You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@mesos.apache.org by jp...@apache.org on 2018/05/25 21:12:52 UTC

[3/6] mesos git commit: Added a `linux/devices` isolator skeleton.

Added a `linux/devices` isolator skeleton.

Added the skeleton of a `linux/devices` isolator and wired it into
the build and the Mesos containerizer.

Review: https://reviews.apache.org/r/67096/


Project: http://git-wip-us.apache.org/repos/asf/mesos/repo
Commit: http://git-wip-us.apache.org/repos/asf/mesos/commit/377478d5
Tree: http://git-wip-us.apache.org/repos/asf/mesos/tree/377478d5
Diff: http://git-wip-us.apache.org/repos/asf/mesos/diff/377478d5

Branch: refs/heads/master
Commit: 377478d5967535a4f71abc6ae3351fabd422452b
Parents: 0e9a414
Author: James Peach <jp...@apache.org>
Authored: Fri May 25 13:38:00 2018 -0700
Committer: James Peach <jp...@apache.org>
Committed: Fri May 25 13:38:00 2018 -0700

----------------------------------------------------------------------
 src/CMakeLists.txt                              |  1 +
 src/Makefile.am                                 |  2 +
 src/slave/containerizer/mesos/containerizer.cpp |  2 +
 .../mesos/isolators/linux/devices.cpp           | 64 ++++++++++++++++++++
 .../mesos/isolators/linux/devices.hpp           | 50 +++++++++++++++
 5 files changed, 119 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/mesos/blob/377478d5/src/CMakeLists.txt
----------------------------------------------------------------------
diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt
index d488131..f86884d 100644
--- a/src/CMakeLists.txt
+++ b/src/CMakeLists.txt
@@ -302,6 +302,7 @@ set(LINUX_SRC
   slave/containerizer/mesos/isolators/gpu/nvml.cpp
   slave/containerizer/mesos/isolators/gpu/volume.cpp
   slave/containerizer/mesos/isolators/linux/capabilities.cpp
+  slave/containerizer/mesos/isolators/linux/devices.cpp
   slave/containerizer/mesos/isolators/namespaces/ipc.cpp
   slave/containerizer/mesos/isolators/namespaces/pid.cpp
   slave/containerizer/mesos/isolators/network/cni/cni.cpp

http://git-wip-us.apache.org/repos/asf/mesos/blob/377478d5/src/Makefile.am
----------------------------------------------------------------------
diff --git a/src/Makefile.am b/src/Makefile.am
index c08ac6e..da0d683 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -1335,6 +1335,7 @@ MESOS_LINUX_FILES =									\
   slave/containerizer/mesos/isolators/gpu/nvml.cpp					\
   slave/containerizer/mesos/isolators/gpu/volume.cpp					\
   slave/containerizer/mesos/isolators/linux/capabilities.cpp				\
+  slave/containerizer/mesos/isolators/linux/devices.cpp					\
   slave/containerizer/mesos/isolators/namespaces/ipc.cpp				\
   slave/containerizer/mesos/isolators/namespaces/pid.cpp				\
   slave/containerizer/mesos/isolators/network/cni/cni.cpp				\
@@ -1383,6 +1384,7 @@ MESOS_LINUX_FILES +=									\
   slave/containerizer/mesos/isolators/gpu/nvml.hpp					\
   slave/containerizer/mesos/isolators/gpu/volume.hpp					\
   slave/containerizer/mesos/isolators/linux/capabilities.hpp				\
+  slave/containerizer/mesos/isolators/linux/devices.hpp					\
   slave/containerizer/mesos/isolators/namespaces/ipc.hpp				\
   slave/containerizer/mesos/isolators/namespaces/pid.hpp				\
   slave/containerizer/mesos/isolators/network/cni/cni.hpp				\

