You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@mesos.apache.org by ji...@apache.org on 2015/06/23 21:59:44 UTC
[1/2] mesos git commit: Updated LinuxLauncher to receive list of
namespaces.
Repository: mesos
Updated Branches:
refs/heads/master 06af7a322 -> 1a82a3fb2
Updated LinuxLauncher to receive list of namespaces.
MesosContainerizer looks up the list of required namespaces by calling
Isolator::namespaces() for all enabled isolators and passes on this
value to LinuxLauncher.
Review: https://reviews.apache.org/r/35586
Project: http://git-wip-us.apache.org/repos/asf/mesos/repo
Commit: http://git-wip-us.apache.org/repos/asf/mesos/commit/1a82a3fb
Tree: http://git-wip-us.apache.org/repos/asf/mesos/tree/1a82a3fb
Diff: http://git-wip-us.apache.org/repos/asf/mesos/diff/1a82a3fb
Branch: refs/heads/master
Commit: 1a82a3fb2bc717c468218384190a115b770f88c3
Parents: 2143ae0
Author: Kapil Arya <ka...@mesosphere.io>
Authored: Tue Jun 23 12:33:41 2015 -0700
Committer: Jie Yu <yu...@gmail.com>
Committed: Tue Jun 23 12:59:33 2015 -0700
----------------------------------------------------------------------
src/slave/containerizer/linux_launcher.cpp | 36 ++++----------------
src/slave/containerizer/linux_launcher.hpp | 4 ++-
src/slave/containerizer/mesos/containerizer.cpp | 14 +++++---
src/tests/isolator_tests.cpp | 15 +++++---
src/tests/port_mapping_tests.cpp | 33 ++++++++++++------
5 files changed, 51 insertions(+), 51 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/mesos/blob/1a82a3fb/src/slave/containerizer/linux_launcher.cpp
----------------------------------------------------------------------
diff --git a/src/slave/containerizer/linux_launcher.cpp b/src/slave/containerizer/linux_launcher.cpp
index 8eae258..7b24db8 100644
--- a/src/slave/containerizer/linux_launcher.cpp
+++ b/src/slave/containerizer/linux_launcher.cpp
@@ -75,13 +75,9 @@ LinuxLauncher::LinuxLauncher(
hierarchy(_hierarchy) {}
-// An old glibc might not have this symbol.
-#ifndef CLONE_NEWNET
-#define CLONE_NEWNET 0x40000000
-#endif
-
-
-Try<Launcher*> LinuxLauncher::create(const Flags& flags)
+Try<Launcher*> LinuxLauncher::create(
+ const Flags& flags,
+ const Option<int>& namespaces)
{
Try<string> hierarchy = cgroups::prepare(
flags.cgroups_hierarchy,
@@ -107,28 +103,10 @@ Try<Launcher*> LinuxLauncher::create(const Flags& flags)
LOG(INFO) << "Using " << hierarchy.get()
<< " as the freezer hierarchy for the Linux launcher";
- int namespaces = 0;
-
-#ifdef WITH_NETWORK_ISOLATOR
- // The network port mapping isolator requires network namespaces
- // (CLONE_NEWNET).
- if (strings::contains(flags.isolation, "network/port_mapping")) {
- namespaces |= CLONE_NEWNET;
- }
-#endif
-
- if (strings::contains(flags.isolation, "filesystem/shared")) {
- namespaces |= CLONE_NEWNS;
- }
-
- // The pid namespace isolator requires pid and mount namespaces (CLONE_NEWPID
- // and CLONE_NEWNS).
