You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@mesos.apache.org by ji...@apache.org on 2017/12/15 17:27:02 UTC
[2/4] mesos git commit: Added standalone isolator capability.
Added standalone isolator capability.
Recently, we introduced the standalone container suport (MESOS-7302).
Some isolators might not be able to handle standalone containers.
Therefore, we introduce an isolator capability (similar to nesting
capability) so that we won't try to invoke those isolators that do not
support standalone containers when dealing with a standalone container.
Review: https://reviews.apache.org/r/64624
Project: http://git-wip-us.apache.org/repos/asf/mesos/repo
Commit: http://git-wip-us.apache.org/repos/asf/mesos/commit/88738706
Tree: http://git-wip-us.apache.org/repos/asf/mesos/tree/88738706
Diff: http://git-wip-us.apache.org/repos/asf/mesos/diff/88738706
Branch: refs/heads/master
Commit: 88738706d1ccc26cd1a6d3f23957bf1e0a61d4b5
Parents: 2576117
Author: Jie Yu <yu...@gmail.com>
Authored: Wed Dec 13 08:17:23 2017 -0800
Committer: Jie Yu <yu...@gmail.com>
Committed: Fri Dec 15 09:26:55 2017 -0800
----------------------------------------------------------------------
include/mesos/slave/isolator.hpp | 5 +
src/slave/containerizer/mesos/containerizer.cpp | 128 +++++++++++++------
src/slave/containerizer/mesos/containerizer.hpp | 6 +
.../containerizer/mesos/io/switchboard.cpp | 6 +
.../containerizer/mesos/io/switchboard.hpp | 1 +
src/slave/containerizer/mesos/isolator.cpp | 6 +
src/slave/containerizer/mesos/isolator.hpp | 6 +
.../mesos/isolators/appc/runtime.cpp | 6 +
.../mesos/isolators/appc/runtime.hpp | 1 +
.../mesos/isolators/cgroups/cgroups.cpp | 6 +
.../mesos/isolators/cgroups/cgroups.hpp | 1 +
.../mesos/isolators/docker/runtime.cpp | 6 +
.../mesos/isolators/docker/runtime.hpp | 1 +
.../mesos/isolators/docker/volume/isolator.cpp | 6 +
.../mesos/isolators/docker/volume/isolator.hpp | 1 +
.../mesos/isolators/environment_secret.cpp | 6 +
.../mesos/isolators/environment_secret.hpp | 1 +
.../mesos/isolators/filesystem/linux.cpp | 20 ++-
.../mesos/isolators/filesystem/linux.hpp | 1 +
.../mesos/isolators/gpu/isolator.cpp | 6 +
.../mesos/isolators/gpu/isolator.hpp | 1 +
.../mesos/isolators/linux/capabilities.cpp | 6 +
.../mesos/isolators/linux/capabilities.hpp | 1 +
.../mesos/isolators/namespaces/ipc.cpp | 6 +
.../mesos/isolators/namespaces/ipc.hpp | 1 +
.../mesos/isolators/namespaces/pid.cpp | 6 +
.../mesos/isolators/namespaces/pid.hpp | 1 +
.../mesos/isolators/posix/disk.cpp | 6 +
.../mesos/isolators/posix/disk.hpp | 1 +
.../mesos/isolators/posix/rlimits.cpp | 6 +
.../mesos/isolators/posix/rlimits.hpp | 1 +
.../mesos/isolators/volume/host_path.cpp | 6 +
.../mesos/isolators/volume/host_path.hpp | 1 +
.../mesos/isolators/volume/image.cpp | 6 +
.../mesos/isolators/volume/image.hpp | 1 +
.../mesos/isolators/volume/sandbox_path.cpp | 6 +
.../mesos/isolators/volume/sandbox_path.hpp | 1 +
.../mesos/isolators/volume/secret.cpp | 6 +
.../mesos/isolators/volume/secret.hpp | 1 +
.../mesos/isolators/windows/cpu.cpp | 1 +
.../mesos/isolators/windows/cpu.hpp | 1 +
.../mesos/isolators/windows/mem.cpp | 1 +
.../mesos/isolators/windows/mem.hpp | 1 +
43 files changed, 246 insertions(+), 42 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/mesos/blob/88738706/include/mesos/slave/isolator.hpp
----------------------------------------------------------------------
diff --git a/include/mesos/slave/isolator.hpp b/include/mesos/slave/isolator.hpp
index c52563f..f682e30 100644
--- a/include/mesos/slave/isolator.hpp
+++ b/include/mesos/slave/isolator.hpp
@@ -49,6 +49,11 @@ public:
return false;
}
+ virtual bool supportsStandalone()
+ {
+ return false;
+ }
+
// Recover containers from the run states and the orphan containers
// (known to the launcher but not known to the slave) detected by
// the launcher.
http://git-wip-us.apache.org/repos/asf/mesos/blob/88738706/src/slave/containerizer/mesos/containerizer.cpp
----------------------------------------------------------------------
diff --git a/src/slave/containerizer/mesos/containerizer.cpp b/src/slave/containerizer/mesos/containerizer.cpp
index 5cb36af..616873e 100644
--- a/src/slave/containerizer/mesos/containerizer.cpp
+++ b/src/slave/containerizer/mesos/containerizer.cpp
@@ -980,29 +980,28 @@ Future<list<Nothing>> MesosContainerizerProcess::recoverIsolators(
// Then recover the isolators.
foreach (const Owned<Isolator>& isolator, isolators) {
- // NOTE: We should not send nested containers to the isolator if
- // the isolator does not support nesting.
- if (isolator->supportsNesting()) {
- futures.push_back(isolator->recover(recoverable, orphans));
- } else {
- // Strip nested containers from 'recoverable' and 'orphans'.
