You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@mesos.apache.org by bm...@apache.org on 2016/04/25 23:15:36 UTC

[20/24] mesos git commit: Ensured the bind mount root is a shared mount in its own peer group.

Ensured the bind mount root is a shared mount in its own peer group.

This is for the port mapping isolator.

Review: https://reviews.apache.org/r/45690


Project: http://git-wip-us.apache.org/repos/asf/mesos/repo
Commit: http://git-wip-us.apache.org/repos/asf/mesos/commit/5c4c70db
Tree: http://git-wip-us.apache.org/repos/asf/mesos/tree/5c4c70db
Diff: http://git-wip-us.apache.org/repos/asf/mesos/diff/5c4c70db

Branch: refs/heads/0.28.x
Commit: 5c4c70db8e459c5aa6902a6aeb35acdb3df1dcf9
Parents: 43668f1
Author: Jie Yu <yu...@gmail.com>
Authored: Mon Apr 4 09:58:27 2016 -0700
Committer: Jie Yu <yu...@gmail.com>
Committed: Tue Apr 5 15:18:11 2016 -0700

----------------------------------------------------------------------
 .../mesos/isolators/network/port_mapping.cpp    | 65 +++++++++++++++-----
 1 file changed, 51 insertions(+), 14 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/mesos/blob/5c4c70db/src/slave/containerizer/mesos/isolators/network/port_mapping.cpp
----------------------------------------------------------------------
diff --git a/src/slave/containerizer/mesos/isolators/network/port_mapping.cpp b/src/slave/containerizer/mesos/isolators/network/port_mapping.cpp
index 5557bb6..da1f8cd 100644
--- a/src/slave/containerizer/mesos/isolators/network/port_mapping.cpp
+++ b/src/slave/containerizer/mesos/isolators/network/port_mapping.cpp
@@ -1916,12 +1916,18 @@ Try<Isolator*> PortMappingIsolatorProcess::create(const Flags& flags)
   if (bindMountEntry.isNone()) {
     // NOTE: Instead of using fs::mount to perform the bind mount, we
     // use the shell command here because the syscall 'mount' does not
-    // update the mount table (i.e., /etc/mtab), which could cause
-    // issues for the shell command 'mount --make-rslave' inside the
-    // container. It's OK to use the blocking os::shell here because
+    // update the mount table (i.e., /etc/mtab). In other words, the
+    // mount will not be visible if the operator types command
+    // 'mount'. Since this mount will still be presented after all
+    // containers and the slave are stopped, it's better to make it
+    // visible. It's OK to use the blocking os::shell here because
     // 'create' will only be invoked during initialization.
     Try<string> mount = os::shell(
-        "mount --bind %s %s",
+        "mount --bind %s %s && "
+        "mount --make-slave %s && "
+        "mount --make-shared %s",
+        bindMountRoot->c_str(),
+        bindMountRoot->c_str(),
         bindMountRoot->c_str(),
         bindMountRoot->c_str());
 
@@ -1930,17 +1936,48 @@ Try<Isolator*> PortMappingIsolatorProcess::create(const Flags& flags)
           "Failed to self bind mount '" + bindMountRoot.get() +
           "' and make it a shared mount: " + mount.error());
     }
-  }
-
-  // Mark the mount point bindMountRoot as recursively shared.
-  Try<string> mountShared = os::shell(
-      "mount --make-rshared %s",
-      bindMountRoot->c_str());
+  } else {
+    if (bindMountEntry->shared().isNone()) {
+      // This is the case where the work directory mount is not a
+      // shared mount yet (possibly due to slave crash while preparing
+      // the work directory mount). It's safe to re-do the following.
+      Try<string> mount = os::shell(
+          "mount --make-slave %s && "
+          "mount --make-shared %s",
+          bindMountRoot->c_str(),
+          bindMountRoot->c_str());
+
+      if (mount.isError()) {
+        return Error(
+            "Failed to self bind mount '" + bindMountRoot.get() +
+            "' and make it a shared mount: " + mount.error());
+      }
+    } else {
+      // We need to make sure that the shared mount is in its own peer
+      // group. To check that, we need to get the parent mount.
+      foreach (const fs::MountInfoTable::Entry& entry, mountTable->entries) {
+        if (entry.id == bindMountEntry->parent) {
+          // If the bind mount root and its parent mount are in the
+          // same peer group, we need to re-do the following commands
+          // so that they are in different peer groups.
+          if (entry.shared() == bindMountEntry->shared()) {
+            Try<string> mount = os::shell(
+                "mount --make-slave %s && "
+                "mount --make-shared %s",
+                bindMountRoot->c_str(),
+                bindMountRoot->c_str());
+
+            if (mount.isError()) {
+              return Error(
+                  "Failed to self bind mount '" + bindMountRoot.get() +
+                  "' and make it a shared mount: " + mount.error());
+            }
+          }
 
-  if (mountShared.isError()) {
-    return Error(
-        "Failed to mark '" + bindMountRoot.get() +
-        "' as recursively shared: " + mountShared.error());
+          break;
+        }
+      }
+    }
   }
 
   // Create the network namespace handle symlink directory if it does