- if (strings::contains(flags.isolation, "namespaces/pid")) {
- namespaces |= CLONE_NEWPID;
- namespaces |= CLONE_NEWNS;
- }
-
- return new LinuxLauncher(flags, namespaces, hierarchy.get());
+ return new LinuxLauncher(
+ flags,
+ namespaces.isSome() ? namespaces.get() : 0,
+ hierarchy.get());
}
http://git-wip-us.apache.org/repos/asf/mesos/blob/1a82a3fb/src/slave/containerizer/linux_launcher.hpp
----------------------------------------------------------------------
diff --git a/src/slave/containerizer/linux_launcher.hpp b/src/slave/containerizer/linux_launcher.hpp
index ec08e24..28a7d35 100644
--- a/src/slave/containerizer/linux_launcher.hpp
+++ b/src/slave/containerizer/linux_launcher.hpp
@@ -30,7 +30,9 @@ namespace slave {
class LinuxLauncher : public Launcher
{
public:
- static Try<Launcher*> create(const Flags& flags);
+ static Try<Launcher*> create(
+ const Flags& flags,
+ const Option<int>& namespaces);
virtual ~LinuxLauncher() {}
http://git-wip-us.apache.org/repos/asf/mesos/blob/1a82a3fb/src/slave/containerizer/mesos/containerizer.cpp
----------------------------------------------------------------------
diff --git a/src/slave/containerizer/mesos/containerizer.cpp b/src/slave/containerizer/mesos/containerizer.cpp
index 8dd2cb6..7e3d4ba 100644
--- a/src/slave/containerizer/mesos/containerizer.cpp
+++ b/src/slave/containerizer/mesos/containerizer.cpp
@@ -158,13 +158,17 @@ Try<MesosContainerizer*> MesosContainerizer::create(
}
#ifdef __linux__
+ int namespaces = 0;
+ foreach (const Owned<Isolator>& isolator, isolators) {
+ if (isolator->namespaces().get().isSome()) {
+ namespaces |= isolator->namespaces().get().get();
+ }
+ }
+
// Determine which launcher to use based on the isolation flag.
Try<Launcher*> launcher =
- (strings::contains(isolation, "cgroups") ||
- strings::contains(isolation, "network/port_mapping") ||
- strings::contains(isolation, "filesystem/shared") ||
- strings::contains(isolation, "namespaces"))
- ? LinuxLauncher::create(flags_)
+ (strings::contains(isolation, "cgroups") || namespaces != 0)
+ ? LinuxLauncher::create(flags_, namespaces)
: PosixLauncher::create(flags_);
#else
Try<Launcher*> launcher = PosixLauncher::create(flags_);
http://git-wip-us.apache.org/repos/asf/mesos/blob/1a82a3fb/src/tests/isolator_tests.cpp
----------------------------------------------------------------------
diff --git a/src/tests/isolator_tests.cpp b/src/tests/isolator_tests.cpp
index c635a4d..525a5a8 100644
--- a/src/tests/isolator_tests.cpp
+++ b/src/tests/isolator_tests.cpp
@@ -446,7 +446,8 @@ TEST_F(LimitedCpuIsolatorTest, ROOT_CGROUPS_Cfs)
Try<Isolator*> isolator = CgroupsCpushareIsolatorProcess::create(flags);
CHECK_SOME(isolator);
- Try<Launcher*> launcher = LinuxLauncher::create(flags);
+ Try<Launcher*> launcher =
+ LinuxLauncher::create(flags, isolator.get()->namespaces().get());
CHECK_SOME(launcher);
// Set the executor's resources to 0.5 cpu.
@@ -557,7 +558,8 @@ TEST_F(LimitedCpuIsolatorTest, ROOT_CGROUPS_Cfs_Big_Quota)
Try<Isolator*> isolator = CgroupsCpushareIsolatorProcess::create(flags);
CHECK_SOME(isolator);
- Try<Launcher*> launcher = LinuxLauncher::create(flags);
+ Try<Launcher*> launcher =
+ LinuxLauncher::create(flags, isolator.get()->namespaces().get());
CHECK_SOME(launcher);
// Set the executor's resources to 100.5 cpu.
@@ -641,7 +643,8 @@ TEST_F(LimitedCpuIsolatorTest, ROOT_CGROUPS_Pids_and_Tids)
Try<Isolator*> isolator = CgroupsCpushareIsolatorProcess::create(flags);
CHECK_SOME(isolator);
- Try<Launcher*> launcher = LinuxLauncher::create(flags);
+ Try<Launcher*> launcher =
+ LinuxLauncher::create(flags, isolator.get()->namespaces().get());
CHECK_SOME(launcher);
ExecutorInfo executorInfo;
@@ -913,7 +916,8 @@ TEST_F(SharedFilesystemIsolatorTest, ROOT_RelativeVolume)
Try<Isolator*> isolator = SharedFilesystemIsolatorProcess::create(flags);
CHECK_SOME(isolator);
- Try<Launcher*> launcher = LinuxLauncher::create(flags);
+ Try<Launcher*> launcher =
+ LinuxLauncher::create(flags, isolator.get()->namespaces().get());
CHECK_SOME(launcher);
// Use /var/tmp so we don't mask the work directory (under /tmp).