- list<ContainerState> _recoverable;
- hashset<ContainerID> _orphans;
-
- foreach (const ContainerState& state, recoverable) {
- if (!state.container_id().has_parent()) {
- _recoverable.push_back(state);
- }
+ list<ContainerState> _recoverable;
+ hashset<ContainerID> _orphans;
+
+ foreach (const ContainerState& state, recoverable) {
+ if (isSupportedByIsolator(
+ state.container_id(),
+ isolator->supportsNesting(),
+ isolator->supportsStandalone())) {
+ _recoverable.push_back(state);
}
+ }
- foreach (const ContainerID& orphan, orphans) {
- if (!orphan.has_parent()) {
- _orphans.insert(orphan);
- }
+ foreach (const ContainerID& orphan, orphans) {
+ if (isSupportedByIsolator(
+ orphan,
+ isolator->supportsNesting(),
+ isolator->supportsStandalone())) {
+ _orphans.insert(orphan);
}
-
- futures.push_back(isolator->recover(_recoverable, _orphans));
}
+
+ futures.push_back(isolator->recover(_recoverable, _orphans));
}
// If all isolators recover then continue.
@@ -1054,9 +1053,10 @@ Future<Nothing> MesosContainerizerProcess::__recover(
const ContainerID& containerId = run.container_id();
foreach (const Owned<Isolator>& isolator, isolators) {
- // If this is a nested container, we need to skip isolators that
- // do not support nesting.
- if (containerId.has_parent() && !isolator->supportsNesting()) {
+ if (!isSupportedByIsolator(
+ containerId,
+ isolator->supportsNesting(),
+ isolator->supportsStandalone())) {
continue;
}
@@ -1386,9 +1386,10 @@ Future<Nothing> MesosContainerizerProcess::prepare(
list<Option<ContainerLaunchInfo>>();
foreach (const Owned<Isolator>& isolator, isolators) {
- // If this is a nested container, we need to skip isolators that
- // do not support nesting.
- if (containerId.has_parent() && !isolator->supportsNesting()) {
+ if (!isSupportedByIsolator(
+ containerId,
+ isolator->supportsNesting(),
+ isolator->supportsStandalone())) {
continue;
}
@@ -2017,9 +2018,10 @@ Future<Nothing> MesosContainerizerProcess::isolate(
// Set up callbacks for isolator limitations.
foreach (const Owned<Isolator>& isolator, isolators) {
- // If this is a nested container, we need to skip isolators that
- // do not support nesting.
- if (containerId.has_parent() && !isolator->supportsNesting()) {
+ if (!isSupportedByIsolator(
+ containerId,
+ isolator->supportsNesting(),
+ isolator->supportsStandalone())) {
continue;
}
@@ -2033,9 +2035,10 @@ Future<Nothing> MesosContainerizerProcess::isolate(
// isolation.
list<Future<Nothing>> futures;
foreach (const Owned<Isolator>& isolator, isolators) {
- // If this is a nested container, we need to skip isolators that
- // do not support nesting.
- if (containerId.has_parent() && !isolator->supportsNesting()) {
+ if (!isSupportedByIsolator(
+ containerId,
+ isolator->supportsNesting(),
+ isolator->supportsStandalone())) {
continue;
}
@@ -2167,8 +2170,13 @@ Future<Nothing> MesosContainerizerProcess::update(
// Update each isolator.
list<Future<Nothing>> futures;
foreach (const Owned<Isolator>& isolator, isolators) {
- // NOTE: No need to skip non-nesting aware isolator here because
- // 'update' currently will not be called for nested container.
+ if (!isSupportedByIsolator(
+ containerId,
+ isolator->supportsNesting(),
+ isolator->supportsStandalone())) {
+ continue;
+ }
+
futures.push_back(isolator->update(containerId, resources));
}
@@ -2232,8 +2240,13 @@ Future<ResourceStatistics> MesosContainerizerProcess::usage(
list<Future<ResourceStatistics>> futures;
foreach (const Owned<Isolator>& isolator, isolators) {
- // NOTE: No need to skip non-nesting aware isolator here because
- // 'update' currently will not be called for nested container.
+ if (!isSupportedByIsolator(
+ containerId,
+ isolator->supportsNesting(),
+ isolator->supportsStandalone())) {
+ continue;
+ }
+
futures.push_back(isolator->usage(containerId));
}
@@ -2258,9 +2271,10 @@ Future<ContainerStatus> MesosContainerizerProcess::status(
list<Future<ContainerStatus>> futures;
foreach (const Owned<Isolator>& isolator, isolators) {
- // If this is a nested container, we need to skip isolators that
- // do not support nesting.
- if (containerId.has_parent() && !isolator->supportsNesting()) {
+ if (!isSupportedByIsolator(
+ containerId,
+ isolator->supportsNesting(),
+ isolator->supportsStandalone())) {
continue;
}
@@ -2904,9 +2918,10 @@ Future<list<Future<Nothing>>> MesosContainerizerProcess::cleanupIsolators(
// NOTE: We clean up each isolator in the reverse order they were
// prepared (see comment in prepare()).
foreach (const Owned<Isolator>& isolator, adaptor::reverse(isolators)) {
- // If this is a nested container, we need to skip isolators that
- // do not support nesting.
- if (containerId.has_parent() && !isolator->supportsNesting()) {
+ if (!isSupportedByIsolator(
+ containerId,
+ isolator->supportsNesting(),
+ isolator->supportsStandalone())) {
continue;
}
@@ -2948,6 +2963,37 @@ void MesosContainerizerProcess::transition(
}
+bool MesosContainerizerProcess::isSupportedByIsolator(
+ const ContainerID& containerId,
+ bool isolatorSupportsNesting,
+ bool isolatorSupportsStandalone)
+{
+ if (!isolatorSupportsNesting) {
+ if (containerId.has_parent()) {
+ return false;
+ }
+ }
+
+ if (!isolatorSupportsStandalone) {
+ // NOTE: If standalone container is not supported, the nested
+ // containers of the standalone container won't be supported
+ // neither.
+ ContainerID rootContainerId = protobuf::getRootContainerId(containerId);
+
+ bool isStandaloneContainer =
+ containerizer::paths::isStandaloneContainer(
+ flags.runtime_dir,
+ rootContainerId);
+
+ if (isStandaloneContainer) {
+ return false;
+ }
+ }
+
+ return true;
+}
+
+
std::ostream& operator<<(
std::ostream& stream,
const MesosContainerizerProcess::State& state)
http://git-wip-us.apache.org/repos/asf/mesos/blob/88738706/src/slave/containerizer/mesos/containerizer.hpp
----------------------------------------------------------------------
diff --git a/src/slave/containerizer/mesos/containerizer.hpp b/src/slave/containerizer/mesos/containerizer.hpp
index 965e183..85cb325 100644
--- a/src/slave/containerizer/mesos/containerizer.hpp
+++ b/src/slave/containerizer/mesos/containerizer.hpp
@@ -382,6 +382,12 @@ private:
// Helper to transition container state.
void transition(const ContainerID& containerId, const State& state);
+ // Helper to determine if a container is supported by an isolator.
