aurora-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jay Buffington">
Subject Re: Review Request 28920: Add support for docker containers to aurora
Date Wed, 17 Dec 2014 03:01:38 GMT

This is an automatically generated e-mail. To reply, visit:

Sorry for the multiple reviews.  There is a lot here.  Maybe we should be having these architecture
discussions in Jira?

I propose you remove the wrapper script all together.  To do that we need alternative ways
to implement the features enabled by --execute-as-container and --dockerize flags.

My read of --dockerize is that it was introduced as a solution to the problem I described
 I believe the long term fix to this problem is to run an observer per executor.  See "AURORA-708:
allow thermos observer to be launched from within aurora executor"

Until then, I propose you replace all that dockerize and host_sandbox and host_log_dir stuff
with a change to the  `_initialize_ckpt_header` function of  `/thermos/core/` to
set RunnerHeader's sandbox value to `os.environ.get('MESOS_DIRECTORY') || self._sandbox`

The --execute-as-container flag I *think* is used to tell the runner not to do a setuid. 
How is that different than starting the runner with --setuid=root (which already exists)?
  Also, I say we always run the task as nobody inside the container.  The executor can check
if we're inside a docker container (test for the existance of /.dockerinit file) and call
runner with --setuid=nobody.

An alternative to having a wrapper script is to allow the administrator to start the scheduler
with a -docker_executor_launch_command flag where they inline a bash wrapper script.  This
is a little gnarly to manage because you end up with shell quoting frustrations.


    This is an optional arg with no default, and you throw an NPE in ExecutorSettings if it
isn't set.

- Jay Buffington

On Dec. 16, 2014, 9:19 p.m., Steve Niemitz wrote:
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> -----------------------------------------------------------
> (Updated Dec. 16, 2014, 9:19 p.m.)
> Review request for Aurora, Jay Buffington, Kevin Sweeney, and Bill Farner.
> Bugs: AURORA-633
> Repository: aurora
> Description
> -------
> This change adds support for launching docker containers through aurora.  These changes
are based off of the discussion in
> As of now, a special script is needed to launch the executor inside
docker containers.  A sample script is in examples/jobs/docker, as well as an example aurora
> In addition, mesos-slave must be run with `--containerizers=docker,mesos`, the example
upstart config in examples/vagrant/upstart has been updated to reflect this.
> The thermos root path defaults to /var/run/thermos, however if a different path is used,
it must be passed to the scheduler via `--thermos_observer_root=<some path>`
> Diffs
> -----
>   Vagrantfile f8b7db8eebdc6a10989de3bc9a2c3e89ce17f5fc 
>   api/src/main/thrift/org/apache/aurora/gen/api.thrift 5665c69cd7b49c3fd7345074c9f16a3b224496ab

>   api/src/main/thrift/org/apache/thermos/thermos_internal.thrift 2c449a491bc5a8ac858ea6487e4cef0591f36f66

>   examples/jobs/docker/Dockerfile PRE-CREATION 
>   examples/jobs/docker/hello_docker.aurora PRE-CREATION 
>   examples/jobs/docker/ PRE-CREATION 
>   examples/jobs/docker/ PRE-CREATION 
>   examples/vagrant/ 69983d0140b76c6869cd04e55d760f3e3a1e4262 
>   examples/vagrant/upstart/mesos-slave.conf 512ce7ecf34042ed68dda55efb2dd0415f8469db

>   src/main/java/org/apache/aurora/scheduler/app/ 72c7545e7f16549f6a9ccb5fb74a06f154a7ea94

>   src/main/java/org/apache/aurora/scheduler/async/ 5226e3d1b303b1773a057078f2911c5ec2aa97f5

>   src/main/java/org/apache/aurora/scheduler/async/ ead9d28100673440168a32d114ecaa15874978a6

>   src/main/java/org/apache/aurora/scheduler/base/ d885b224ec5a1d529347d84e03ba98ab6734a126

>   src/main/java/org/apache/aurora/scheduler/mesos/ 5bf283062c9d119ff91ed45da8b236e36d0fc9aa

>   src/main/python/apache/aurora/config/ ba94ac3c0cbaf3c91eb1a1d86a244ed6fa3b649c

>   src/main/python/apache/aurora/executor/ 636b23d30a897b557eb8c3f8733c90b23cb807ef

>   src/main/python/apache/aurora/executor/bin/ 9df9b4b79c0c7d29c5088409bf15c0d32a621df0

>   src/main/python/apache/aurora/executor/common/ f47a32b3fefb4a89940b1ddc473b8316ac00df12

>   src/main/python/apache/aurora/executor/ 5e4bd65537d186459003c0b9434f1b769e04f448

>   src/main/python/apache/thermos/bin/ 647de2771f301b17de33d8b45198c211d2e84367

>   src/main/python/apache/thermos/config/ f9143cc1b83143d6147f59d90c79435d055d0518

>   src/main/python/apache/thermos/core/ 8aac6b50c66080abbb5308b367e9f74c487f42e3

>   src/main/python/apache/thermos/observer/ cd528dcca3f5a330359cf38005f3a1a0329a4886

>   src/test/java/org/apache/aurora/scheduler/app/ 5e54364a49a208bd5f19b9649633dc8feca591e9

>   src/test/java/org/apache/aurora/scheduler/base/ 876e173ccbac04e4a06a245648c7c6af15eaaa92

>   src/test/java/org/apache/aurora/scheduler/mesos/ ddcb511d108220ab5e4efcf3496458f7ab4a20c2

>   src/test/python/apache/aurora/executor/ 503e62f4cac872b14f6985b5bccc3e4dfcf81789

> Diff:
> Testing
> -------
> Thanks,
> Steve Niemitz

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message