Re: Review Request 23471: add support for Mesos masters running with --no-root_submissions, see AURORA-311
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/23471/#review48993 --- wickman, ping? - Bill Farner On July 22, 2014, 11:28 p.m., Bjoern Metzdorf wrote: --- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/23471/ --- (Updated July 22, 2014, 11:28 p.m.) Review request for Aurora, Kevin Sweeney and Brian Wickman. Bugs: AURORA-311 https://issues.apache.org/jira/browse/AURORA-311 Repository: aurora Description --- Review board entry for https://issues.apache.org/jira/browse/AURORA-311 Diffs - src/main/java/org/apache/aurora/scheduler/DriverFactory.java db864a0 Diff: https://reviews.apache.org/r/23471/diff/ Testing --- Tested successfully on internal cluster with version 0.5.1. Aurora was able to connect to a mesos master that was running with --no-root_submissions and was able to schedule tasks with a role of EXECUTOR_USER that then were running as the specified executor user. Thanks, Bjoern Metzdorf
Re: Review Request 23471: add support for Mesos masters running with --no-root_submissions, see AURORA-311
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/23471/#review49047 --- Ship it! Ship It! - Brian Wickman On July 22, 2014, 11:28 p.m., Bjoern Metzdorf wrote: --- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/23471/ --- (Updated July 22, 2014, 11:28 p.m.) Review request for Aurora, Kevin Sweeney and Brian Wickman. Bugs: AURORA-311 https://issues.apache.org/jira/browse/AURORA-311 Repository: aurora Description --- Review board entry for https://issues.apache.org/jira/browse/AURORA-311 Diffs - src/main/java/org/apache/aurora/scheduler/DriverFactory.java db864a0 Diff: https://reviews.apache.org/r/23471/diff/ Testing --- Tested successfully on internal cluster with version 0.5.1. Aurora was able to connect to a mesos master that was running with --no-root_submissions and was able to schedule tasks with a role of EXECUTOR_USER that then were running as the specified executor user. Thanks, Bjoern Metzdorf
Re: Review Request 23471: add support for Mesos masters running with --no-root_submissions, see AURORA-311
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/23471/#review48453 --- Ship it! Ship It! - Kevin Sweeney On July 17, 2014, 11:11 a.m., Bjoern Metzdorf wrote: --- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/23471/ --- (Updated July 17, 2014, 11:11 a.m.) Review request for Aurora and Kevin Sweeney. Bugs: AURORA-311 https://issues.apache.org/jira/browse/AURORA-311 Repository: aurora Description --- Review board entry for https://issues.apache.org/jira/browse/AURORA-311 Diffs - src/main/java/org/apache/aurora/scheduler/DriverFactory.java db864a0 Diff: https://reviews.apache.org/r/23471/diff/ Testing --- Tested successfully on internal cluster with version 0.5.1. Aurora was able to connect to a mesos master that was running with --no-root_submissions and was able to schedule tasks with a role of EXECUTOR_USER that then were running as the specified executor user. Thanks, Bjoern Metzdorf
Re: Review Request 23471: add support for Mesos masters running with --no-root_submissions, see AURORA-311
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/23471/ --- (Updated July 22, 2014, 4:28 p.m.) Review request for Aurora, Kevin Sweeney and Bill Farner. Changes --- +wfarner for a second set of committer eyes Bugs: AURORA-311 https://issues.apache.org/jira/browse/AURORA-311 Repository: aurora Description --- Review board entry for https://issues.apache.org/jira/browse/AURORA-311 Diffs - src/main/java/org/apache/aurora/scheduler/DriverFactory.java db864a0 Diff: https://reviews.apache.org/r/23471/diff/ Testing --- Tested successfully on internal cluster with version 0.5.1. Aurora was able to connect to a mesos master that was running with --no-root_submissions and was able to schedule tasks with a role of EXECUTOR_USER that then were running as the specified executor user. Thanks, Bjoern Metzdorf
