You are viewing a plain text version of this content. The canonical link for it is here.
Posted to reviews@mesos.apache.org by Qian Zhang <zh...@gmail.com> on 2017/08/03 15:20:26 UTC
Review Request 61406: Introduced `--share_pid_namespace` agent flag.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/61406/
-----------------------------------------------------------
Review request for mesos, Gastón Kleiman, Gilbert Song, Jie Yu, Kevin Klues, and Vinod Kone.
Bugs: MESOS-7853
https://issues.apache.org/jira/browse/MESOS-7853
Repository: mesos
Description
-------
Introduced `--share_pid_namespace` agent flag.
Diffs
-----
docs/configuration.md 041c3dfb9c0c1718770f74dfb33a9f5d6fbe9b61
src/slave/flags.hpp 032880dfa68cd29420e559d34e592e57827cfc07
src/slave/flags.cpp 4171604090ffebe79fa35579458cabff7270c0de
Diff: https://reviews.apache.org/r/61406/diff/1/
Testing
-------
Thanks,
Qian Zhang
Re: Review Request 61406: Introduced
`--disallow_top_level_pid_ns_sharing` agent flag.
Posted by Gilbert Song <so...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/61406/#review182232
-----------------------------------------------------------
Ship it!
Ship It!
- Gilbert Song
On Aug. 4, 2017, 9 a.m., Qian Zhang wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/61406/
> -----------------------------------------------------------
>
> (Updated Aug. 4, 2017, 9 a.m.)
>
>
> Review request for mesos, Gastón Kleiman, Gilbert Song, Jie Yu, Kevin Klues, and Vinod Kone.
>
>
> Bugs: MESOS-7853
> https://issues.apache.org/jira/browse/MESOS-7853
>
>
> Repository: mesos
>
>
> Description
> -------
>
> Introduced `--disallow_top_level_pid_ns_sharing` agent flag.
>
>
> Diffs
> -----
>
> docs/configuration.md 041c3dfb9c0c1718770f74dfb33a9f5d6fbe9b61
> src/slave/flags.hpp 032880dfa68cd29420e559d34e592e57827cfc07
> src/slave/flags.cpp 4171604090ffebe79fa35579458cabff7270c0de
>
>
> Diff: https://reviews.apache.org/r/61406/diff/2/
>
>
> Testing
> -------
>
>
> Thanks,
>
> Qian Zhang
>
>
Re: Review Request 61406: Introduced
`--disallow_sharing_agent_pid_namespace` agent flag.
Posted by Gilbert Song <so...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/61406/#review182455
-----------------------------------------------------------
Ship it!
Ship It!
- Gilbert Song
On Aug. 6, 2017, 7:52 p.m., Qian Zhang wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/61406/
> -----------------------------------------------------------
>
> (Updated Aug. 6, 2017, 7:52 p.m.)
>
>
> Review request for mesos, Gastón Kleiman, Gilbert Song, Jie Yu, Kevin Klues, and Vinod Kone.
>
>
> Bugs: MESOS-7853
> https://issues.apache.org/jira/browse/MESOS-7853
>
>
> Repository: mesos
>
>
> Description
> -------
>
> Introduced `--disallow_sharing_agent_pid_namespace` agent flag.
>
>
> Diffs
> -----
>
> docs/configuration.md 041c3dfb9c0c1718770f74dfb33a9f5d6fbe9b61
> src/slave/flags.hpp 032880dfa68cd29420e559d34e592e57827cfc07
> src/slave/flags.cpp 4171604090ffebe79fa35579458cabff7270c0de
>
>
> Diff: https://reviews.apache.org/r/61406/diff/4/
>
>
> Testing
> -------
>
>
> Thanks,
>
> Qian Zhang
>
>
Re: Review Request 61406: Introduced
`--disallow_sharing_agent_pid_namespace` agent flag.
Posted by Qian Zhang <zh...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/61406/
-----------------------------------------------------------
(Updated Aug. 7, 2017, 10:52 a.m.)
Review request for mesos, Gastón Kleiman, Gilbert Song, Jie Yu, Kevin Klues, and Vinod Kone.