+ bool isSupportedByIsolator(
+ const ContainerID& containerId,
+ bool isolatorSupportsNesting,
+ bool isolatorSupportsStandalone);
+
struct Metrics
{
Metrics();
http://git-wip-us.apache.org/repos/asf/mesos/blob/88738706/src/slave/containerizer/mesos/io/switchboard.cpp
----------------------------------------------------------------------
diff --git a/src/slave/containerizer/mesos/io/switchboard.cpp b/src/slave/containerizer/mesos/io/switchboard.cpp
index af8fbe8..89dd498 100644
--- a/src/slave/containerizer/mesos/io/switchboard.cpp
+++ b/src/slave/containerizer/mesos/io/switchboard.cpp
@@ -150,6 +150,12 @@ bool IOSwitchboard::supportsNesting()
}
+bool IOSwitchboard::supportsStandalone()
+{
+ return true;
+}
+
+
Future<Nothing> IOSwitchboard::recover(
const list<ContainerState>& states,
const hashset<ContainerID>& orphans)
http://git-wip-us.apache.org/repos/asf/mesos/blob/88738706/src/slave/containerizer/mesos/io/switchboard.hpp
----------------------------------------------------------------------
diff --git a/src/slave/containerizer/mesos/io/switchboard.hpp b/src/slave/containerizer/mesos/io/switchboard.hpp
index 520a6ef..8a16b15 100644
--- a/src/slave/containerizer/mesos/io/switchboard.hpp
+++ b/src/slave/containerizer/mesos/io/switchboard.hpp
@@ -60,6 +60,7 @@ public:
virtual ~IOSwitchboard();
virtual bool supportsNesting();
+ virtual bool supportsStandalone();
virtual process::Future<Nothing> recover(
const std::list<mesos::slave::ContainerState>& states,
http://git-wip-us.apache.org/repos/asf/mesos/blob/88738706/src/slave/containerizer/mesos/isolator.cpp
----------------------------------------------------------------------
diff --git a/src/slave/containerizer/mesos/isolator.cpp b/src/slave/containerizer/mesos/isolator.cpp
index ccdcb9a..7a32936 100644
--- a/src/slave/containerizer/mesos/isolator.cpp
+++ b/src/slave/containerizer/mesos/isolator.cpp
@@ -52,6 +52,12 @@ bool MesosIsolator::supportsNesting()
}
+bool MesosIsolator::supportsStandalone()
+{
+ return process->supportsStandalone();
+}
+
+
Future<Nothing> MesosIsolator::recover(
const list<ContainerState>& state,
const hashset<ContainerID>& orphans)
http://git-wip-us.apache.org/repos/asf/mesos/blob/88738706/src/slave/containerizer/mesos/isolator.hpp
----------------------------------------------------------------------
diff --git a/src/slave/containerizer/mesos/isolator.hpp b/src/slave/containerizer/mesos/isolator.hpp
index aaad346..b7af394 100644
--- a/src/slave/containerizer/mesos/isolator.hpp
+++ b/src/slave/containerizer/mesos/isolator.hpp
@@ -42,6 +42,7 @@ public:
virtual ~MesosIsolator();
virtual bool supportsNesting();
+ virtual bool supportsStandalone();
virtual process::Future<Nothing> recover(
const std::list<mesos::slave::ContainerState>& states,
@@ -86,6 +87,11 @@ public:
return false;
}
+ virtual bool supportsStandalone()
+ {
+ return false;
+ }
+
virtual process::Future<Nothing> recover(
const std::list<mesos::slave::ContainerState>& states,
const hashset<ContainerID>& orphans)
http://git-wip-us.apache.org/repos/asf/mesos/blob/88738706/src/slave/containerizer/mesos/isolators/appc/runtime.cpp
----------------------------------------------------------------------
diff --git a/src/slave/containerizer/mesos/isolators/appc/runtime.cpp b/src/slave/containerizer/mesos/isolators/appc/runtime.cpp
index 535ea1a..e8ecd66 100644
--- a/src/slave/containerizer/mesos/isolators/appc/runtime.cpp
+++ b/src/slave/containerizer/mesos/isolators/appc/runtime.cpp
@@ -62,6 +62,12 @@ bool AppcRuntimeIsolatorProcess::supportsNesting()
}
+bool AppcRuntimeIsolatorProcess::supportsStandalone()
+{
+ return true;
+}
+
+
Try<Isolator*> AppcRuntimeIsolatorProcess::create(const Flags& flags)
{
process::Owned<MesosIsolatorProcess> process(
http://git-wip-us.apache.org/repos/asf/mesos/blob/88738706/src/slave/containerizer/mesos/isolators/appc/runtime.hpp
----------------------------------------------------------------------
diff --git a/src/slave/containerizer/mesos/isolators/appc/runtime.hpp b/src/slave/containerizer/mesos/isolators/appc/runtime.hpp
index 8d22587..2e9c7e4 100644
--- a/src/slave/containerizer/mesos/isolators/appc/runtime.hpp
+++ b/src/slave/containerizer/mesos/isolators/appc/runtime.hpp
@@ -34,6 +34,7 @@ public:
virtual ~AppcRuntimeIsolatorProcess();
virtual bool supportsNesting();
+ virtual bool supportsStandalone();
virtual process::Future<Option<mesos::slave::ContainerLaunchInfo>> prepare(
const ContainerID& containerId,
http://git-wip-us.apache.org/repos/asf/mesos/blob/88738706/src/slave/containerizer/mesos/isolators/cgroups/cgroups.cpp
----------------------------------------------------------------------
diff --git a/src/slave/containerizer/mesos/isolators/cgroups/cgroups.cpp b/src/slave/containerizer/mesos/isolators/cgroups/cgroups.cpp
index c0ebc4e..4431ce1 100644
--- a/src/slave/containerizer/mesos/isolators/cgroups/cgroups.cpp
+++ b/src/slave/containerizer/mesos/isolators/cgroups/cgroups.cpp
@@ -151,6 +151,12 @@ bool CgroupsIsolatorProcess::supportsNesting()
}
+bool CgroupsIsolatorProcess::supportsStandalone()
+{
+ return true;
+}
+
+
void CgroupsIsolatorProcess::initialize()
{
foreachvalue (const Owned<Subsystem>& subsystem, subsystems) {
http://git-wip-us.apache.org/repos/asf/mesos/blob/88738706/src/slave/containerizer/mesos/isolators/cgroups/cgroups.hpp
----------------------------------------------------------------------
diff --git a/src/slave/containerizer/mesos/isolators/cgroups/cgroups.hpp b/src/slave/containerizer/mesos/isolators/cgroups/cgroups.hpp
index 229bafc..5763c98 100644
--- a/src/slave/containerizer/mesos/isolators/cgroups/cgroups.hpp
+++ b/src/slave/containerizer/mesos/isolators/cgroups/cgroups.hpp
@@ -51,6 +51,7 @@ public:
virtual ~CgroupsIsolatorProcess();
virtual bool supportsNesting();
+ virtual bool supportsStandalone();