Re: Review Request 23471: add support for Mesos masters running with --no-root_submissions, see AURORA-311
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/23471/ --- (Updated July 22, 2014, 4:28 p.m.) Review request for Aurora, Kevin Sweeney and Brian Wickman. Changes --- -wfarner, +wickman Bugs: AURORA-311 https://issues.apache.org/jira/browse/AURORA-311 Repository: aurora Description --- Review board entry for https://issues.apache.org/jira/browse/AURORA-311 Diffs - src/main/java/org/apache/aurora/scheduler/DriverFactory.java db864a0 Diff: https://reviews.apache.org/r/23471/diff/ Testing --- Tested successfully on internal cluster with version 0.5.1. Aurora was able to connect to a mesos master that was running with --no-root_submissions and was able to schedule tasks with a role of EXECUTOR_USER that then were running as the specified executor user. Thanks, Bjoern Metzdorf
Re: Review Request 23471: add support for Mesos masters running with --no-root_submissions, see AURORA-311
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/23471/ --- (Updated July 17, 2014, 6:11 p.m.) Review request for Aurora and Kevin Sweeney. Changes --- People += kevints -wfarner Bugs: AURORA-311 https://issues.apache.org/jira/browse/AURORA-311 Repository: aurora Description --- Review board entry for https://issues.apache.org/jira/browse/AURORA-311 Diffs - src/main/java/org/apache/aurora/scheduler/DriverFactory.java db864a0 Diff: https://reviews.apache.org/r/23471/diff/ Testing --- Tested successfully on internal cluster with version 0.5.1. Aurora was able to connect to a mesos master that was running with --no-root_submissions and was able to schedule tasks with a role of EXECUTOR_USER that then were running as the specified executor user. Thanks, Bjoern Metzdorf
Re: Review Request 23471: add support for Mesos masters running with --no-root_submissions, see AURORA-311
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/23471/#review47918 --- src/main/java/org/apache/aurora/scheduler/DriverFactory.java https://reviews.apache.org/r/23471/#comment84155 Can you verify the behavior of this patch and update the Testing Done field? What happens if I submit a job to aurora with role != EXECUTOR_USER? How does this interact with Mesos authentication - is that whole system independent of this one? - Kevin Sweeney On July 14, 2014, 5:34 p.m., Bjoern Metzdorf wrote: --- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/23471/ --- (Updated July 14, 2014, 5:34 p.m.) Review request for Aurora. Bugs: AURORA-311 https://issues.apache.org/jira/browse/AURORA-311 Repository: aurora Description --- Review board entry for https://issues.apache.org/jira/browse/AURORA-311 Diffs - src/main/java/org/apache/aurora/scheduler/DriverFactory.java db864a0 Diff: https://reviews.apache.org/r/23471/diff/ Testing --- Thanks, Bjoern Metzdorf
Re: Review Request 23471: add support for Mesos masters running with --no-root_submissions, see AURORA-311
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/23471/ --- (Updated July 17, 2014, 12:22 a.m.) Review request for Aurora. Changes --- added comments about testing Bugs: AURORA-311 https://issues.apache.org/jira/browse/AURORA-311 Repository: aurora Description --- Review board entry for https://issues.apache.org/jira/browse/AURORA-311 Diffs - src/main/java/org/apache/aurora/scheduler/DriverFactory.java db864a0 Diff: https://reviews.apache.org/r/23471/diff/ Testing (updated) --- Tested successfully on internal cluster with version 0.5.1. Aurora was able to connect to a mesos master that was running with --no-root_submissions and was able to schedule tasks with a role of EXECUTOR_USER that then were running as the specified executor user. Thanks, Bjoern Metzdorf