@@ -1013,7 +1017,8 @@ TEST_F(SharedFilesystemIsolatorTest, ROOT_AbsoluteVolume)
Try<Isolator*> isolator = SharedFilesystemIsolatorProcess::create(flags);
CHECK_SOME(isolator);
- Try<Launcher*> launcher = LinuxLauncher::create(flags);
+ Try<Launcher*> launcher =
+ LinuxLauncher::create(flags, isolator.get()->namespaces().get());
CHECK_SOME(launcher);
// We'll mount the absolute test work directory as /var/tmp in the
http://git-wip-us.apache.org/repos/asf/mesos/blob/1a82a3fb/src/tests/port_mapping_tests.cpp
----------------------------------------------------------------------
diff --git a/src/tests/port_mapping_tests.cpp b/src/tests/port_mapping_tests.cpp
index 9923aa6..ac49cdf 100644
--- a/src/tests/port_mapping_tests.cpp
+++ b/src/tests/port_mapping_tests.cpp
@@ -434,7 +434,8 @@ TEST_F(PortMappingIsolatorTest, ROOT_ContainerToContainerTCP)
Try<Isolator*> isolator = PortMappingIsolatorProcess::create(flags);
CHECK_SOME(isolator);
- Try<Launcher*> launcher = LinuxLauncher::create(flags);
+ Try<Launcher*> launcher =
+ LinuxLauncher::create(flags, isolator.get()->namespaces().get());
CHECK_SOME(launcher);
// Set the executor's resources.
@@ -593,7 +594,8 @@ TEST_F(PortMappingIsolatorTest, ROOT_ContainerToContainerUDP)
Try<Isolator*> isolator = PortMappingIsolatorProcess::create(flags);
CHECK_SOME(isolator);
- Try<Launcher*> launcher = LinuxLauncher::create(flags);
+ Try<Launcher*> launcher =
+ LinuxLauncher::create(flags, isolator.get()->namespaces().get());
CHECK_SOME(launcher);
// Set the executor's resources.
@@ -754,7 +756,8 @@ TEST_F(PortMappingIsolatorTest, ROOT_HostToContainerUDP)
Try<Isolator*> isolator = PortMappingIsolatorProcess::create(flags);
CHECK_SOME(isolator);
- Try<Launcher*> launcher = LinuxLauncher::create(flags);
+ Try<Launcher*> launcher =
+ LinuxLauncher::create(flags, isolator.get()->namespaces().get());
CHECK_SOME(launcher);
// Set the executor's resources.
@@ -870,7 +873,8 @@ TEST_F(PortMappingIsolatorTest, ROOT_HostToContainerTCP)
Try<Isolator*> isolator = PortMappingIsolatorProcess::create(flags);
CHECK_SOME(isolator);
- Try<Launcher*> launcher = LinuxLauncher::create(flags);
+ Try<Launcher*> launcher =
+ LinuxLauncher::create(flags, isolator.get()->namespaces().get());
CHECK_SOME(launcher);
// Set the executor's resources.
@@ -994,7 +998,8 @@ TEST_F(PortMappingIsolatorTest, ROOT_ContainerICMPExternal)
Try<Isolator*> isolator = PortMappingIsolatorProcess::create(flags);
CHECK_SOME(isolator);
- Try<Launcher*> launcher = LinuxLauncher::create(flags);
+ Try<Launcher*> launcher =
+ LinuxLauncher::create(flags, isolator.get()->namespaces().get());
CHECK_SOME(launcher);
// Set the executor's resources.
@@ -1079,7 +1084,8 @@ TEST_F(PortMappingIsolatorTest, ROOT_ContainerICMPInternal)
Try<Isolator*> isolator = PortMappingIsolatorProcess::create(flags);
CHECK_SOME(isolator);
- Try<Launcher*> launcher = LinuxLauncher::create(flags);
+ Try<Launcher*> launcher =
+ LinuxLauncher::create(flags, isolator.get()->namespaces().get());
CHECK_SOME(launcher);
// Set the executor's resources.
