aurora-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joshua Cohen <jco...@apache.org>
Subject Re: Review Request 46835: Add client and scheduler support for launching tasks using the Mesos unified containerizer
Date Mon, 02 May 2016 15:42:18 GMT


> On May 2, 2016, 2:54 p.m., John Sirois wrote:
> > src/main/python/apache/aurora/config/schema/base.py, line 172
> > <https://reviews.apache.org/r/46835/diff/1/?file=1366494#file1366494line172>
> >
> >     The MesosJob is trending more and more towards a c-style union, different parts
of the config are active depending on the setup and its not clear which except by reading
docs carefully.  I put some effort towards supporting nicer pystachio evolution in an experiment
documented in [this review feedback](https://reviews.apache.org/r/44745/) and there is a [new
release](https://github.com/wickman/pystachio/releases) not used by Aurora yet that supports
Choice fields.  It seems like work along these lines would be useful to stop the bleeding
in general.  I'm not sure if that should of work should be coupled to this review though.

Oh, I didn't realize that `Choice` support landed in pystachio, that's awesome! I think that
making it explicit that you can specify either a `Container` or an `Image` is, in general,
a good thing. That said, thinking it through further, the `Image` is not mutually exclusive
with the container. It's mutually exclusive with a docker container. What if instead of changing
job config such that you have to choose either a `Container` or an `Image`, I instead just
added a mesos property to the container struct and made `Image` a property there? That more
accurately reflects what's going on under the covers (i.e. when specifying an `Image` on the
job, what we're really doing is using the MesosContainerizer and telling it to load that image).


- Joshua


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/46835/#review131153
-----------------------------------------------------------


On April 29, 2016, 4:22 p.m., Joshua Cohen wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/46835/
> -----------------------------------------------------------
> 
> (Updated April 29, 2016, 4:22 p.m.)
> 
> 
> Review request for Aurora, John Sirois, Maxim Khutornenko, and Bill Farner.
> 
> 
> Bugs: AURORA-1636, AURORA-1637, AURORA-1638, and AURORA-1639
>     https://issues.apache.org/jira/browse/AURORA-1636
>     https://issues.apache.org/jira/browse/AURORA-1637
>     https://issues.apache.org/jira/browse/AURORA-1638
>     https://issues.apache.org/jira/browse/AURORA-1639
> 
> 
> Repository: aurora
> 
> 
> Description
> -------
> 
> A few notes:
> 
> 1. It's not possible to configure Mesos 0.27.x to launch docker tasks due to a bug in
parsing the docker_store_dir flag. Fixed here: https://reviews.apache.org/r/43451/ but has
not been backported to Mesos 0.27. This means we can only launch tasks that use AppC images
until we upgrade our Mesos dependency to 0.28.x. The good news is I've confirmed that launching
tasks with Docker images *does* work by using Aurora linked against 0.27.x but running Mesos
0.28.x in Vagrant.
> 1. In order to work around the setuid issues (i.e. task is launched as root, but the
executor cannot setuid because the role-user does not exist), I've mounted /etc/passwd and
/etc/group into the container and added a new flag, `thermos_run_as_job_role`, to the scheduler.
This flag is only used when launching a task with a filesystem image, and causes us to add
`--execute-as-user <role from job key>` to the thermos executor commandline.
> 1. The Mesos unified containerizer does not automatically create mount points in the
filesystem from the image. It expects the full path to the mount to exist in the image. For
/etc/passwd and /etc/groups this is not a problem, but for the announcer acls file it was.
I ended up moving the announcer acl file into its own directory and mount that instead. In
conjunction with this I also had to modify our http_example Dockerfile to explicitly create
that mount point. A case could be made for sticking with the current path and just creating
an empty file in the image, I felt that creating an empty directory was slightly less gross.
This is tracked by https://issues.apache.org/jira/browse/MESOS-5229.
> 1. The AppC image for end to end tests is created by running [docker2aci](https://github.com/appc/docker2aci)
on our http_example docker image. The base box needed to be upgraded to add this utility.
I haven't published the new base box yet even though I've updated the Vagrantfile to point
to version 6. Once this review has been approved and I'm sure there's no further changes that
need to be made I'll publish the base box before committing.
> 
> 
> Diffs
> -----
> 
>   RELEASE-NOTES.md 7a37d0d69f688bece624628fe5b98efc85d506a2 
>   Vagrantfile 3f126ee348d0f95d6f159b62280de79f41e87e2e 
>   build-support/packer/build.sh 76197c31c365aa3d8a67049da40b2976c1e25d22 
>   docs/reference/configuration.md 9fcfdfcd9ab793e888ca2bba2035d5122142a5ab 
>   docs/reference/scheduler-configuration.md d2262f79edfde23eccd87bae7f1cf319b63b1103