Re: Review Request 23471: add support for Mesos masters running with --no-root_submissions, see AURORA-311
On July 16, 2014, 6:21 p.m., Kevin Sweeney wrote: src/main/java/org/apache/aurora/scheduler/DriverFactory.java, line 110 https://reviews.apache.org/r/23471/diff/1/?file=630336#file630336line110 Can you verify the behavior of this patch and update the Testing Done field? What happens if I submit a job to aurora with role != EXECUTOR_USER? How does this interact with Mesos authentication - is that whole system independent of this one? When you submit a job with role != EXECUTOR_USER the executor will still run as EXECUTOR_USER, but chowning the sandbox will fail (unless EXECUTOR_USER is a superuser): I0717 00:14:10.553736 1453 executor_base.py:46] Executor [None]: launchTask got task: nobody/devel/hello_world:1405556045623-nobody-devel-hello_world-0-62d7a2f9-1ade-47e2-a918-53e04bc6141c I0717 00:14:10.554691 1453 executor_base.py:46] Executor [20140710-025703-442534417-5050-21655-2872]: Updating 1405556045623-nobody-devel-hello_world-0-62d7a2f9-1ade-47e2-a918-53e04bc6141c = STARTING I0717 00:14:10.554883 1453 executor_base.py:46] Executor [20140710-025703-442534417-5050-21655-2872]:Reason: Initializing sandbox. D0717 00:14:10.555494 1453 sandbox.py:77] DirectorySandbox: mkdir /tmp/mesos/slaves/20140710-025703-442534417-5050-21655-2872/frameworks/20140710-025703-442534417-5050-21655-509912/executors/thermos-1405556045623-nobody-devel-hello_world-0-62d7a2f9-1ade-47e2-a918-53e04bc6141c/runs/997640c4-d515-4ef8-8099-a272cb18e22b/sandbox D0717 00:14:10.556082 1453 sandbox.py:92] DirectorySandbox: chown nobody:nobody /tmp/mesos/slaves/20140710-025703-442534417-5050-21655-2872/frameworks/20140710-025703-442534417-5050-21655-509912/executors/thermos-1405556045623-nobody-devel-hello_world-0-62d7a2f9-1ade-47e2-a918-53e04bc6141c/runs/997640c4-d515-4ef8-8099-a272cb18e22b/sandbox F0717 00:14:10.557389 1453 aurora_executor.py:86] Failed to initialize sandbox: Failed to chown/chmod the sandbox: [Errno 1] Operation not permitted: '/tmp/mesos/slaves/20140710-025703-442534417-5050-21655-2872/frameworks/20140710-025703-442534417-5050-21655-509912/executors/thermos-1405556045623-nobody-devel-hello_world-0-62d7a2f9-1ade-47e2-a918-53e04bc6141c/runs/997640c4-d515-4ef8-8099-a272cb18e22b/sandbox' I0717 00:14:10.557595 1453 executor_base.py:46] Executor [20140710-025703-442534417-5050-21655-2872]: Updating 1405556045623-nobody-devel-hello_world-0-62d7a2f9-1ade-47e2-a918-53e04bc6141c = FAILED I0717 00:14:10.557719 1453 executor_base.py:46] Executor [20140710-025703-442534417-5050-21655-2872]:Reason: Failed to initialize sandbox: Failed to chown/chmod the sandbox: [Errno 1] Operation not permitted: '/tmp/mesos/slaves/20140710-025703-442534417-5050-21655-2872/frameworks/20140710-025703-442534417-5050-21655-509912/executors/thermos-1405556045623-nobody-devel-hello_world-0-62d7a2f9-1ade-47e2-a918-53e04bc6141c/runs/997640c4-d515-4ef8-8099-a272cb18e22b/sandbox' I0717 00:14:15.563591 1453 thermos_executor_main.py:77] MesosExecutorDriver.run() has finished. Maybe we can add a check to thermos to not to blindly change ownership if not running as a superuser. But I might not be able to contribute that anytime soon due to company policy. It does not touch Mesos authentication at all. - Bjoern --- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/23471/#review47918 --- On July 15, 2014, 12:34 a.m., Bjoern Metzdorf wrote: --- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/23471/ --- (Updated July 15, 2014, 12:34 a.m.) Review request for Aurora. Bugs: AURORA-311 https://issues.apache.org/jira/browse/AURORA-311 Repository: aurora Description --- Review board entry for https://issues.apache.org/jira/browse/AURORA-311 Diffs - src/main/java/org/apache/aurora/scheduler/DriverFactory.java db864a0 Diff: https://reviews.apache.org/r/23471/diff/ Testing --- Thanks, Bjoern Metzdorf