mesos-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jie Yu <yujie....@gmail.com>
Subject Re: Review Request 49273: Helper binary for executors to chroot tasks.
Date Tue, 05 Jul 2016 18:26:51 GMT


> On June 27, 2016, 11:41 p.m., Jie Yu wrote:
> > src/slave/containerizer/mesos-chroot.cpp, lines 107-110
> > <https://reviews.apache.org/r/49273/diff/1/?file=1431194#file1431194line107>
> >
> >     Hum, that reminds me that there's a bug in the current command executor impl.
Since pivot_root will mutate the mount table, it actually has side effects (that's the reason
there is a command called pivot_root, and you don't have to specify commands, unlike chroot
or su)! For command tasks, we need to make sure the health check program is also accessible
inside the chroot. We need to refactor that part to use a libprocess Process instead of a
new binary.
> >     
> >     Ideally, command executor will use the same utility to create user task. However,
to simply some of the tooling (e.g., mesos exec) for command tasks, we need to make sure executor
and the actual tasks are in the same mount namespace (otherwise, how does the CLI find the
namespace handle for the task). That makes me wonder that should we make 'unshare' optional
here (via a flag)?
> >     
> >     Also, since binary does more than just chroot. It also set uid/gids, chroot,
chdir. We need a better name for the subcommand? Ideally, if we can merge this impl. with
`src/slave/containerizer/mesos/launch.cpp`, that'll be awesome (as you can see, most of the
logics are the same).
> >     
> >     For now, if you feel there're too much work, we can just name it `LAUNCH_TASK`.
> 
> Ian Downes wrote:
>     Just to clarify, the requirement for the executor and the health check binary to
be in the same mount ns is only for the command executor?

Yes. For custom executors, it's up to the custom executor to decide how to do health checking.


- Jie


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/49273/#review139601
-----------------------------------------------------------


On June 27, 2016, 5:09 p.m., Ian Downes wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/49273/
> -----------------------------------------------------------
> 
> (Updated June 27, 2016, 5:09 p.m.)
> 
> 
> Review request for mesos, Joshua Cohen and Jie Yu.
> 
> 
> Repository: mesos
> 
> 
> Description
> -------
> 
> Uses the same code as the agent uses for chroot'ing on Linux, i.e., pivot_root and setting
up /dev etc. Intention is that executors (like Aurora's Thermos) can use it to chroot tasks.
> 
> Currently, the root path is specified as a flag and the remaining arguments are exec'ed.
Joshua has also requested that the root path could be specified as the first arg. @Jie, thoughts?
> 
> 
> Diffs
> -----
> 
>   src/Makefile.am 86c39fdf379ada470c9b1f86be263ef71dc47c41 
>   src/slave/containerizer/mesos-chroot.cpp PRE-CREATION 
> 
> Diff: https://reviews.apache.org/r/49273/diff/
> 
> 
> Testing
> -------
> 
> Manual.
> 
> 
> Thanks,
> 
> Ian Downes
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message