You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@mesos.apache.org by ji...@apache.org on 2014/10/01 01:42:47 UTC

git commit: Synced container network configurations with host network configurations.

Repository: mesos
Updated Branches:
  refs/heads/master babb1c06e -> 93fb57f36


Synced container network configurations with host network
configurations.

Review: https://reviews.apache.org/r/26197


Project: http://git-wip-us.apache.org/repos/asf/mesos/repo
Commit: http://git-wip-us.apache.org/repos/asf/mesos/commit/93fb57f3
Tree: http://git-wip-us.apache.org/repos/asf/mesos/tree/93fb57f3
Diff: http://git-wip-us.apache.org/repos/asf/mesos/diff/93fb57f3

Branch: refs/heads/master
Commit: 93fb57f36931d8985d501fb21f710e755e2770f2
Parents: babb1c0
Author: Jie Yu <yu...@gmail.com>
Authored: Tue Sep 30 15:02:00 2014 -0700
Committer: Jie Yu <yu...@gmail.com>
Committed: Tue Sep 30 16:42:30 2014 -0700

----------------------------------------------------------------------
 .../isolators/network/port_mapping.cpp          | 52 ++++++++++++++++++++
 .../isolators/network/port_mapping.hpp          |  7 +++
 2 files changed, 59 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/mesos/blob/93fb57f3/src/slave/containerizer/isolators/network/port_mapping.cpp
----------------------------------------------------------------------
diff --git a/src/slave/containerizer/isolators/network/port_mapping.cpp b/src/slave/containerizer/isolators/network/port_mapping.cpp
index 2766a00..8ddfb18 100644
--- a/src/slave/containerizer/isolators/network/port_mapping.cpp
+++ b/src/slave/containerizer/isolators/network/port_mapping.cpp
@@ -124,6 +124,7 @@ static net::IP LOOPBACK_IP = net::IP::fromDotDecimal("127.0.0.1/8").get();
 static const Interval<uint16_t> WELL_KNOWN_PORTS =
   (Bound<uint16_t>::closed(0), Bound<uint16_t>::open(1024));
 
+
 /////////////////////////////////////////////////
 // Helper functions for the isolator.
 /////////////////////////////////////////////////
@@ -998,6 +999,47 @@ Try<Isolator*> PortMappingIsolatorProcess::create(const Flags& flags)
         ": " + write.error());
   }
 
+  // Reading host network configurations. Each container will match
+  // these configurations.
+  hashset<string> procs;
+
+  // TODO(jieyu): The following is a partial list of all the
+  // configurations. In the future, we may want to expose these
+  // configurations using ContainerInfo.
+
+  // The kernel will use a default value for the following
+  // configurations inside a container. Therefore, we need to set them
+  // in the container to match that on the host.
+  procs.insert("/proc/sys/net/core/somaxconn");
+
+  // As of kernel 3.10, the following configurations are shared
+  // between host and containers, and therefore are not required to be
+  // set in containers. We keep them here just in case the kernel
+  // changes in the future.
+  procs.insert("/proc/sys/net/core/netdev_max_backlog");
+  procs.insert("/proc/sys/net/core/rmem_max");
+  procs.insert("/proc/sys/net/core/wmem_max");
+  procs.insert("/proc/sys/net/ipv4/tcp_keepalive_time");
+  procs.insert("/proc/sys/net/ipv4/tcp_keepalive_intvl");
+  procs.insert("/proc/sys/net/ipv4/tcp_keepalive_probes");
+  procs.insert("/proc/sys/net/ipv4/tcp_max_syn_backlog");
+  procs.insert("/proc/sys/net/ipv4/tcp_rmem");
+  procs.insert("/proc/sys/net/ipv4/tcp_retries2");
+  procs.insert("/proc/sys/net/ipv4/tcp_synack_retries");
+  procs.insert("/proc/sys/net/ipv4/tcp_wmem");
+  procs.insert("/proc/sys/net/ipv4/neigh/default/gc_thresh1");
+  procs.insert("/proc/sys/net/ipv4/neigh/default/gc_thresh2");
+  procs.insert("/proc/sys/net/ipv4/neigh/default/gc_thresh3");
+
+  hashmap<string, string> hostNetworkConfigurations;
+  foreach (const string& proc, procs) {
+    Try<string> value = os::read(proc);
+    if (value.isSome()) {
+      LOG(INFO) << proc << " = '" << strings::trim(value.get()) << "'";
+      hostNetworkConfigurations[proc] = strings::trim(value.get());
+    }
+  }
+
   // Self bind mount BIND_MOUNT_ROOT. Since we use a new mount
   // namespace for each container, for this mount point, we set
   // '--make-rshared' on the host and set '--make-rslave' inside each
@@ -1079,6 +1121,7 @@ Try<Isolator*> PortMappingIsolatorProcess::create(const Flags& flags)
           hostIP.get(),
           hostEth0MTU.get(),
           hostDefaultGateway.get(),
+          hostNetworkConfigurations,
           egressRateLimitPerContainer,
           nonEphemeralPorts,
           ephemeralPortsAllocator)));
@@ -2412,6 +2455,15 @@ string PortMappingIsolatorProcess::scripts(Info* info)
     script << "echo 1 > /proc/sys/net/ipv4/conf/" << lo << "/route_localnet\n";
   }
 