virtual process::Future<Nothing> recover(
const std::list<mesos::slave::ContainerState>& states,
http://git-wip-us.apache.org/repos/asf/mesos/blob/88738706/src/slave/containerizer/mesos/isolators/docker/runtime.cpp
----------------------------------------------------------------------
diff --git a/src/slave/containerizer/mesos/isolators/docker/runtime.cpp b/src/slave/containerizer/mesos/isolators/docker/runtime.cpp
index 93394f8..53d0008 100644
--- a/src/slave/containerizer/mesos/isolators/docker/runtime.cpp
+++ b/src/slave/containerizer/mesos/isolators/docker/runtime.cpp
@@ -65,6 +65,12 @@ bool DockerRuntimeIsolatorProcess::supportsNesting()
}
+bool DockerRuntimeIsolatorProcess::supportsStandalone()
+{
+ return true;
+}
+
+
Try<Isolator*> DockerRuntimeIsolatorProcess::create(const Flags& flags)
{
process::Owned<MesosIsolatorProcess> process(
http://git-wip-us.apache.org/repos/asf/mesos/blob/88738706/src/slave/containerizer/mesos/isolators/docker/runtime.hpp
----------------------------------------------------------------------
diff --git a/src/slave/containerizer/mesos/isolators/docker/runtime.hpp b/src/slave/containerizer/mesos/isolators/docker/runtime.hpp
index 642dd53..5c63b8f 100644
--- a/src/slave/containerizer/mesos/isolators/docker/runtime.hpp
+++ b/src/slave/containerizer/mesos/isolators/docker/runtime.hpp
@@ -34,6 +34,7 @@ public:
virtual ~DockerRuntimeIsolatorProcess();
virtual bool supportsNesting();
+ virtual bool supportsStandalone();
virtual process::Future<Option<mesos::slave::ContainerLaunchInfo>> prepare(
const ContainerID& containerId,
http://git-wip-us.apache.org/repos/asf/mesos/blob/88738706/src/slave/containerizer/mesos/isolators/docker/volume/isolator.cpp
----------------------------------------------------------------------
diff --git a/src/slave/containerizer/mesos/isolators/docker/volume/isolator.cpp b/src/slave/containerizer/mesos/isolators/docker/volume/isolator.cpp
index 6efdc75..deacffe 100644
--- a/src/slave/containerizer/mesos/isolators/docker/volume/isolator.cpp
+++ b/src/slave/containerizer/mesos/isolators/docker/volume/isolator.cpp
@@ -71,6 +71,12 @@ bool DockerVolumeIsolatorProcess::supportsNesting()
}
+bool DockerVolumeIsolatorProcess::supportsStandalone()
+{
+ return true;
+}
+
+
Try<Isolator*> DockerVolumeIsolatorProcess::create(const Flags& flags)
{
// Check for root permission.
http://git-wip-us.apache.org/repos/asf/mesos/blob/88738706/src/slave/containerizer/mesos/isolators/docker/volume/isolator.hpp
----------------------------------------------------------------------
diff --git a/src/slave/containerizer/mesos/isolators/docker/volume/isolator.hpp b/src/slave/containerizer/mesos/isolators/docker/volume/isolator.hpp
index 2e64d05..0e1761d 100644
--- a/src/slave/containerizer/mesos/isolators/docker/volume/isolator.hpp
+++ b/src/slave/containerizer/mesos/isolators/docker/volume/isolator.hpp
@@ -53,6 +53,7 @@ public:
virtual ~DockerVolumeIsolatorProcess();
virtual bool supportsNesting();
+ virtual bool supportsStandalone();
virtual process::Future<Nothing> recover(
const std::list<mesos::slave::ContainerState>& states,
http://git-wip-us.apache.org/repos/asf/mesos/blob/88738706/src/slave/containerizer/mesos/isolators/environment_secret.cpp
----------------------------------------------------------------------
diff --git a/src/slave/containerizer/mesos/isolators/environment_secret.cpp b/src/slave/containerizer/mesos/isolators/environment_secret.cpp
index 5b0b2fc..77c1ba5 100644
--- a/src/slave/containerizer/mesos/isolators/environment_secret.cpp
+++ b/src/slave/containerizer/mesos/isolators/environment_secret.cpp
@@ -74,6 +74,12 @@ bool EnvironmentSecretIsolatorProcess::supportsNesting()
}
+bool EnvironmentSecretIsolatorProcess::supportsStandalone()
+{
+ return true;
+}
+
+
Future<Option<ContainerLaunchInfo>> EnvironmentSecretIsolatorProcess::prepare(
const ContainerID& containerId,
const ContainerConfig& containerConfig)
http://git-wip-us.apache.org/repos/asf/mesos/blob/88738706/src/slave/containerizer/mesos/isolators/environment_secret.hpp
----------------------------------------------------------------------
diff --git a/src/slave/containerizer/mesos/isolators/environment_secret.hpp b/src/slave/containerizer/mesos/isolators/environment_secret.hpp
index b98e8fe..376a0a4 100644
--- a/src/slave/containerizer/mesos/isolators/environment_secret.hpp
+++ b/src/slave/containerizer/mesos/isolators/environment_secret.hpp
@@ -39,6 +39,7 @@ public:
virtual ~EnvironmentSecretIsolatorProcess();
virtual bool supportsNesting();
+ virtual bool supportsStandalone();
virtual process::Future<Option<mesos::slave::ContainerLaunchInfo>> prepare(
const ContainerID& containerId,
http://git-wip-us.apache.org/repos/asf/mesos/blob/88738706/src/slave/containerizer/mesos/isolators/filesystem/linux.cpp
----------------------------------------------------------------------
diff --git a/src/slave/containerizer/mesos/isolators/filesystem/linux.cpp b/src/slave/containerizer/mesos/isolators/filesystem/linux.cpp
index aa939e3..5200182 100644
--- a/src/slave/containerizer/mesos/isolators/filesystem/linux.cpp
+++ b/src/slave/containerizer/mesos/isolators/filesystem/linux.cpp
@@ -219,6 +219,12 @@ bool LinuxFilesystemIsolatorProcess::supportsNesting()
}
+bool LinuxFilesystemIsolatorProcess::supportsStandalone()
+{
+ return true;
+}
+
+
Future<Nothing> LinuxFilesystemIsolatorProcess::recover(
const list<ContainerState>& states,
const hashset<ContainerID>& orphans)
@@ -333,6 +339,18 @@ Future<Option<ContainerLaunchInfo>> LinuxFilesystemIsolatorProcess::prepare(
return launchInfo;
}
+ // Currently, we do not support persistent volumes for standalone
+ // containers. Therefore, we perform the check here to reject the
+ // standalone container launch if persistent volumes are specified.