@@ -1167,7 +1173,8 @@ TEST_F(PortMappingIsolatorTest, ROOT_ContainerARPExternal)
Try<Isolator*> isolator = PortMappingIsolatorProcess::create(flags);
CHECK_SOME(isolator);
- Try<Launcher*> launcher = LinuxLauncher::create(flags);
+ Try<Launcher*> launcher =
+ LinuxLauncher::create(flags, isolator.get()->namespaces().get());
CHECK_SOME(launcher);
// Set the executor's resources.
@@ -1261,7 +1268,8 @@ TEST_F(PortMappingIsolatorTest, ROOT_DNS)
Try<Isolator*> isolator = PortMappingIsolatorProcess::create(flags);
CHECK_SOME(isolator);
- Try<Launcher*> launcher = LinuxLauncher::create(flags);
+ Try<Launcher*> launcher =
+ LinuxLauncher::create(flags, isolator.get()->namespaces().get());
CHECK_SOME(launcher);
// Set the executor's resources.
@@ -1351,7 +1359,8 @@ TEST_F(PortMappingIsolatorTest, ROOT_TooManyContainers)
Try<Isolator*> isolator = PortMappingIsolatorProcess::create(flags);
CHECK_SOME(isolator);
- Try<Launcher*> launcher = LinuxLauncher::create(flags);
+ Try<Launcher*> launcher =
+ LinuxLauncher::create(flags, isolator.get()->namespaces().get());
CHECK_SOME(launcher);
// Set the executor's resources.
@@ -1459,7 +1468,8 @@ TEST_F(PortMappingIsolatorTest, ROOT_SmallEgressLimit)
Try<Isolator*> isolator = PortMappingIsolatorProcess::create(flags);
CHECK_SOME(isolator);
- Try<Launcher*> launcher = LinuxLauncher::create(flags);
+ Try<Launcher*> launcher =
+ LinuxLauncher::create(flags, isolator.get()->namespaces().get());
CHECK_SOME(launcher);
// Open an nc server on the host side. Note that 'invalidPort' is in
@@ -1610,7 +1620,8 @@ TEST_F(PortMappingIsolatorTest, ROOT_PortMappingStatistics)
Try<Isolator*> isolator = PortMappingIsolatorProcess::create(flags);
CHECK_SOME(isolator);
- Try<Launcher*> launcher = LinuxLauncher::create(flags);
+ Try<Launcher*> launcher =
+ LinuxLauncher::create(flags, isolator.get()->namespaces().get());
CHECK_SOME(launcher);
// Open an nc server on the host side. Note that 'invalidPort' is
[2/2] mesos git commit: Updated Isolator to return required
namespaces.
Posted by ji...@apache.org.
Updated Isolator to return required namespaces.
This would enable the MesosContainerizer to pass on a list of namespaces
to LinuxLauncher instead of having LinuxLauncher guess it from the
isolation flags.