http://git-wip-us.apache.org/repos/asf/mesos/blob/377478d5/src/slave/containerizer/mesos/containerizer.cpp
----------------------------------------------------------------------
diff --git a/src/slave/containerizer/mesos/containerizer.cpp b/src/slave/containerizer/mesos/containerizer.cpp
index 6620e94..93197b0 100644
--- a/src/slave/containerizer/mesos/containerizer.cpp
+++ b/src/slave/containerizer/mesos/containerizer.cpp
@@ -98,6 +98,7 @@
 #include "slave/containerizer/mesos/isolators/filesystem/shared.hpp"
 #include "slave/containerizer/mesos/isolators/gpu/nvidia.hpp"
 #include "slave/containerizer/mesos/isolators/linux/capabilities.hpp"
+#include "slave/containerizer/mesos/isolators/linux/devices.hpp"
 #include "slave/containerizer/mesos/isolators/namespaces/ipc.hpp"
 #include "slave/containerizer/mesos/isolators/namespaces/pid.hpp"
 #include "slave/containerizer/mesos/isolators/network/cni/cni.hpp"
@@ -396,6 +397,7 @@ Try<MesosContainerizer*> MesosContainerizer::create(
     {"appc/runtime", &AppcRuntimeIsolatorProcess::create},
     {"docker/runtime", &DockerRuntimeIsolatorProcess::create},
 
+    {"linux/devices", &LinuxDevicesIsolatorProcess::create},
     {"linux/capabilities", &LinuxCapabilitiesIsolatorProcess::create},
 
     {"namespaces/ipc", &NamespacesIPCIsolatorProcess::create},

http://git-wip-us.apache.org/repos/asf/mesos/blob/377478d5/src/slave/containerizer/mesos/isolators/linux/devices.cpp
----------------------------------------------------------------------
diff --git a/src/slave/containerizer/mesos/isolators/linux/devices.cpp b/src/slave/containerizer/mesos/isolators/linux/devices.cpp
new file mode 100644
index 0000000..35ed008
--- /dev/null
+++ b/src/slave/containerizer/mesos/isolators/linux/devices.cpp
@@ -0,0 +1,64 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+
+#include "slave/containerizer/mesos/isolators/linux/devices.hpp"
+
+using process::Failure;
+using process::Future;
+using process::Owned;
+
+using mesos::slave::ContainerConfig;
+using mesos::slave::ContainerLaunchInfo;
+using mesos::slave::Isolator;
+
+namespace mesos {
+namespace internal {
+namespace slave {
+
+Try<Isolator*> LinuxDevicesIsolatorProcess::create(const Flags& flags)
+{
+  if (geteuid() != 0) {
+    return Error("Linux devices isolator requires root permissions");
+  }
+
+  return new MesosIsolator(
+      Owned<MesosIsolatorProcess>(new LinuxDevicesIsolatorProcess(flags)));
+}
+
+
+bool LinuxDevicesIsolatorProcess::supportsNesting()
+{
+  return true;
+}
+
+
+bool LinuxDevicesIsolatorProcess::supportsStandalone()
+{
+  return true;
+}
+
+
+Future<Option<ContainerLaunchInfo>> LinuxDevicesIsolatorProcess::prepare(
+    const ContainerID& containerId,
+    const ContainerConfig& containerConfig)
+{
+    return None();
+}
+
+} // namespace slave {
+} // namespace internal {
+} // namespace mesos {

http://git-wip-us.apache.org/repos/asf/mesos/blob/377478d5/src/slave/containerizer/mesos/isolators/linux/devices.hpp
----------------------------------------------------------------------
diff --git a/src/slave/containerizer/mesos/isolators/linux/devices.hpp b/src/slave/containerizer/mesos/isolators/linux/devices.hpp
new file mode 100644
index 0000000..e731ef3
--- /dev/null
+++ b/src/slave/containerizer/mesos/isolators/linux/devices.hpp
@@ -0,0 +1,50 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#ifndef __LINUX_DEVICES_ISOLATOR_HPP__
+#define __LINUX_DEVICES_ISOLATOR_HPP__
+
+#include <stout/try.hpp>
+
+#include "slave/flags.hpp"
+
+#include "slave/containerizer/mesos/isolator.hpp"
+
+namespace mesos {
+namespace internal {
+namespace slave {
+
+class LinuxDevicesIsolatorProcess : public MesosIsolatorProcess
+{
+public:
+  static Try<mesos::slave::Isolator*> create(const Flags& flags);
+
+  virtual bool supportsNesting();
+  virtual bool supportsStandalone();
+
+  virtual process::Future<Option<mesos::slave::ContainerLaunchInfo>> prepare(
+      const ContainerID& containerId,
+      const mesos::slave::ContainerConfig& containerConfig);
+
+private:
+  LinuxDevicesIsolatorProcess(const Flags& _flags);
+};
+
+} // namespace slave {
+} // namespace internal {
+} // namespace mesos {
+
+#endif  // __LINUX_DEVICES_ISOLATOR_HPP__