+ const bool isStandaloneContainer =
+ containerizer::paths::isStandaloneContainer(flags.runtime_dir, containerId);
+
+ if (isStandaloneContainer &&
+ !Resources(containerConfig.resources()).persistentVolumes().empty()) {
+ return Failure(
+ "Persistent volumes are not supported for standalone containers");
+ }
+
if (infos.contains(containerId)) {
return Failure("Container has already been prepared");
}
@@ -378,7 +396,7 @@ Future<Option<ContainerLaunchInfo>> LinuxFilesystemIsolatorProcess::prepare(
return launchInfo;
}
- return update(containerId, containerConfig.executor_info().resources())
+ return update(containerId, containerConfig.resources())
.then([launchInfo]() -> Future<Option<ContainerLaunchInfo>> {
return launchInfo;
});
http://git-wip-us.apache.org/repos/asf/mesos/blob/88738706/src/slave/containerizer/mesos/isolators/filesystem/linux.hpp
----------------------------------------------------------------------
diff --git a/src/slave/containerizer/mesos/isolators/filesystem/linux.hpp b/src/slave/containerizer/mesos/isolators/filesystem/linux.hpp
index 6584d1e..d933af4 100644
--- a/src/slave/containerizer/mesos/isolators/filesystem/linux.hpp
+++ b/src/slave/containerizer/mesos/isolators/filesystem/linux.hpp
@@ -47,6 +47,7 @@ public:
virtual ~LinuxFilesystemIsolatorProcess();
virtual bool supportsNesting();
+ virtual bool supportsStandalone();
virtual process::Future<Nothing> recover(
const std::list<mesos::slave::ContainerState>& states,
http://git-wip-us.apache.org/repos/asf/mesos/blob/88738706/src/slave/containerizer/mesos/isolators/gpu/isolator.cpp
----------------------------------------------------------------------
diff --git a/src/slave/containerizer/mesos/isolators/gpu/isolator.cpp b/src/slave/containerizer/mesos/isolators/gpu/isolator.cpp
index 7b66426..f5e8860 100644
--- a/src/slave/containerizer/mesos/isolators/gpu/isolator.cpp
+++ b/src/slave/containerizer/mesos/isolators/gpu/isolator.cpp
@@ -230,6 +230,12 @@ bool NvidiaGpuIsolatorProcess::supportsNesting()
}
+bool NvidiaGpuIsolatorProcess::supportsStandalone()
+{
+ return true;
+}
+
+
Future<Nothing> NvidiaGpuIsolatorProcess::recover(
const list<ContainerState>& states,
const hashset<ContainerID>& orphans)
http://git-wip-us.apache.org/repos/asf/mesos/blob/88738706/src/slave/containerizer/mesos/isolators/gpu/isolator.hpp
----------------------------------------------------------------------
diff --git a/src/slave/containerizer/mesos/isolators/gpu/isolator.hpp b/src/slave/containerizer/mesos/isolators/gpu/isolator.hpp
index f3103a7..5d1bc7b 100644
--- a/src/slave/containerizer/mesos/isolators/gpu/isolator.hpp
+++ b/src/slave/containerizer/mesos/isolators/gpu/isolator.hpp
@@ -85,6 +85,7 @@ public:
const NvidiaComponents& components);
virtual bool supportsNesting();
+ virtual bool supportsStandalone();
virtual process::Future<Nothing> recover(
const std::list<mesos::slave::ContainerState>& states,
http://git-wip-us.apache.org/repos/asf/mesos/blob/88738706/src/slave/containerizer/mesos/isolators/linux/capabilities.cpp
----------------------------------------------------------------------
diff --git a/src/slave/containerizer/mesos/isolators/linux/capabilities.cpp b/src/slave/containerizer/mesos/isolators/linux/capabilities.cpp
index 21d851e..2e8ad93 100644
--- a/src/slave/containerizer/mesos/isolators/linux/capabilities.cpp
+++ b/src/slave/containerizer/mesos/isolators/linux/capabilities.cpp
@@ -80,6 +80,12 @@ bool LinuxCapabilitiesIsolatorProcess::supportsNesting()
}
+bool LinuxCapabilitiesIsolatorProcess::supportsStandalone()
+{
+ return true;
+}
+
+
Future<Option<ContainerLaunchInfo>> LinuxCapabilitiesIsolatorProcess::prepare(
const ContainerID& containerId,
const ContainerConfig& containerConfig)
http://git-wip-us.apache.org/repos/asf/mesos/blob/88738706/src/slave/containerizer/mesos/isolators/linux/capabilities.hpp
----------------------------------------------------------------------
diff --git a/src/slave/containerizer/mesos/isolators/linux/capabilities.hpp b/src/slave/containerizer/mesos/isolators/linux/capabilities.hpp
index b9862a2..73e26a0 100644
--- a/src/slave/containerizer/mesos/isolators/linux/capabilities.hpp
+++ b/src/slave/containerizer/mesos/isolators/linux/capabilities.hpp
@@ -33,6 +33,7 @@ public:
static Try<mesos::slave::Isolator*> create(const Flags& flags);
virtual bool supportsNesting();
+ virtual bool supportsStandalone();
virtual process::Future<Option<mesos::slave::ContainerLaunchInfo>> prepare(
const ContainerID& containerId,
http://git-wip-us.apache.org/repos/asf/mesos/blob/88738706/src/slave/containerizer/mesos/isolators/namespaces/ipc.cpp
----------------------------------------------------------------------
diff --git a/src/slave/containerizer/mesos/isolators/namespaces/ipc.cpp b/src/slave/containerizer/mesos/isolators/namespaces/ipc.cpp
index 2d89d59..90773d7 100644
