1. Mentioned port range is the Mesos Agent resource setting, so if you don't explicitly define port range it would be used. https://github.com/apache/mesos/blob/1.2.0/src/slave/constants.hpp#L86
2. With ports mapping two or more applications could attach to same container port but will be exposed under different host port. 3. I'm not sure if ports mappings works in Host mode. Try with require ports option enabled. https://github.com/mesosphere/marathon/blob/v1.3.9/docs/docs/ports.md 4. Yes, service ports are only for Marathon and don't propagate to Mesos. http://stackoverflow.com/a/39468348/1387612 wt., 28.03.2017, 18:16 użytkownik Thomas HUMMEL <[email protected]> napisał: Hello, [Sorry if this post may seem more Marathon-oriented. It still contains Mesos specific questions.] I'm in the process of discovering/testing/trying to understand Mesos and Marathon. After having read some books and docs, I set up a small environment (9 linux CentOS 7.3 VMs) consisting of : . 3 Mesos master - quorum = 2 . 3 Zookeepers servers running on the same host as the mesos servers . 2 Mesos slaves . 3 Marathon servers . 1 HAproxy facing the Mesos servers Mesos has been installed from sources (1.2.0 version) and Marathon is the 1.3.9 tarball comming from mesosphere I've deployed : . mesos-dns as a Marathon (not dockerized) application on one of the slaves (with a constraint) configured with my site DNS as resolvers and only "host" as IPSources . marathon-lb as a Marathon dockerized app ("network": "HOST") with the simple (containerPort: 9090, hostPort: 9090, servicePort: 10000) portMapping, on the same slave using a constraint Everything works fine so far. I've read : https://mesosphere.github.io/marathon/docs/ports.html and http://mesos.apache.org/documentation/latest/port-mapping-isolator/ but I'm still quite confused by the following port-related questions : [Note : I'm not using "network/port_mapping" isolation for now. I sticked to export MESOS_containerizers=docker,mesos] 1. for such a simple dockerized app : { "id": "http-server", "cmd": "python3 -m http.server 8080", "cpus": 0.5, "mem": 32.0, "container": { "type": "DOCKER", "docker": { "image": "python:3", "network": "BRIDGE", "portMappings": [ { "containerPort": 8080, "hostPort": 31000, "servicePort": 5000 } ] } }, "labels":{ "HAPROXY_GROUP":"external" } } a) in HOST mode ("network": "HOST"), any hostPort seems to work (or at least, let say 9090) b) in BRIDGE mode ("network": "BRIDGE"), the valid hostPort range seems to be [31000 - 32000], which seems to match the Mesos non-ephemeral port range given as en example in http://mesos.apache.org/documentation/latest/port-mapping-isolator/ But I don't quite understand why since - I'm not using network/port_mapping isolation - I didn't configured any port range anywhere in Mesos 2. Obviously in my setup, 2 apps on the same slave cannot have the same hostPort. Would it be the same with network/port_mapping activated since the doc says : "he agent assigns each container a non-overlapping range of the ports" Am I correct assuming that a Marathon hostPort is to be understood as taken among the non-ephemeral Mesos ports ? With network/port_mapping isolation, could 2 apps have the same non-ephemeal port ? same question with ephemeral-port ? I doubt it but... Is what is described in this doc valid for a dockerized container also ? 3. the portMapping I configured for the dockerized ("network": "HOST") marathon-lb app is "portMappings": [ { "containerPort": 9090, "hostPort": 9090, "servicePort": 10000, "protocol": "tcp" on the slave I can verify : # lsof -i :9090 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME haproxy 29610 root 6u IPv4 461745 0t0 TCP *:websm (LISTEN) But Marathon tells that my app is running on : mesos-slave1.it.pasteur.fr:31830 I don't understand where this port comes from, especially when I see nobody's listening on it : lsof -i :31830 like if Marathon gave me a fake hostPort ? 4. My understanding is that Marathon service port are bound to only by apps like marathon-lb. As a matter of fact, it doesn't seem to bother Mesos that Marathon deploys 2 apps on the same slave with the same servicePort. Am I correct ? Thanks for your help -- Thomas HUMMEL