+  // Configure container network to match host network configurations.
+  foreachpair (const string& proc,
+               const string& value,
+               hostNetworkConfigurations) {
+    script << "if [ -f \"" << proc << "\" ]; then\n";
+    script << " echo '" << value << "' > " << proc << "\n";
+    script << "fi\n";
+  }
+
   // Set up filters on lo and eth0.
   script << "tc qdisc add dev " << lo << " ingress\n";
   script << "tc qdisc add dev " << eth0 << " ingress\n";

http://git-wip-us.apache.org/repos/asf/mesos/blob/93fb57f3/src/slave/containerizer/isolators/network/port_mapping.hpp
----------------------------------------------------------------------
diff --git a/src/slave/containerizer/isolators/network/port_mapping.hpp b/src/slave/containerizer/isolators/network/port_mapping.hpp
index b624c4d..2395ec2 100644
--- a/src/slave/containerizer/isolators/network/port_mapping.hpp
+++ b/src/slave/containerizer/isolators/network/port_mapping.hpp
@@ -225,6 +225,7 @@ private:
       const net::IP& _hostIP,
       const size_t _hostEth0MTU,
       const net::IP& _hostDefaultGateway,
+      const hashmap<std::string, std::string>& _hostNetworkConfigurations,
       const Option<Bytes>& _egressRateLimitPerContainer,
       const IntervalSet<uint16_t>& _managedNonEphemeralPorts,
       const process::Owned<EphemeralPortsAllocator>& _ephemeralPortsAllocator)
@@ -235,6 +236,7 @@ private:
       hostIP(_hostIP),
       hostEth0MTU(_hostEth0MTU),
       hostDefaultGateway(_hostDefaultGateway),
+      hostNetworkConfigurations(_hostNetworkConfigurations),
       egressRateLimitPerContainer(_egressRateLimitPerContainer),
       managedNonEphemeralPorts(_managedNonEphemeralPorts),
       ephemeralPortsAllocator(_ephemeralPortsAllocator) {}
@@ -269,6 +271,11 @@ private:
   const size_t hostEth0MTU;
   const net::IP hostDefaultGateway;
 
+  // Describe the host network configurations. It is a map between
+  // configure proc files (e.g., /proc/sys/net/core/somaxconn) and
+  // values of the configure proc files.
+  const hashmap<std::string, std::string> hostNetworkConfigurations;
+
   // The optional throughput limit to containers' egress traffic.
   const Option<Bytes> egressRateLimitPerContainer;