Return-Path: X-Original-To: apmail-aurora-reviews-archive@minotaur.apache.org Delivered-To: apmail-aurora-reviews-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 69229118B9 for ; Thu, 17 Jul 2014 00:22:56 +0000 (UTC) Received: (qmail 77234 invoked by uid 500); 17 Jul 2014 00:22:56 -0000 Delivered-To: apmail-aurora-reviews-archive@aurora.apache.org Received: (qmail 77194 invoked by uid 500); 17 Jul 2014 00:22:56 -0000 Mailing-List: contact reviews-help@aurora.incubator.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: reviews@aurora.incubator.apache.org Delivered-To: mailing list reviews@aurora.incubator.apache.org Received: (qmail 77178 invoked by uid 99); 17 Jul 2014 00:22:55 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 17 Jul 2014 00:22:55 +0000 X-ASF-Spam-Status: No, hits=-1997.8 required=5.0 tests=ALL_TRUSTED,HTML_MESSAGE,RP_MATCHES_RCVD X-Spam-Check-By: apache.org Received: from [140.211.11.3] (HELO mail.apache.org) (140.211.11.3) by apache.org (qpsmtpd/0.29) with SMTP; Thu, 17 Jul 2014 00:22:56 +0000 Received: (qmail 77016 invoked by uid 99); 17 Jul 2014 00:22:30 -0000 Received: from reviews-vm.apache.org (HELO reviews.apache.org) (140.211.11.40) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 17 Jul 2014 00:22:30 +0000 Received: from reviews.apache.org (localhost [127.0.0.1]) by reviews.apache.org (Postfix) with ESMTP id C09341DB88D; Thu, 17 Jul 2014 00:22:17 +0000 (UTC) Content-Type: multipart/alternative; boundary="===============6289749069792025011==" MIME-Version: 1.0 Subject: Re: Review Request 23471: add support for Mesos masters running with --no-root_submissions, see AURORA-311 From: "Bjoern Metzdorf" To: "Bjoern Metzdorf" , "Aurora" , "Kevin Sweeney" Date: Thu, 17 Jul 2014 00:22:17 -0000 Message-ID: <20140717002217.24004.4513@reviews.apache.org> X-ReviewBoard-URL: https://reviews.apache.org Auto-Submitted: auto-generated Sender: "Bjoern Metzdorf" X-ReviewGroup: Aurora X-ReviewRequest-URL: https://reviews.apache.org/r/23471/ X-Sender: "Bjoern Metzdorf" References: <20140716182153.24005.59972@reviews.apache.org> In-Reply-To: <20140716182153.24005.59972@reviews.apache.org> Reply-To: "Bjoern Metzdorf" X-ReviewRequest-Repository: aurora X-Virus-Checked: Checked by ClamAV on apache.org --===============6289749069792025011== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit > On July 16, 2014, 6:21 p.m., Kevin Sweeney wrote: > > src/main/java/org/apache/aurora/scheduler/DriverFactory.java, line 110 > > > > > > Can you verify the behavior of this patch and update the Testing Done field? What happens if I submit a job to aurora with role != EXECUTOR_USER? > > > > How does this interact with Mesos authentication - is that whole system independent of this one? When you submit a job with role != EXECUTOR_USER the executor will still run as EXECUTOR_USER, but chowning the sandbox will fail (unless EXECUTOR_USER is a superuser): I0717 00:14:10.553736 1453 executor_base.py:46] Executor [None]: launchTask got task: nobody/devel/hello_world:1405556045623-nobody-devel-hello_world-0-62d7a2f9-1ade-47e2-a918-53e04bc6141c I0717 00:14:10.554691 1453 executor_base.py:46] Executor [20140710-025703-442534417-5050-21655-2872]: Updating 1405556045623-nobody-devel-hello_world-0-62d7a2f9-1ade-47e2-a918-53e04bc6141c => STARTING I0717 00:14:10.554883 1453 executor_base.py:46] Executor [20140710-025703-442534417-5050-21655-2872]: Reason: Initializing sandbox. D0717 00:14:10.555494 1453 sandbox.py:77] DirectorySandbox: mkdir /tmp/mesos/slaves/20140710-025703-442534417-5050-21655-2872/frameworks/20140710-025703-442534417-5050-21655-509912/executors/thermos-1405556045623-nobody-devel-hello_world-0-62d7a2f9-1ade-47e2-a918-53e04bc6141c/runs/997640c4-d515-4ef8-8099-a272cb18e22b/sandbox D0717 00:14:10.556082 1453 sandbox.py:92] DirectorySandbox: chown nobody:nobody /tmp/mesos/slaves/20140710-025703-442534417-5050-21655-2872/frameworks/20140710-025703-442534417-5050-21655-509912/executors/thermos-1405556045623-nobody-devel-hello_world-0-62d7a2f9-1ade-47e2-a918-53e04bc6141c/runs/997640c4-d515-4ef8-8099-a272cb18e22b/sandbox F0717 00:14:10.557389 1453 aurora_executor.py:86] Failed to initialize sandbox: Failed to chown/chmod the sandbox: [Errno 1] Operation not permitted: '/tmp/mesos/slaves/20140710-025703-442534417-5050-21655-2872/frameworks/20140710-025703-442534417-5050-21655-509912/executors/thermos-1405556045623-nobody-devel-hello_world-0-62d7a2f9-1ade-47e2-a918-53e04bc6141c/runs/997640c4-d515-4ef8-8099-a272cb18e22b/sandbox' I0717 00:14:10.557595 1453 executor_base.py:46] Executor [20140710-025703-442534417-5050-21655-2872]: Updating 1405556045623-nobody-devel-hello_world-0-62d7a2f9-1ade-47e2-a918-53e04bc6141c => FAILED I0717 00:14:10.557719 1453 executor_base.py:46] Executor [20140710-025703-442534417-5050-21655-2872]: Reason: Failed to initialize sandbox: Failed to chown/chmod the sandbox: [Errno 1] Operation not permitted: '/tmp/mesos/slaves/20140710-025703-442534417-5050-21655-2872/frameworks/20140710-025703-442534417-5050-21655-509912/executors/thermos-1405556045623-nobody-devel-hello_world-0-62d7a2f9-1ade-47e2-a918-53e04bc6141c/runs/997640c4-d515-4ef8-8099-a272cb18e22b/sandbox' I0717 00:14:15.563591 1453 thermos_executor_main.py:77] MesosExecutorDriver.run() has finished. Maybe we can add a check to thermos to not to blindly change ownership if not running as a superuser. But I might not be able to contribute that anytime soon due to company policy. It does not touch Mesos authentication at all. - Bjoern ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/23471/#review47918 ----------------------------------------------------------- On July 15, 2014, 12:34 a.m., Bjoern Metzdorf wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/23471/ > ----------------------------------------------------------- > > (Updated July 15, 2014, 12:34 a.m.) > > > Review request for Aurora. > > > Bugs: AURORA-311 > https://issues.apache.org/jira/browse/AURORA-311 > > > Repository: aurora > > > Description > ------- > > Review board entry for https://issues.apache.org/jira/browse/AURORA-311 > > > Diffs > ----- > > src/main/java/org/apache/aurora/scheduler/DriverFactory.java db864a0 > > Diff: https://reviews.apache.org/r/23471/diff/ > > > Testing > ------- > > > Thanks, > > Bjoern Metzdorf > > --===============6289749069792025011==--