mesos-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From gilb...@apache.org
Subject [8/8] mesos git commit: Added a test `NamespacesIsolatorTest.ROOT_SharePidNamespace`.
Date Tue, 15 Aug 2017 04:31:19 GMT
Added a test `NamespacesIsolatorTest.ROOT_SharePidNamespace`.

Added a test `NamespacesIsolatorTest.ROOT_SharePidNamespace`.

Review: https://reviews.apache.org/r/61464/


Project: http://git-wip-us.apache.org/repos/asf/mesos/repo
Commit: http://git-wip-us.apache.org/repos/asf/mesos/commit/8ff09b2a
Tree: http://git-wip-us.apache.org/repos/asf/mesos/tree/8ff09b2a
Diff: http://git-wip-us.apache.org/repos/asf/mesos/diff/8ff09b2a

Branch: refs/heads/1.4.x
Commit: 8ff09b2ad0c36237d6d347fdb650f9b8054fac47
Parents: fc15de9
Author: Qian Zhang <zhq527725@gmail.com>
Authored: Sun Aug 13 19:51:59 2017 -0700
Committer: Gilbert Song <songzihao1990@gmail.com>
Committed: Mon Aug 14 21:30:45 2017 -0700

----------------------------------------------------------------------
 src/tests/containerizer/isolator_tests.cpp | 61 +++++++++++++++++++++++++
 1 file changed, 61 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/mesos/blob/8ff09b2a/src/tests/containerizer/isolator_tests.cpp
----------------------------------------------------------------------
diff --git a/src/tests/containerizer/isolator_tests.cpp b/src/tests/containerizer/isolator_tests.cpp
index a390038..f8860ae 100644
--- a/src/tests/containerizer/isolator_tests.cpp
+++ b/src/tests/containerizer/isolator_tests.cpp
@@ -30,6 +30,8 @@
 
 #include <mesos/mesos.hpp>
 
+#include <mesos/slave/containerizer.hpp>
+
 #ifdef __linux__
 #include "linux/ns.hpp"
 #endif
@@ -105,6 +107,7 @@ TEST_F(NamespacesIsolatorTest, ROOT_PidNamespace)
 {
   Try<Owned<MesosContainerizer>> containerizer =
     createContainerizer("filesystem/linux,namespaces/pid");
+
   ASSERT_SOME(containerizer);
 
   // Write the command's pid namespace inode and init name to files.
@@ -154,6 +157,63 @@ TEST_F(NamespacesIsolatorTest, ROOT_PidNamespace)
 }
 
 
+// This test verifies a top-level container can share pid namespace
+// with the agent when the field `share_pid_namespace` is set as
+// true in `ContainerInfo.linux_info`. Please note that the agent flag
+// `--disallow_sharing_agent_pid_namespace` is set to
+// false by default, that means top-level container is allowed to share
+// pid namespace with agent.
+TEST_F(NamespacesIsolatorTest, ROOT_SharePidNamespace)
+{
+  Try<Owned<MesosContainerizer>> containerizer =
+    createContainerizer("filesystem/linux,namespaces/pid");
+
+  ASSERT_SOME(containerizer);
+
+  // Write the command's pid namespace inode to file.
+  const string command = "stat -Lc %i /proc/self/ns/pid > ns";
+
+  mesos::slave::ContainerConfig containerConfig = createContainerConfig(
+      None(),
+      createExecutorInfo("executor", command),
+      directory);
+
+  ContainerInfo* container = containerConfig.mutable_container_info();
+  container->set_type(ContainerInfo::MESOS);
+  container->mutable_linux_info()->set_share_pid_namespace(true);
+
+  process::Future<bool> launch = containerizer.get()->launch(
+      containerId,
+      containerConfig,
+      std::map<string, string>(),
+      None());
+
+  AWAIT_READY(launch);
+  ASSERT_TRUE(launch.get());
+
+  // Wait on the container.
+  Future<Option<ContainerTermination>> wait =
+    containerizer.get()->wait(containerId);
+
+  AWAIT_READY(wait);
+  ASSERT_SOME(wait.get());
+
+  // Check the executor exited correctly.
+  EXPECT_TRUE(wait->get().has_status());
+  EXPECT_EQ(0, wait->get().status());
+
+  // Check that the command was run in the same pid namespace.
+  Try<ino_t> testPidNamespace = ns::getns(::getpid(), "pid");
+  ASSERT_SOME(testPidNamespace);
+
+  Try<string> containerPidNamespace = os::read(path::join(directory, "ns"));
+  ASSERT_SOME(containerPidNamespace);
+
+  EXPECT_EQ(stringify(testPidNamespace.get()),
+            strings::trim(containerPidNamespace.get()));
+}
+
+
 // The IPC namespace has its own copy of the svipc(7) tunables. We verify
 // that we are correctly entering the IPC namespace by verifying that we
 // can set shmmax some different value than that of the host namespace.
@@ -161,6 +221,7 @@ TEST_F(NamespacesIsolatorTest, ROOT_IPCNamespace)
 {
   Try<Owned<MesosContainerizer>> containerizer =
     createContainerizer("namespaces/ipc");
+
   ASSERT_SOME(containerizer);
 
   // Value we will set the child namespace shmmax to.


Mime
View raw message