Review: https://reviews.apache.org/r/35585
Project: http://git-wip-us.apache.org/repos/asf/mesos/repo
Commit: http://git-wip-us.apache.org/repos/asf/mesos/commit/2143ae03
Tree: http://git-wip-us.apache.org/repos/asf/mesos/tree/2143ae03
Diff: http://git-wip-us.apache.org/repos/asf/mesos/diff/2143ae03
Branch: refs/heads/master
Commit: 2143ae0315990ed663bf5810a801adeacff3a986
Parents: 06af7a3
Author: Kapil Arya <ka...@mesosphere.io>
Authored: Tue Jun 23 12:32:32 2015 -0700
Committer: Jie Yu <yu...@gmail.com>
Committed: Tue Jun 23 12:59:33 2015 -0700
----------------------------------------------------------------------
include/mesos/slave/isolator.hpp | 12 ++++++++++++
src/slave/containerizer/isolator.cpp | 6 ++++++
src/slave/containerizer/isolators/filesystem/shared.cpp | 8 ++++++++
src/slave/containerizer/isolators/filesystem/shared.hpp | 2 ++
src/slave/containerizer/isolators/namespaces/pid.cpp | 6 ++++++
src/slave/containerizer/isolators/namespaces/pid.hpp | 2 ++
.../containerizer/isolators/network/port_mapping.cpp | 6 ++++++
.../containerizer/isolators/network/port_mapping.hpp | 2 ++
8 files changed, 44 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/mesos/blob/2143ae03/include/mesos/slave/isolator.hpp
----------------------------------------------------------------------
diff --git a/include/mesos/slave/isolator.hpp b/include/mesos/slave/isolator.hpp
index 18edc03..ef2205d 100644
--- a/include/mesos/slave/isolator.hpp
+++ b/include/mesos/slave/isolator.hpp
@@ -30,6 +30,7 @@
#include <process/process.hpp>
#include <stout/hashset.hpp>
+#include <stout/option.hpp>
#include <stout/try.hpp>
namespace mesos {
@@ -81,6 +82,15 @@ public:
explicit Isolator(process::Owned<IsolatorProcess> process);
~Isolator();
+ // Returns the namespaces required by the isolator. The namespaces
+ // are created while launching the executor. Isolators may return
+ // a None() to indicate that they don't require any namespaces
+ // (e.g., Isolators for OS X).
+ // TODO(karya): Since namespaces are Linux-only, create a separate
+ // LinuxIsolator (and corresponding LinuxIsolatorProcess) class
+ // for Linux-specific isolators.
+ process::Future<Option<int>> namespaces();
+
// Recover containers from the run states and the orphan containers
// (known to the launcher but not known to the slave) detected by
// the launcher.
@@ -137,6 +147,8 @@ class IsolatorProcess : public process::Process<IsolatorProcess>
public:
virtual ~IsolatorProcess() {}
+ virtual process::Future<Option<int>> namespaces() { return None(); }
+
virtual process::Future<Nothing> recover(
const std::list<ExecutorRunState>& state,
const hashset<ContainerID>& orphans) = 0;
http://git-wip-us.apache.org/repos/asf/mesos/blob/2143ae03/src/slave/containerizer/isolator.cpp
----------------------------------------------------------------------
diff --git a/src/slave/containerizer/isolator.cpp b/src/slave/containerizer/isolator.cpp
index d51ecc9..278824c 100644
--- a/src/slave/containerizer/isolator.cpp
+++ b/src/slave/containerizer/isolator.cpp
@@ -42,6 +42,12 @@ Isolator::~Isolator()
}
+Future<Option<int>> Isolator::namespaces()
+{
+ return dispatch(process.get(), &IsolatorProcess::namespaces);
+}
+
+
Future<Nothing> Isolator::recover(
const list<ExecutorRunState>& state,
const hashset<ContainerID>& orphans)
http://git-wip-us.apache.org/repos/asf/mesos/blob/2143ae03/src/slave/containerizer/isolators/filesystem/shared.cpp
----------------------------------------------------------------------
diff --git a/src/slave/containerizer/isolators/filesystem/shared.cpp b/src/slave/containerizer/isolators/filesystem/shared.cpp
index 5049306..24f3074 100644
--- a/src/slave/containerizer/isolators/filesystem/shared.cpp
+++ b/src/slave/containerizer/isolators/filesystem/shared.cpp
@@ -18,6 +18,8 @@
#include <set>
+#include "linux/ns.hpp"
+
#include "slave/containerizer/isolators/filesystem/shared.hpp"
using namespace process;
@@ -62,6 +64,12 @@ Try<Isolator*> SharedFilesystemIsolatorProcess::create(const Flags& flags)
}