Changes
-------
Addressed comments.
Summary (updated)
-----------------
Introduced `--disallow_sharing_agent_pid_namespace` agent flag.
Bugs: MESOS-7853
https://issues.apache.org/jira/browse/MESOS-7853
Repository: mesos
Description (updated)
-------
Introduced `--disallow_sharing_agent_pid_namespace` agent flag.
Diffs (updated)
-----
docs/configuration.md 041c3dfb9c0c1718770f74dfb33a9f5d6fbe9b61
src/slave/flags.hpp 032880dfa68cd29420e559d34e592e57827cfc07
src/slave/flags.cpp 4171604090ffebe79fa35579458cabff7270c0de
Diff: https://reviews.apache.org/r/61406/diff/4/
Changes: https://reviews.apache.org/r/61406/diff/3-4/
Testing
-------
Thanks,
Qian Zhang
Re: Review Request 61406: Introduced
`--disallow_top_level_pid_ns_sharing` agent flag.
Posted by Jie Yu <yu...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/61406/#review182256
-----------------------------------------------------------
src/slave/flags.hpp
Lines 95 (patched)
<https://reviews.apache.org/r/61406/#comment258151>
This should be a linux platform specific flag. Please guard it with `#ifdef __linux__`
src/slave/flags.cpp
Lines 453 (patched)
<https://reviews.apache.org/r/61406/#comment258152>
I'd suggest using the following name:
`--disallow_sharing_agent_pid_namespace`
I would mention in the comment that if set to `true`, and if the framework requests to share the agent pid namespace for the top level container, the conatiner launch will be rejected.
- Jie Yu
On Aug. 5, 2017, 3:06 p.m., Qian Zhang wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/61406/
> -----------------------------------------------------------
>
> (Updated Aug. 5, 2017, 3:06 p.m.)
>
>
> Review request for mesos, Gastón Kleiman, Gilbert Song, Jie Yu, Kevin Klues, and Vinod Kone.
>
>
> Bugs: MESOS-7853
> https://issues.apache.org/jira/browse/MESOS-7853
>
>
> Repository: mesos
>
>
> Description
> -------
>
> Introduced `--disallow_top_level_pid_ns_sharing` agent flag.
>
>
> Diffs
> -----
>
> docs/configuration.md 041c3dfb9c0c1718770f74dfb33a9f5d6fbe9b61
> src/slave/flags.hpp 032880dfa68cd29420e559d34e592e57827cfc07
> src/slave/flags.cpp 4171604090ffebe79fa35579458cabff7270c0de
>
>
> Diff: https://reviews.apache.org/r/61406/diff/3/
>
>
> Testing
> -------
>
>
> Thanks,
>
> Qian Zhang
>
>
Re: Review Request 61406: Introduced
`--disallow_top_level_pid_ns_sharing` agent flag.
Posted by Qian Zhang <zh...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/61406/
-----------------------------------------------------------
(Updated Aug. 5, 2017, 11:06 p.m.)
Review request for mesos, Gastón Kleiman, Gilbert Song, Jie Yu, Kevin Klues, and Vinod Kone.
Changes
-------
Addressed comments.
Bugs: MESOS-7853
https://issues.apache.org/jira/browse/MESOS-7853
Repository: mesos
Description
-------
Introduced `--disallow_top_level_pid_ns_sharing` agent flag.
Diffs (updated)
-----
docs/configuration.md 041c3dfb9c0c1718770f74dfb33a9f5d6fbe9b61
src/slave/flags.hpp 032880dfa68cd29420e559d34e592e57827cfc07
src/slave/flags.cpp 4171604090ffebe79fa35579458cabff7270c0de
Diff: https://reviews.apache.org/r/61406/diff/3/
Changes: https://reviews.apache.org/r/61406/diff/2-3/
Testing
-------
Thanks,
Qian Zhang
Re: Review Request 61406: Introduced
`--disallow_top_level_pid_ns_sharing` agent flag.
Posted by Qian Zhang <zh...@gmail.com>.
