aurora-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bjoern Metzdorf" <bmetzd...@apple.com>
Subject Re: Review Request 23471: add support for Mesos masters running with --no-root_submissions, see AURORA-311
Date Thu, 17 Jul 2014 00:22:17 GMT


> On July 16, 2014, 6:21 p.m., Kevin Sweeney wrote:
> > src/main/java/org/apache/aurora/scheduler/DriverFactory.java, line 110
> > <https://reviews.apache.org/r/23471/diff/1/?file=630336#file630336line110>
> >
> >     Can you verify the behavior of this patch and update the Testing Done field?
What happens if I submit a job to aurora with role != EXECUTOR_USER?
> >     
> >     How does this interact with Mesos authentication - is that whole system independent
of this one?

When you submit a job with role != EXECUTOR_USER the executor will still run as EXECUTOR_USER,
but chowning the sandbox will fail (unless EXECUTOR_USER is a superuser):

I0717 00:14:10.553736 1453 executor_base.py:46] Executor [None]: launchTask got task: nobody/devel/hello_world:1405556045623-nobody-devel-hello_world-0-62d7a2f9-1ade-47e2-a918-53e04bc6141c
I0717 00:14:10.554691 1453 executor_base.py:46] Executor [20140710-025703-442534417-5050-21655-2872]:
Updating 1405556045623-nobody-devel-hello_world-0-62d7a2f9-1ade-47e2-a918-53e04bc6141c =>
STARTING
I0717 00:14:10.554883 1453 executor_base.py:46] Executor [20140710-025703-442534417-5050-21655-2872]:
   Reason: Initializing sandbox.
D0717 00:14:10.555494 1453 sandbox.py:77] DirectorySandbox: mkdir /tmp/mesos/slaves/20140710-025703-442534417-5050-21655-2872/frameworks/20140710-025703-442534417-5050-21655-509912/executors/thermos-1405556045623-nobody-devel-hello_world-0-62d7a2f9-1ade-47e2-a918-53e04bc6141c/runs/997640c4-d515-4ef8-8099-a272cb18e22b/sandbox
D0717 00:14:10.556082 1453 sandbox.py:92] DirectorySandbox: chown nobody:nobody /tmp/mesos/slaves/20140710-025703-442534417-5050-21655-2872/frameworks/20140710-025703-442534417-5050-21655-509912/executors/thermos-1405556045623-nobody-devel-hello_world-0-62d7a2f9-1ade-47e2-a918-53e04bc6141c/runs/997640c4-d515-4ef8-8099-a272cb18e22b/sandbox
F0717 00:14:10.557389 1453 aurora_executor.py:86] Failed to initialize sandbox: Failed to
chown/chmod the sandbox: [Errno 1] Operation not permitted: '/tmp/mesos/slaves/20140710-025703-442534417-5050-21655-2872/frameworks/20140710-025703-442534417-5050-21655-509912/executors/thermos-1405556045623-nobody-devel-hello_world-0-62d7a2f9-1ade-47e2-a918-53e04bc6141c/runs/997640c4-d515-4ef8-8099-a272cb18e22b/sandbox'
I0717 00:14:10.557595 1453 executor_base.py:46] Executor [20140710-025703-442534417-5050-21655-2872]:
Updating 1405556045623-nobody-devel-hello_world-0-62d7a2f9-1ade-47e2-a918-53e04bc6141c =>
FAILED
I0717 00:14:10.557719 1453 executor_base.py:46] Executor [20140710-025703-442534417-5050-21655-2872]:
   Reason: Failed to initialize sandbox: Failed to chown/chmod the sandbox: [Errno 1] Operation
not permitted: '/tmp/mesos/slaves/20140710-025703-442534417-5050-21655-2872/frameworks/20140710-025703-442534417-5050-21655-509912/executors/thermos-1405556045623-nobody-devel-hello_world-0-62d7a2f9-1ade-47e2-a918-53e04bc6141c/runs/997640c4-d515-4ef8-8099-a272cb18e22b/sandbox'
I0717 00:14:15.563591 1453 thermos_executor_main.py:77] MesosExecutorDriver.run() has finished.

Maybe we can add a check to thermos to not to blindly change ownership if not running as a
superuser. But I might not be able to contribute that anytime soon due to company policy.

It does not touch Mesos authentication at all.


- Bjoern


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/23471/#review47918
-----------------------------------------------------------


On July 15, 2014, 12:34 a.m., Bjoern Metzdorf wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/23471/
> -----------------------------------------------------------
> 
> (Updated July 15, 2014, 12:34 a.m.)
> 
> 
> Review request for Aurora.
> 
> 
> Bugs: AURORA-311
>     https://issues.apache.org/jira/browse/AURORA-311
> 
> 
> Repository: aurora
> 
> 
> Description
> -------
> 
> Review board entry for https://issues.apache.org/jira/browse/AURORA-311
> 
> 
> Diffs
> -----
> 
>   src/main/java/org/apache/aurora/scheduler/DriverFactory.java db864a0 
> 
> Diff: https://reviews.apache.org/r/23471/diff/
> 
> 
> Testing
> -------
> 
> 
> Thanks,
> 
> Bjoern Metzdorf
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message