You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@mesos.apache.org by ji...@apache.org on 2014/10/01 01:42:47 UTC
git commit: Synced container network configurations with host network
configurations.
Repository: mesos
Updated Branches:
refs/heads/master babb1c06e -> 93fb57f36
Synced container network configurations with host network
configurations.
Review: https://reviews.apache.org/r/26197
Project: http://git-wip-us.apache.org/repos/asf/mesos/repo
Commit: http://git-wip-us.apache.org/repos/asf/mesos/commit/93fb57f3
Tree: http://git-wip-us.apache.org/repos/asf/mesos/tree/93fb57f3
Diff: http://git-wip-us.apache.org/repos/asf/mesos/diff/93fb57f3
Branch: refs/heads/master
Commit: 93fb57f36931d8985d501fb21f710e755e2770f2
Parents: babb1c0
Author: Jie Yu <yu...@gmail.com>
Authored: Tue Sep 30 15:02:00 2014 -0700
Committer: Jie Yu <yu...@gmail.com>
Committed: Tue Sep 30 16:42:30 2014 -0700
----------------------------------------------------------------------
.../isolators/network/port_mapping.cpp | 52 ++++++++++++++++++++
.../isolators/network/port_mapping.hpp | 7 +++
2 files changed, 59 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/mesos/blob/93fb57f3/src/slave/containerizer/isolators/network/port_mapping.cpp
----------------------------------------------------------------------
diff --git a/src/slave/containerizer/isolators/network/port_mapping.cpp b/src/slave/containerizer/isolators/network/port_mapping.cpp
index 2766a00..8ddfb18 100644
--- a/src/slave/containerizer/isolators/network/port_mapping.cpp
+++ b/src/slave/containerizer/isolators/network/port_mapping.cpp
@@ -124,6 +124,7 @@ static net::IP LOOPBACK_IP = net::IP::fromDotDecimal("127.0.0.1/8").get();
static const Interval<uint16_t> WELL_KNOWN_PORTS =
(Bound<uint16_t>::closed(0), Bound<uint16_t>::open(1024));
+
/////////////////////////////////////////////////
// Helper functions for the isolator.
/////////////////////////////////////////////////
@@ -998,6 +999,47 @@ Try<Isolator*> PortMappingIsolatorProcess::create(const Flags& flags)
": " + write.error());
}
+ // Reading host network configurations. Each container will match
+ // these configurations.
+ hashset<string> procs;
+
+ // TODO(jieyu): The following is a partial list of all the
+ // configurations. In the future, we may want to expose these
+ // configurations using ContainerInfo.
+
+ // The kernel will use a default value for the following
+ // configurations inside a container. Therefore, we need to set them
+ // in the container to match that on the host.
+ procs.insert("/proc/sys/net/core/somaxconn");
+
+ // As of kernel 3.10, the following configurations are shared
+ // between host and containers, and therefore are not required to be
+ // set in containers. We keep them here just in case the kernel
+ // changes in the future.
+ procs.insert("/proc/sys/net/core/netdev_max_backlog");
+ procs.insert("/proc/sys/net/core/rmem_max");
+ procs.insert("/proc/sys/net/core/wmem_max");
+ procs.insert("/proc/sys/net/ipv4/tcp_keepalive_time");
+ procs.insert("/proc/sys/net/ipv4/tcp_keepalive_intvl");
+ procs.insert("/proc/sys/net/ipv4/tcp_keepalive_probes");
+ procs.insert("/proc/sys/net/ipv4/tcp_max_syn_backlog");
+ procs.insert("/proc/sys/net/ipv4/tcp_rmem");
+ procs.insert("/proc/sys/net/ipv4/tcp_retries2");
+ procs.insert("/proc/sys/net/ipv4/tcp_synack_retries");
+ procs.insert("/proc/sys/net/ipv4/tcp_wmem");
+ procs.insert("/proc/sys/net/ipv4/neigh/default/gc_thresh1");
+ procs.insert("/proc/sys/net/ipv4/neigh/default/gc_thresh2");
+ procs.insert("/proc/sys/net/ipv4/neigh/default/gc_thresh3");
+
+ hashmap<string, string> hostNetworkConfigurations;
+ foreach (const string& proc, procs) {
+ Try<string> value = os::read(proc);
+ if (value.isSome()) {
+ LOG(INFO) << proc << " = '" << strings::trim(value.get()) << "'";
+ hostNetworkConfigurations[proc] = strings::trim(value.get());
+ }
+ }
+
// Self bind mount BIND_MOUNT_ROOT. Since we use a new mount
// namespace for each container, for this mount point, we set
// '--make-rshared' on the host and set '--make-rslave' inside each
@@ -1079,6 +1121,7 @@ Try<Isolator*> PortMappingIsolatorProcess::create(const Flags& flags)
hostIP.get(),
hostEth0MTU.get(),
hostDefaultGateway.get(),
+ hostNetworkConfigurations,
egressRateLimitPerContainer,
nonEphemeralPorts,
ephemeralPortsAllocator)));
@@ -2412,6 +2455,15 @@ string PortMappingIsolatorProcess::scripts(Info* info)
script << "echo 1 > /proc/sys/net/ipv4/conf/" << lo << "/route_localnet\n";
}
+ // Configure container network to match host network configurations.
+ foreachpair (const string& proc,
+ const string& value,
+ hostNetworkConfigurations) {
+ script << "if [ -f \"" << proc << "\" ]; then\n";
+ script << " echo '" << value << "' > " << proc << "\n";
+ script << "fi\n";
+ }
+
// Set up filters on lo and eth0.
script << "tc qdisc add dev " << lo << " ingress\n";
script << "tc qdisc add dev " << eth0 << " ingress\n";
http://git-wip-us.apache.org/repos/asf/mesos/blob/93fb57f3/src/slave/containerizer/isolators/network/port_mapping.hpp
----------------------------------------------------------------------
diff --git a/src/slave/containerizer/isolators/network/port_mapping.hpp b/src/slave/containerizer/isolators/network/port_mapping.hpp
index b624c4d..2395ec2 100644
--- a/src/slave/containerizer/isolators/network/port_mapping.hpp
+++ b/src/slave/containerizer/isolators/network/port_mapping.hpp
@@ -225,6 +225,7 @@ private:
const net::IP& _hostIP,
const size_t _hostEth0MTU,
const net::IP& _hostDefaultGateway,
+ const hashmap<std::string, std::string>& _hostNetworkConfigurations,
const Option<Bytes>& _egressRateLimitPerContainer,
const IntervalSet<uint16_t>& _managedNonEphemeralPorts,
const process::Owned<EphemeralPortsAllocator>& _ephemeralPortsAllocator)
@@ -235,6 +236,7 @@ private:
hostIP(_hostIP),
hostEth0MTU(_hostEth0MTU),
hostDefaultGateway(_hostDefaultGateway),
+ hostNetworkConfigurations(_hostNetworkConfigurations),
egressRateLimitPerContainer(_egressRateLimitPerContainer),
managedNonEphemeralPorts(_managedNonEphemeralPorts),
ephemeralPortsAllocator(_ephemeralPortsAllocator) {}
@@ -269,6 +271,11 @@ private:
const size_t hostEth0MTU;
const net::IP hostDefaultGateway;
+ // Describe the host network configurations. It is a map between
+ // configure proc files (e.g., /proc/sys/net/core/somaxconn) and
+ // values of the configure proc files.
+ const hashmap<std::string, std::string> hostNetworkConfigurations;
+
// The optional throughput limit to containers' egress traffic.
const Option<Bytes> egressRateLimitPerContainer;