--- a/src/slave/containerizer/mesos/isolators/namespaces/ipc.cpp
+++ b/src/slave/containerizer/mesos/isolators/namespaces/ipc.cpp
@@ -65,6 +65,12 @@ bool NamespacesIPCIsolatorProcess::supportsNesting()
}
+bool NamespacesIPCIsolatorProcess::supportsStandalone()
+{
+ return true;
+}
+
+
// IPC isolation on Linux just requires that a process be placed in an IPC
// namespace. Neither /proc, nor any of the special SVIPC filesystem need
// to be remounted for this to work. IPC namespaces are disjoint. That is,
http://git-wip-us.apache.org/repos/asf/mesos/blob/88738706/src/slave/containerizer/mesos/isolators/namespaces/ipc.hpp
----------------------------------------------------------------------
diff --git a/src/slave/containerizer/mesos/isolators/namespaces/ipc.hpp b/src/slave/containerizer/mesos/isolators/namespaces/ipc.hpp
index 9850407..b3815ae 100644
--- a/src/slave/containerizer/mesos/isolators/namespaces/ipc.hpp
+++ b/src/slave/containerizer/mesos/isolators/namespaces/ipc.hpp
@@ -33,6 +33,7 @@ public:
virtual ~NamespacesIPCIsolatorProcess() {}
virtual bool supportsNesting();
+ virtual bool supportsStandalone();
virtual process::Future<Option<mesos::slave::ContainerLaunchInfo>> prepare(
const ContainerID& containerId,
http://git-wip-us.apache.org/repos/asf/mesos/blob/88738706/src/slave/containerizer/mesos/isolators/namespaces/pid.cpp
----------------------------------------------------------------------
diff --git a/src/slave/containerizer/mesos/isolators/namespaces/pid.cpp b/src/slave/containerizer/mesos/isolators/namespaces/pid.cpp
index 4f8253b..d765929 100644
--- a/src/slave/containerizer/mesos/isolators/namespaces/pid.cpp
+++ b/src/slave/containerizer/mesos/isolators/namespaces/pid.cpp
@@ -80,6 +80,12 @@ bool NamespacesPidIsolatorProcess::supportsNesting()
}
+bool NamespacesPidIsolatorProcess::supportsStandalone()
+{
+ return true;
+}
+
+
Future<Option<ContainerLaunchInfo>> NamespacesPidIsolatorProcess::prepare(
const ContainerID& containerId,
const ContainerConfig& containerConfig)
http://git-wip-us.apache.org/repos/asf/mesos/blob/88738706/src/slave/containerizer/mesos/isolators/namespaces/pid.hpp
----------------------------------------------------------------------
diff --git a/src/slave/containerizer/mesos/isolators/namespaces/pid.hpp b/src/slave/containerizer/mesos/isolators/namespaces/pid.hpp
index 6b4ba06..5ed4a6e 100644
--- a/src/slave/containerizer/mesos/isolators/namespaces/pid.hpp
+++ b/src/slave/containerizer/mesos/isolators/namespaces/pid.hpp
@@ -33,6 +33,7 @@ public:
virtual ~NamespacesPidIsolatorProcess() {}
virtual bool supportsNesting();
+ virtual bool supportsStandalone();
virtual process::Future<Option<mesos::slave::ContainerLaunchInfo>> prepare(
const ContainerID& containerId,
http://git-wip-us.apache.org/repos/asf/mesos/blob/88738706/src/slave/containerizer/mesos/isolators/posix/disk.cpp
----------------------------------------------------------------------
diff --git a/src/slave/containerizer/mesos/isolators/posix/disk.cpp b/src/slave/containerizer/mesos/isolators/posix/disk.cpp
index eb23025..7f2708c 100644
--- a/src/slave/containerizer/mesos/isolators/posix/disk.cpp
+++ b/src/slave/containerizer/mesos/isolators/posix/disk.cpp
@@ -113,6 +113,12 @@ bool PosixDiskIsolatorProcess::supportsNesting()
}
+bool PosixDiskIsolatorProcess::supportsStandalone()
+{
+ return true;
+}
+
+
Future<Nothing> PosixDiskIsolatorProcess::recover(
const list<ContainerState>& states,
const hashset<ContainerID>& orphans)
http://git-wip-us.apache.org/repos/asf/mesos/blob/88738706/src/slave/containerizer/mesos/isolators/posix/disk.hpp
----------------------------------------------------------------------
diff --git a/src/slave/containerizer/mesos/isolators/posix/disk.hpp b/src/slave/containerizer/mesos/isolators/posix/disk.hpp
index 68d9744..61e414a 100644
--- a/src/slave/containerizer/mesos/isolators/posix/disk.hpp
+++ b/src/slave/containerizer/mesos/isolators/posix/disk.hpp
@@ -78,6 +78,7 @@ public:
virtual ~PosixDiskIsolatorProcess();
virtual bool supportsNesting();
+ virtual bool supportsStandalone();
virtual process::Future<Nothing> recover(
const std::list<mesos::slave::ContainerState>& states,
http://git-wip-us.apache.org/repos/asf/mesos/blob/88738706/src/slave/containerizer/mesos/isolators/posix/rlimits.cpp
----------------------------------------------------------------------
diff --git a/src/slave/containerizer/mesos/isolators/posix/rlimits.cpp b/src/slave/containerizer/mesos/isolators/posix/rlimits.cpp
index 0136652..9aa886f 100644
--- a/src/slave/containerizer/mesos/isolators/posix/rlimits.cpp
+++ b/src/slave/containerizer/mesos/isolators/posix/rlimits.cpp
@@ -34,6 +34,12 @@ bool PosixRLimitsIsolatorProcess::supportsNesting()
}
+bool PosixRLimitsIsolatorProcess::supportsStandalone()
+{
+ return true;
+}
+
+
process::Future<Option<ContainerLaunchInfo>>
