The 'user' specified in the image won't be honored. The current code will reject the container launch if the 'user' is specified in the image (although, i think we should print a warning if --switch_user flag is on because Mesos will always overwrite the user, similar to `docker run -u`, I'll send out patch shortly).
Can you try to remove the user directive in your Dockerfile and try again? - Jie On Tue, Dec 26, 2017 at 6:21 AM, Marc Roos <[email protected]> wrote: > > I added these changes to the mesos node: > > echo "true" > /etc/mesos-slave/switch_user (although I think this is the > default) > chmod u+s /usr/sbin/mesos-agent > useradd sflowrt > > Modified the marathon conf to: > > { > "id": "sflow/vizceral", > "cmd": null, > "cpus": 0.2, > "mem": 256, > "user": "sflowrt", > "instances": 1, > "acceptedResourceRoles": ["*"], > "constraints": [["hostname", "CLUSTER", "m02.local"]], > "container": { > "type": "MESOS", > "docker": { > "image": "sflow/vizceral", > "credential": null, > "forcePullImage": false > } > > } > } > > But still getting these: > > Dec 26 15:18:02 m02 mesos-slave[25084]: W1226 15:18:02.415927 25111 > runtime.cpp:111] Container user 'sflowrt' is not supported yet for > container 4e8d2cf6-b772-4e51-8154-1b8b6244f98f > Dec 26 15:18:02 m02 mesos-slave[25084]: W1226 15:18:02.415927 25111 > runtime.cpp:111] Container user 'sflowrt' is not supported yet for > container 4e8d2cf6-b772-4e51-8154-1b8b6244f98f > > > > > > > > > > > > > -----Original Message----- > From: Tomek Janiszewski [mailto:[email protected]] > Sent: zondag 24 december 2017 15:24 > To: [email protected] > Subject: Re: Container user '27' is not supported > > This might be the following limitations > > > If the --switch_user flag is set on the agent and the framework > specifies a user (either CommandInfo.user or FrameworkInfo.user), we > expect that user exists in the container image and its uid and gids > matches that on the host. User namespace is not supported yet. If the > user is not specified, root will be used by default. The operator or the > framework can limit the capabilities of the container by using the > linux/capabilities isolator. > > > > niedz., 24.12.2017, 14:20 użytkownik Marc Roos > <[email protected]> napisał: > > > > I am seeing this in the logs: > > Container user '27' is not supported yet for container > d823196a-4ec3-41e3-a4c0-6680ba5cc99 > > I guess this means that the container requests to run under a > specific > user id, and this is not yet available in mesos? > > mesos-1.4.1-2.0.1.x86_64 > > > >
