You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@mesos.apache.org by mp...@apache.org on 2015/10/20 02:06:35 UTC

mesos git commit: Enhanced documentation of the `--switch_user` flag on the agent.

Repository: mesos
Updated Branches:
  refs/heads/master 30c111a97 -> 4f845eac6


Enhanced documentation of the `--switch_user` flag on the agent.

Review: https://reviews.apache.org/r/39447


Project: http://git-wip-us.apache.org/repos/asf/mesos/repo
Commit: http://git-wip-us.apache.org/repos/asf/mesos/commit/4f845eac
Tree: http://git-wip-us.apache.org/repos/asf/mesos/tree/4f845eac
Diff: http://git-wip-us.apache.org/repos/asf/mesos/diff/4f845eac

Branch: refs/heads/master
Commit: 4f845eac6390f77d8191b275261ee89b70b6d10c
Parents: 30c111a
Author: Marco Massenzio <ma...@mesosphere.io>
Authored: Mon Oct 19 17:02:06 2015 -0700
Committer: Michael Park <mp...@apache.org>
Committed: Mon Oct 19 17:02:06 2015 -0700

----------------------------------------------------------------------
 docs/configuration.md | 10 +++++++---
 src/slave/flags.cpp   | 10 +++++++---
 src/slave/paths.cpp   |  7 ++++++-
 3 files changed, 20 insertions(+), 7 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/mesos/blob/4f845eac/docs/configuration.md
----------------------------------------------------------------------
diff --git a/docs/configuration.md b/docs/configuration.md
index 69fb37f..c7d5da6 100644
--- a/docs/configuration.md
+++ b/docs/configuration.md
@@ -1438,9 +1438,13 @@ file:///path/to/file (where file contains one of the above)</code></pre>
       --[no-]switch_user
     </td>
     <td>
-      Whether to run tasks as the user who
-      submitted them rather than the user running
-      the slave (requires setuid permission) (default: true)
+      If set to `true`, the agent will attempt to run tasks as
+      the `user` who launched them (as defined in `FrameworkInfo`)
+      (this requires `setuid` permission and that the given `user`
+      exists on the agent).
+      If the user does not exist, an error occurs and the task will fail.
+      If set to `false`, tasks will be run as the same user as the Mesos
+      agent process.  (default: true)
     </td>
   </tr>
   <tr>

http://git-wip-us.apache.org/repos/asf/mesos/blob/4f845eac/src/slave/flags.cpp
----------------------------------------------------------------------
diff --git a/src/slave/flags.cpp b/src/slave/flags.cpp
index 1bf394e..6be04c9 100644
--- a/src/slave/flags.cpp
+++ b/src/slave/flags.cpp
@@ -160,9 +160,13 @@ mesos::internal::slave::Flags::Flags()
 
   add(&Flags::switch_user,
       "switch_user",
-      "Whether to run tasks as the user who\n"
-      "submitted them rather than the user running\n"
-      "the slave (requires setuid permission)",
+      "If set to `true`, the agent will attempt to run tasks as\n"
+      "the `user` who submitted them (as defined in `FrameworkInfo`)\n"
+      "(this requires `setuid` permission and that the given `user`\n"
+      "exists on the agent).\n"
+      "If the user does not exist, an error occurs and the task will fail.\n"
+      "If set to `false`, tasks will be run as the same user as the Mesos\n"
+      "Agent process.",
       true);
 
   add(&Flags::frameworks_home,

http://git-wip-us.apache.org/repos/asf/mesos/blob/4f845eac/src/slave/paths.cpp
----------------------------------------------------------------------
diff --git a/src/slave/paths.cpp b/src/slave/paths.cpp
index fb77e64..aab7a4b 100644
--- a/src/slave/paths.cpp
+++ b/src/slave/paths.cpp
@@ -414,6 +414,8 @@ string createExecutorDirectory(
     // those may be conditional and in some cases leave the executor
     // directory owned by the slave user instead of the specified
     // framework or per-executor user.
+    LOG(INFO) << "Trying to chown '" << directory << "' to user '"
+              << user.get() << "'";
     Try<Nothing> chown = os::chown(user.get(), directory);
     if (chown.isError()) {
       // TODO(nnielsen): We currently have tests which depend on using
@@ -421,7 +423,10 @@ string createExecutorDirectory(
       // Therefore, we cannot make the chown validation a hard
       // CHECK().
       LOG(WARNING) << "Failed to chown executor directory '" << directory
-                   << "': " << chown.error();
+                   << "'. This may be due to attempting to run the executor "
+                   << "as a nonexistent user on the agent; see the description"
+                   << " for the `--switch_user` flag for more information: "
+                   << chown.error();
     }
   }