PosixRLimitsIsolatorProcess::prepare(
const ContainerID& containerId,
http://git-wip-us.apache.org/repos/asf/mesos/blob/88738706/src/slave/containerizer/mesos/isolators/posix/rlimits.hpp
----------------------------------------------------------------------
diff --git a/src/slave/containerizer/mesos/isolators/posix/rlimits.hpp b/src/slave/containerizer/mesos/isolators/posix/rlimits.hpp
index 0bce083..2d95fb2 100644
--- a/src/slave/containerizer/mesos/isolators/posix/rlimits.hpp
+++ b/src/slave/containerizer/mesos/isolators/posix/rlimits.hpp
@@ -33,6 +33,7 @@ public:
static Try<mesos::slave::Isolator*> create(const Flags& flags);
virtual bool supportsNesting();
+ virtual bool supportsStandalone();
virtual process::Future<Option<mesos::slave::ContainerLaunchInfo>> prepare(
const ContainerID& containerId,
http://git-wip-us.apache.org/repos/asf/mesos/blob/88738706/src/slave/containerizer/mesos/isolators/volume/host_path.cpp
----------------------------------------------------------------------
diff --git a/src/slave/containerizer/mesos/isolators/volume/host_path.cpp b/src/slave/containerizer/mesos/isolators/volume/host_path.cpp
index 3f3f280..9127cf4 100644
--- a/src/slave/containerizer/mesos/isolators/volume/host_path.cpp
+++ b/src/slave/containerizer/mesos/isolators/volume/host_path.cpp
@@ -89,6 +89,12 @@ bool VolumeHostPathIsolatorProcess::supportsNesting()
}
+bool VolumeHostPathIsolatorProcess::supportsStandalone()
+{
+ return true;
+}
+
+
Future<Option<ContainerLaunchInfo>> VolumeHostPathIsolatorProcess::prepare(
const ContainerID& containerId,
const ContainerConfig& containerConfig)
http://git-wip-us.apache.org/repos/asf/mesos/blob/88738706/src/slave/containerizer/mesos/isolators/volume/host_path.hpp
----------------------------------------------------------------------
diff --git a/src/slave/containerizer/mesos/isolators/volume/host_path.hpp b/src/slave/containerizer/mesos/isolators/volume/host_path.hpp
index 08c3d5f..4540aa3 100644
--- a/src/slave/containerizer/mesos/isolators/volume/host_path.hpp
+++ b/src/slave/containerizer/mesos/isolators/volume/host_path.hpp
@@ -33,6 +33,7 @@ public:
virtual ~VolumeHostPathIsolatorProcess();
virtual bool supportsNesting();
+ virtual bool supportsStandalone();
virtual process::Future<Option<mesos::slave::ContainerLaunchInfo>> prepare(
const ContainerID& containerId,
http://git-wip-us.apache.org/repos/asf/mesos/blob/88738706/src/slave/containerizer/mesos/isolators/volume/image.cpp
----------------------------------------------------------------------
diff --git a/src/slave/containerizer/mesos/isolators/volume/image.cpp b/src/slave/containerizer/mesos/isolators/volume/image.cpp
index 15e242d..8ca3d55 100644
--- a/src/slave/containerizer/mesos/isolators/volume/image.cpp
+++ b/src/slave/containerizer/mesos/isolators/volume/image.cpp
@@ -75,6 +75,12 @@ bool VolumeImageIsolatorProcess::supportsNesting()
}
+bool VolumeImageIsolatorProcess::supportsStandalone()
+{
+ return true;
+}
+
+
Try<Isolator*> VolumeImageIsolatorProcess::create(
const Flags& flags,
const Shared<Provisioner>& provisioner)
http://git-wip-us.apache.org/repos/asf/mesos/blob/88738706/src/slave/containerizer/mesos/isolators/volume/image.hpp
----------------------------------------------------------------------
diff --git a/src/slave/containerizer/mesos/isolators/volume/image.hpp b/src/slave/containerizer/mesos/isolators/volume/image.hpp
index 8465bb5..54af40c 100644
--- a/src/slave/containerizer/mesos/isolators/volume/image.hpp
+++ b/src/slave/containerizer/mesos/isolators/volume/image.hpp
@@ -45,6 +45,7 @@ public:
virtual ~VolumeImageIsolatorProcess();
virtual bool supportsNesting();
+ virtual bool supportsStandalone();
virtual process::Future<Option<mesos::slave::ContainerLaunchInfo>> prepare(
const ContainerID& containerId,
http://git-wip-us.apache.org/repos/asf/mesos/blob/88738706/src/slave/containerizer/mesos/isolators/volume/sandbox_path.cpp
----------------------------------------------------------------------
diff --git a/src/slave/containerizer/mesos/isolators/volume/sandbox_path.cpp b/src/slave/containerizer/mesos/isolators/volume/sandbox_path.cpp
index d8e41c4..5801977 100644
--- a/src/slave/containerizer/mesos/isolators/volume/sandbox_path.cpp
+++ b/src/slave/containerizer/mesos/isolators/volume/sandbox_path.cpp
@@ -94,6 +94,12 @@ bool VolumeSandboxPathIsolatorProcess::supportsNesting()
}
+bool VolumeSandboxPathIsolatorProcess::supportsStandalone()
+{
+ return true;
+}
+
+
Future<Nothing> VolumeSandboxPathIsolatorProcess::recover(
const list<ContainerState>& states,
const hashset<ContainerID>& orphans)
http://git-wip-us.apache.org/repos/asf/mesos/blob/88738706/src/slave/containerizer/mesos/isolators/volume/sandbox_path.hpp
----------------------------------------------------------------------
diff --git a/src/slave/containerizer/mesos/isolators/volume/sandbox_path.hpp b/src/slave/containerizer/mesos/isolators/volume/sandbox_path.hpp