>   examples/vagrant/announcer-auth.json  
>   examples/vagrant/mesos_config/etc_mesos-slave/appc_store_dir PRE-CREATION 
>   examples/vagrant/mesos_config/etc_mesos-slave/image_providers PRE-CREATION 
>   examples/vagrant/mesos_config/etc_mesos-slave/image_provisioner_backend PRE-CREATION

>   examples/vagrant/mesos_config/etc_mesos-slave/isolation PRE-CREATION 
>   examples/vagrant/upstart/aurora-scheduler.conf 084016abc169ed82b7ed00f5d14aea2e0ff38a49

>   src/main/java/org/apache/aurora/scheduler/configuration/executor/ExecutorModule.java
32f2fa90b21189180e2bcd65a3cebf13f6551646 
>   src/main/java/org/apache/aurora/scheduler/configuration/executor/ExecutorSettings.java
501e6431f21822d9816952377546586da02ce42a 
>   src/main/java/org/apache/aurora/scheduler/mesos/MesosTaskFactory.java b325106c7f45b1ad1657221aaa39e3a428719ab0

>   src/main/java/org/apache/aurora/scheduler/mesos/TestExecutorSettings.java 9aadcebf547bd1eb4b4e238507e27ae2b699f473

>   src/main/python/apache/aurora/config/schema/base.py 00be8747d70dbf1cb370f09536588f8602d8fcce

>   src/main/python/apache/aurora/config/thrift.py 928ca9313b2c2062a322ba80b504a09c55e5377f

>   src/main/python/apache/aurora/executor/common/sandbox.py 36f1eabedc3ae47b23d9ab2ac0ab7a576ea36fd7

>   src/test/java/org/apache/aurora/scheduler/mesos/MesosTaskFactoryImplTest.java bf18d5d53f7eda62120299146a956fa0a0985f71

>   src/test/python/apache/aurora/config/test_thrift.py 7a076f0350ab2967abc6b8b7a2e5da0817926a56

>   src/test/python/apache/aurora/executor/common/test_sandbox.py bd402fc03c7790eab0198dd48414ad4de138e195

>   src/test/sh/org/apache/aurora/e2e/Dockerfile b2557b5a20cc369e31bd10ea92462bdb1879add7

>   src/test/sh/org/apache/aurora/e2e/http/http_example.aurora 2813b6c79e4d44007dde79a10e2c7c9e9c1cecd9

>   src/test/sh/org/apache/aurora/e2e/http/http_example_bad_healthcheck.aurora 0534c9e589d10c53b834850477f95ad15b50010e

>   src/test/sh/org/apache/aurora/e2e/http/http_example_updated.aurora b33e8f5cd95ce25ba0dc4c08da32783cecf1c44d

>   src/test/sh/org/apache/aurora/e2e/test_end_to_end.sh eee6b4c62130567ecd5c32603feae88fce1c13a8

> 
> Diff: https://reviews.apache.org/r/46835/diff/
> 
> 
> Testing
> -------
> 
> ./gradlew build -Pq
> e2e tests with new base box.
> 
> 
> Thanks,
> 
> Joshua Cohen
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message