+process::Future<Option<int>> SharedFilesystemIsolatorProcess::namespaces()
+{
+ return CLONE_NEWNS;
+}
+
+
Future<Nothing> SharedFilesystemIsolatorProcess::recover(
const list<ExecutorRunState>& states,
const hashset<ContainerID>& orphans)
http://git-wip-us.apache.org/repos/asf/mesos/blob/2143ae03/src/slave/containerizer/isolators/filesystem/shared.hpp
----------------------------------------------------------------------
diff --git a/src/slave/containerizer/isolators/filesystem/shared.hpp b/src/slave/containerizer/isolators/filesystem/shared.hpp
index 08c6ffe..4d7d9a9 100644
--- a/src/slave/containerizer/isolators/filesystem/shared.hpp
+++ b/src/slave/containerizer/isolators/filesystem/shared.hpp
@@ -39,6 +39,8 @@ public:
virtual ~SharedFilesystemIsolatorProcess();
+ virtual process::Future<Option<int>> namespaces();
+
virtual process::Future<Nothing> recover(
const std::list<mesos::slave::ExecutorRunState>& states,
const hashset<ContainerID>& orphans);
http://git-wip-us.apache.org/repos/asf/mesos/blob/2143ae03/src/slave/containerizer/isolators/namespaces/pid.cpp
----------------------------------------------------------------------
diff --git a/src/slave/containerizer/isolators/namespaces/pid.cpp b/src/slave/containerizer/isolators/namespaces/pid.cpp
index c6b28aa..5de0791 100644
--- a/src/slave/containerizer/isolators/namespaces/pid.cpp
+++ b/src/slave/containerizer/isolators/namespaces/pid.cpp
@@ -121,6 +121,12 @@ Result<ino_t> NamespacesPidIsolatorProcess::getNamespace(
}
+process::Future<Option<int>> NamespacesPidIsolatorProcess::namespaces()
+{
+ return CLONE_NEWPID | CLONE_NEWNS;
+}
+
+
Future<Nothing> NamespacesPidIsolatorProcess::recover(
const list<ExecutorRunState>& states,
const hashset<ContainerID>& orphans)
http://git-wip-us.apache.org/repos/asf/mesos/blob/2143ae03/src/slave/containerizer/isolators/namespaces/pid.hpp
----------------------------------------------------------------------
diff --git a/src/slave/containerizer/isolators/namespaces/pid.hpp b/src/slave/containerizer/isolators/namespaces/pid.hpp
index 6b24e29..9cda3fd 100644
--- a/src/slave/containerizer/isolators/namespaces/pid.hpp
+++ b/src/slave/containerizer/isolators/namespaces/pid.hpp
@@ -56,6 +56,8 @@ public:
virtual ~NamespacesPidIsolatorProcess() {}
+ virtual process::Future<Option<int>> namespaces();
+
virtual process::Future<Nothing> recover(
const std::list<mesos::slave::ExecutorRunState>& states,
const hashset<ContainerID>& orphans);
http://git-wip-us.apache.org/repos/asf/mesos/blob/2143ae03/src/slave/containerizer/isolators/network/port_mapping.cpp
----------------------------------------------------------------------
diff --git a/src/slave/containerizer/isolators/network/port_mapping.cpp b/src/slave/containerizer/isolators/network/port_mapping.cpp
index 1eb8173..f8018f2 100644
--- a/src/slave/containerizer/isolators/network/port_mapping.cpp
+++ b/src/slave/containerizer/isolators/network/port_mapping.cpp
@@ -1633,6 +1633,12 @@ Try<Isolator*> PortMappingIsolatorProcess::create(const Flags& flags)
}
+process::Future<Option<int>> PortMappingIsolatorProcess::namespaces()
+{
+ return CLONE_NEWNET;
+}
+
+
Future<Nothing> PortMappingIsolatorProcess::recover(
const list<ExecutorRunState>& states,
const hashset<ContainerID>& orphans)
http://git-wip-us.apache.org/repos/asf/mesos/blob/2143ae03/src/slave/containerizer/isolators/network/port_mapping.hpp
----------------------------------------------------------------------
diff --git a/src/slave/containerizer/isolators/network/port_mapping.hpp b/src/slave/containerizer/isolators/network/port_mapping.hpp
index 7777ee8..6b5cf62 100644
--- a/src/slave/containerizer/isolators/network/port_mapping.hpp
+++ b/src/slave/containerizer/isolators/network/port_mapping.hpp
@@ -152,6 +152,8 @@ public:
virtual ~PortMappingIsolatorProcess() {}
+ virtual process::Future<Option<int>> namespaces();
+
virtual process::Future<Nothing> recover(
const std::list<mesos::slave::ExecutorRunState>& states,
const hashset<ContainerID>& orphans);