Hello,
[Sorry if this post may seem more Marathon-oriented. It still contains
Mesos specific questions.]
I'm in the process of discovering/testing/trying to understand Mesos and
Marathon.
After having read some books and docs, I set up a small environment (9 linux
CentOS 7.3 VMs) consisting of :
. 3 Mesos master - quorum = 2
. 3 Zookeepers servers running on the same host as the mesos servers
. 2 Mesos slaves
. 3 Marathon servers
. 1 HAproxy facing the Mesos servers
Mesos has been installed from sources (1.2.0 version) and Marathon is
the 1.3.9
tarball comming from mesosphere
I've deployed :
. mesos-dns as a Marathon (not dockerized) application on one of the
slaves (with a constraint) configured with my site DNS as resolvers
and only
"host" as IPSources
. marathon-lb as a Marathon dockerized app ("network": "HOST") with the
simple (containerPort: 9090, hostPort: 9090, servicePort: 10000)
portMapping,
on the same slave using a constraint
Everything works fine so far.
I've read :
https://mesosphere.github.io/marathon/docs/ports.html
and
http://mesos.apache.org/documentation/latest/port-mapping-isolator/
but I'm still quite confused by the following port-related questions :
[Note : I'm not using "network/port_mapping" isolation for now. I sticked to
export MESOS_containerizers=docker,mesos]
1. for such a simple dockerized app :
{
"id": "http-server",
"cmd": "python3 -m http.server 8080",
"cpus": 0.5,
"mem": 32.0,
"container": {
"type": "DOCKER",
"docker": {
"image": "python:3",
"network": "BRIDGE",
"portMappings": [
{ "containerPort": 8080, "hostPort": 31000, "servicePort": 5000 }
]
}
},
"labels":{
"HAPROXY_GROUP":"external"
}
}
a) in HOST mode ("network": "HOST"), any hostPort seems to work (or at
least, let say 9090)
b) in BRIDGE mode ("network": "BRIDGE"), the valid hostPort range seems
to be
[31000 - 32000], which seems to match the Mesos non-ephemeral port range
given
as en example in
http://mesos.apache.org/documentation/latest/port-mapping-isolator/
But I don't quite understand why since
- I'm not using network/port_mapping isolation
- I didn't configured any port range anywhere in Mesos
2. Obviously in my setup, 2 apps on the same slave cannot have the same
hostPort. Would it be the same with network/port_mapping activated
since the
doc says : "he agent assigns each container a non-overlapping range
of the
ports"
Am I correct assuming that a Marathon hostPort is to be understood
as taken among the non-ephemeral Mesos ports ?
With network/port_mapping isolation, could 2 apps have the same
non-ephemeal port ? same question with ephemeral-port ? I doubt it but...
Is what is described in this doc valid for a dockerized container also ?
3. the portMapping I configured for the dockerized ("network": "HOST")
marathon-lb app is
"portMappings": [
{
"containerPort": 9090,
"hostPort": 9090,
"servicePort": 10000,
"protocol": "tcp"
on the slave I can verify :
# lsof -i :9090
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
haproxy 29610 root 6u IPv4 461745 0t0 TCP *:websm (LISTEN)
But Marathon tells that my app is running on :
mesos-slave1.it.pasteur.fr:31830
I don't understand where this port comes from, especially when I see
nobody's listening on it :
lsof -i :31830
like if Marathon gave me a fake hostPort ?
4. My understanding is that Marathon service port are bound to only by apps
like marathon-lb. As a matter of fact, it doesn't seem to bother Mesos that
Marathon deploys 2 apps on the same slave with the same servicePort. Am
I correct ?
Thanks for your help
--
Thomas HUMMEL