index 12fab61..20d5b32 100644
--- a/src/slave/containerizer/mesos/isolators/volume/sandbox_path.hpp
+++ b/src/slave/containerizer/mesos/isolators/volume/sandbox_path.hpp
@@ -37,6 +37,7 @@ public:
virtual ~VolumeSandboxPathIsolatorProcess();
virtual bool supportsNesting();
+ virtual bool supportsStandalone();
virtual process::Future<Nothing> recover(
const std::list<mesos::slave::ContainerState>& states,
http://git-wip-us.apache.org/repos/asf/mesos/blob/88738706/src/slave/containerizer/mesos/isolators/volume/secret.cpp
----------------------------------------------------------------------
diff --git a/src/slave/containerizer/mesos/isolators/volume/secret.cpp b/src/slave/containerizer/mesos/isolators/volume/secret.cpp
index 8071e4e..e754a1b 100644
--- a/src/slave/containerizer/mesos/isolators/volume/secret.cpp
+++ b/src/slave/containerizer/mesos/isolators/volume/secret.cpp
@@ -99,6 +99,12 @@ bool VolumeSecretIsolatorProcess::supportsNesting()
}
+bool VolumeSecretIsolatorProcess::supportsStandalone()
+{
+ return true;
+}
+
+
Future<Option<ContainerLaunchInfo>> VolumeSecretIsolatorProcess::prepare(
const ContainerID& containerId,
const ContainerConfig& containerConfig)
http://git-wip-us.apache.org/repos/asf/mesos/blob/88738706/src/slave/containerizer/mesos/isolators/volume/secret.hpp
----------------------------------------------------------------------
diff --git a/src/slave/containerizer/mesos/isolators/volume/secret.hpp b/src/slave/containerizer/mesos/isolators/volume/secret.hpp
index 2680345..4515777 100644
--- a/src/slave/containerizer/mesos/isolators/volume/secret.hpp
+++ b/src/slave/containerizer/mesos/isolators/volume/secret.hpp
@@ -46,6 +46,7 @@ public:
virtual ~VolumeSecretIsolatorProcess() {}
virtual bool supportsNesting();
+ virtual bool supportsStandalone();
virtual process::Future<Option<mesos::slave::ContainerLaunchInfo>> prepare(
const ContainerID& containerId,
http://git-wip-us.apache.org/repos/asf/mesos/blob/88738706/src/slave/containerizer/mesos/isolators/windows/cpu.cpp
----------------------------------------------------------------------
diff --git a/src/slave/containerizer/mesos/isolators/windows/cpu.cpp b/src/slave/containerizer/mesos/isolators/windows/cpu.cpp
index 782c7ad..6b376ef 100644
--- a/src/slave/containerizer/mesos/isolators/windows/cpu.cpp
+++ b/src/slave/containerizer/mesos/isolators/windows/cpu.cpp
@@ -55,6 +55,7 @@ constexpr double MIN_CPU = 0.001;
bool WindowsCpuIsolatorProcess::supportsNesting() { return true; }
+bool WindowsCpuIsolatorProcess::supportsStandalone() { return true; }
// When recovering, this ensures that our ContainerID -> PID mapping is
http://git-wip-us.apache.org/repos/asf/mesos/blob/88738706/src/slave/containerizer/mesos/isolators/windows/cpu.hpp
----------------------------------------------------------------------
diff --git a/src/slave/containerizer/mesos/isolators/windows/cpu.hpp b/src/slave/containerizer/mesos/isolators/windows/cpu.hpp
index b996b07..e1ff2ae 100644
--- a/src/slave/containerizer/mesos/isolators/windows/cpu.hpp
+++ b/src/slave/containerizer/mesos/isolators/windows/cpu.hpp
@@ -42,6 +42,7 @@ public:
static Try<mesos::slave::Isolator*> create(const Flags& flags);
bool supportsNesting() override;
+ bool supportsStandalone() override;
process::Future<Nothing> recover(
const std::list<mesos::slave::ContainerState>& state,
http://git-wip-us.apache.org/repos/asf/mesos/blob/88738706/src/slave/containerizer/mesos/isolators/windows/mem.cpp
----------------------------------------------------------------------
diff --git a/src/slave/containerizer/mesos/isolators/windows/mem.cpp b/src/slave/containerizer/mesos/isolators/windows/mem.cpp
index c6a2ded..64d1134 100644
--- a/src/slave/containerizer/mesos/isolators/windows/mem.cpp
+++ b/src/slave/containerizer/mesos/isolators/windows/mem.cpp
@@ -56,6 +56,7 @@ constexpr Bytes MIN_MEM = Megabytes(32);
bool WindowsMemIsolatorProcess::supportsNesting() { return true; }
+bool WindowsMemIsolatorProcess::supportsStandalone() { return true; }
// When recovering, this ensures that our ContainerID -> PID mapping is
http://git-wip-us.apache.org/repos/asf/mesos/blob/88738706/src/slave/containerizer/mesos/isolators/windows/mem.hpp
----------------------------------------------------------------------
diff --git a/src/slave/containerizer/mesos/isolators/windows/mem.hpp b/src/slave/containerizer/mesos/isolators/windows/mem.hpp
index 8c4e3fe..159ee6d 100644
--- a/src/slave/containerizer/mesos/isolators/windows/mem.hpp
+++ b/src/slave/containerizer/mesos/isolators/windows/mem.hpp
@@ -43,6 +43,7 @@ public:
static Try<mesos::slave::Isolator*> create(const Flags& flags);
bool supportsNesting() override;
+ bool supportsStandalone() override;
process::Future<Nothing> recover(
const std::list<mesos::slave::ContainerState>& state,