You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@mesos.apache.org by mp...@apache.org on 2015/10/20 02:06:35 UTC
mesos git commit: Enhanced documentation of the `--switch_user` flag
on the agent.
Repository: mesos
Updated Branches:
refs/heads/master 30c111a97 -> 4f845eac6
Enhanced documentation of the `--switch_user` flag on the agent.
Review: https://reviews.apache.org/r/39447
Project: http://git-wip-us.apache.org/repos/asf/mesos/repo
Commit: http://git-wip-us.apache.org/repos/asf/mesos/commit/4f845eac
Tree: http://git-wip-us.apache.org/repos/asf/mesos/tree/4f845eac
Diff: http://git-wip-us.apache.org/repos/asf/mesos/diff/4f845eac
Branch: refs/heads/master
Commit: 4f845eac6390f77d8191b275261ee89b70b6d10c
Parents: 30c111a
Author: Marco Massenzio <ma...@mesosphere.io>
Authored: Mon Oct 19 17:02:06 2015 -0700
Committer: Michael Park <mp...@apache.org>
Committed: Mon Oct 19 17:02:06 2015 -0700
----------------------------------------------------------------------
docs/configuration.md | 10 +++++++---
src/slave/flags.cpp | 10 +++++++---
src/slave/paths.cpp | 7 ++++++-
3 files changed, 20 insertions(+), 7 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/mesos/blob/4f845eac/docs/configuration.md
----------------------------------------------------------------------
diff --git a/docs/configuration.md b/docs/configuration.md
index 69fb37f..c7d5da6 100644
--- a/docs/configuration.md
+++ b/docs/configuration.md
@@ -1438,9 +1438,13 @@ file:///path/to/file (where file contains one of the above)</code></pre>
--[no-]switch_user
</td>
<td>
- Whether to run tasks as the user who
- submitted them rather than the user running
- the slave (requires setuid permission) (default: true)
+ If set to `true`, the agent will attempt to run tasks as
+ the `user` who launched them (as defined in `FrameworkInfo`)
+ (this requires `setuid` permission and that the given `user`
+ exists on the agent).
+ If the user does not exist, an error occurs and the task will fail.
+ If set to `false`, tasks will be run as the same user as the Mesos
+ agent process. (default: true)
</td>
</tr>
<tr>
http://git-wip-us.apache.org/repos/asf/mesos/blob/4f845eac/src/slave/flags.cpp
----------------------------------------------------------------------
diff --git a/src/slave/flags.cpp b/src/slave/flags.cpp
index 1bf394e..6be04c9 100644
--- a/src/slave/flags.cpp
+++ b/src/slave/flags.cpp
@@ -160,9 +160,13 @@ mesos::internal::slave::Flags::Flags()
add(&Flags::switch_user,
"switch_user",
- "Whether to run tasks as the user who\n"
- "submitted them rather than the user running\n"
- "the slave (requires setuid permission)",
+ "If set to `true`, the agent will attempt to run tasks as\n"
+ "the `user` who submitted them (as defined in `FrameworkInfo`)\n"
+ "(this requires `setuid` permission and that the given `user`\n"
+ "exists on the agent).\n"
+ "If the user does not exist, an error occurs and the task will fail.\n"
+ "If set to `false`, tasks will be run as the same user as the Mesos\n"
+ "Agent process.",
true);
add(&Flags::frameworks_home,
http://git-wip-us.apache.org/repos/asf/mesos/blob/4f845eac/src/slave/paths.cpp
----------------------------------------------------------------------
diff --git a/src/slave/paths.cpp b/src/slave/paths.cpp
index fb77e64..aab7a4b 100644
--- a/src/slave/paths.cpp
+++ b/src/slave/paths.cpp
@@ -414,6 +414,8 @@ string createExecutorDirectory(
// those may be conditional and in some cases leave the executor
// directory owned by the slave user instead of the specified
// framework or per-executor user.
+ LOG(INFO) << "Trying to chown '" << directory << "' to user '"
+ << user.get() << "'";
Try<Nothing> chown = os::chown(user.get(), directory);
if (chown.isError()) {
// TODO(nnielsen): We currently have tests which depend on using
@@ -421,7 +423,10 @@ string createExecutorDirectory(
// Therefore, we cannot make the chown validation a hard
// CHECK().
LOG(WARNING) << "Failed to chown executor directory '" << directory
- << "': " << chown.error();
+ << "'. This may be due to attempting to run the executor "
+ << "as a nonexistent user on the agent; see the description"
+ << " for the `--switch_user` flag for more information: "
+ << chown.error();
}
}