Modified the `network/cni` isolator to be nesting aware.

Re: Review Request 51857: Modified the `network/cni` isolator to be nesting aware.

Re: Review Request 51857: Modified the `network/cni` isolator to be nesting aware.

Re: Review Request 51857: Modified the `network/cni` isolator to be nesting aware.

Re: Review Request 51857: Modified the `network/cni` isolator to be nesting aware.

Re: Review Request 51857: Modified the `network/cni` isolator to be nesting aware.

Re: Review Request 51857: Modified the `network/cni` isolator to be nesting aware.

Re: Review Request 51857: Modified the `network/cni` isolator to be nesting aware.

Re: Review Request 51857: Modified the `network/cni` isolator to be nesting aware.

10 matches

Site Navigation

Mail list logo

Footer information