You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@mesos.apache.org by ji...@apache.org on 2016/10/07 23:23:51 UTC
mesos git commit: Updated the way we bring up loopback for a
container on a CNI network.
Repository: mesos
Updated Branches:
refs/heads/master e7a5e3db0 -> a3b968153
Updated the way we bring up loopback for a container on a CNI network.
Earlier we were setting up the `pre_exec_command` for the executor
with `ifconfig lo up`. This had a drawback that it assumes that PATH
set for the executor would have `ifconfig`. Unfortunately, it turns
out in most cases the executors PATH is a subset of the agents path
and hence there is a high probability that the executors shell will
not be able to find `ifconfig`.
Instead we bring up the loopback during the setup of network files in
the `NetworkCniIsolatorSetup` subcommand. The subcommand is run with
the agents PATH variable so chances that ifconfig is not present in
the path are much less.
Review: https://reviews.apache.org/r/52622/
Project: http://git-wip-us.apache.org/repos/asf/mesos/repo
Commit: http://git-wip-us.apache.org/repos/asf/mesos/commit/a3b96815
Tree: http://git-wip-us.apache.org/repos/asf/mesos/tree/a3b96815
Diff: http://git-wip-us.apache.org/repos/asf/mesos/diff/a3b96815
Branch: refs/heads/master
Commit: a3b968153cfb1bb54bf9ec888735786a2095d57f
Parents: e7a5e3d
Author: Avinash sridharan <av...@mesosphere.io>
Authored: Fri Oct 7 16:23:42 2016 -0700
Committer: Jie Yu <yu...@gmail.com>
Committed: Fri Oct 7 16:23:42 2016 -0700
----------------------------------------------------------------------
.../mesos/isolators/network/cni/cni.cpp | 22 ++++++++++++++------
1 file changed, 16 insertions(+), 6 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/mesos/blob/a3b96815/src/slave/containerizer/mesos/isolators/network/cni/cni.cpp
----------------------------------------------------------------------
diff --git a/src/slave/containerizer/mesos/isolators/network/cni/cni.cpp b/src/slave/containerizer/mesos/isolators/network/cni/cni.cpp
index d530a36..1b22b28 100644
--- a/src/slave/containerizer/mesos/isolators/network/cni/cni.cpp
+++ b/src/slave/containerizer/mesos/isolators/network/cni/cni.cpp
@@ -699,11 +699,6 @@ Future<Option<ContainerLaunchInfo>> NetworkCniIsolatorProcess::prepare(
launchInfo.set_namespaces(CLONE_NEWNS | CLONE_NEWUTS);
} else {
launchInfo.set_namespaces(CLONE_NEWNET | CLONE_NEWNS | CLONE_NEWUTS);
-
- // This is a top-level container joining a new network
- // namespace. Hence, set up `pre_exec_command` to bring up the
- // loopback interface.
- launchInfo.add_pre_exec_commands()->set_value("ifconfig lo up");
}
} else {
// This is a nested container. This shares the parent's network
@@ -1813,7 +1808,22 @@ int NetworkCniIsolatorSetup::execute()
return EXIT_FAILURE;
}
- LOG(INFO) << "Set hostname to '" << flags.hostname.get() << "'" << endl;
+ // Since, the hostname is set, this is a top-level container in a
+ // new network namespace. This implies that we have to bring up
+ // the loopback interface as well.
+ setns = ns::setns(flags.pid.get(), "net");
+ if (setns.isError()) {
+ cerr << "Failed to enter the network namespace of pid "
+ << flags.pid.get() << ": " << setns.error() << endl;
+ return EXIT_FAILURE;
+ }
+
+ if (os::system("ifconfig lo up") != 0) {
+ cerr << "Failed to bring up the loopback interface in the new "
+ << "network namespace of pid " << flags.pid.get()
+ << ": " << os::strerror(errno) << endl;
+ return EXIT_FAILURE;
+ }
}
return EXIT_SUCCESS;