> On Aug. 5, 2017, 8:44 a.m., Gastón Kleiman wrote:
> > docs/configuration.md
> > Lines 2052-2054 (patched)
> > <https://reviews.apache.org/r/61406/diff/2/?file=1789459#file1789459line2052>
> >
> > s/pid namespace/PID namespace/g
I took a look at other docs (e.g., `mesos-containerizer.md` and `nested-container-and-task-group.md`), they all use `pid namespace`, so I'd like to keep consistent with them.
- Qian
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/61406/#review182249
-----------------------------------------------------------
On Aug. 5, 2017, midnight, Qian Zhang wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/61406/
> -----------------------------------------------------------
>
> (Updated Aug. 5, 2017, midnight)
>
>
> Review request for mesos, Gastón Kleiman, Gilbert Song, Jie Yu, Kevin Klues, and Vinod Kone.
>
>
> Bugs: MESOS-7853
> https://issues.apache.org/jira/browse/MESOS-7853
>
>
> Repository: mesos
>
>
> Description
> -------
>
> Introduced `--disallow_top_level_pid_ns_sharing` agent flag.
>
>
> Diffs
> -----
>
> docs/configuration.md 041c3dfb9c0c1718770f74dfb33a9f5d6fbe9b61
> src/slave/flags.hpp 032880dfa68cd29420e559d34e592e57827cfc07
> src/slave/flags.cpp 4171604090ffebe79fa35579458cabff7270c0de
>
>
> Diff: https://reviews.apache.org/r/61406/diff/2/
>
>
> Testing
> -------
>
>
> Thanks,
>
> Qian Zhang
>
>
Re: Review Request 61406: Introduced
`--disallow_top_level_pid_ns_sharing` agent flag.
Posted by Gastón Kleiman <ga...@mesosphere.io>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/61406/#review182249
-----------------------------------------------------------
Fix it, then Ship it!
docs/configuration.md
Lines 2052-2054 (patched)
<https://reviews.apache.org/r/61406/#comment258143>
s/pid namespace/PID namespace/g
docs/configuration.md
Lines 2054 (patched)
<https://reviews.apache.org/r/61406/#comment258144>
s/ignored if `namespaces/pid`/ignored if the `namespaces/pid`/
src/slave/flags.cpp
Lines 453-458 (patched)
<https://reviews.apache.org/r/61406/#comment258146>
Ditto.
- Gastón Kleiman
On Aug. 4, 2017, 4 p.m., Qian Zhang wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/61406/
> -----------------------------------------------------------
>
> (Updated Aug. 4, 2017, 4 p.m.)
>
>
> Review request for mesos, Gastón Kleiman, Gilbert Song, Jie Yu, Kevin Klues, and Vinod Kone.
>
>
> Bugs: MESOS-7853
> https://issues.apache.org/jira/browse/MESOS-7853
>
>
> Repository: mesos
>
>
> Description
> -------
>
> Introduced `--disallow_top_level_pid_ns_sharing` agent flag.
>
>
> Diffs
> -----
>
> docs/configuration.md 041c3dfb9c0c1718770f74dfb33a9f5d6fbe9b61
> src/slave/flags.hpp 032880dfa68cd29420e559d34e592e57827cfc07
> src/slave/flags.cpp 4171604090ffebe79fa35579458cabff7270c0de
>
>
> Diff: https://reviews.apache.org/r/61406/diff/2/
>
>
> Testing
> -------
>
>
> Thanks,
>
> Qian Zhang
>
>
Re: Review Request 61406: Introduced
`--disallow_top_level_pid_ns_sharing` agent flag.
Posted by Qian Zhang <zh...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/61406/
-----------------------------------------------------------
(Updated Aug. 5, 2017, midnight)
Review request for mesos, Gastón Kleiman, Gilbert Song, Jie Yu, Kevin Klues, and Vinod Kone.
Changes
-------
Addresssed comments.
Summary (updated)
-----------------
Introduced `--disallow_top_level_pid_ns_sharing` agent flag.
Bugs: MESOS-7853
https://issues.apache.org/jira/browse/MESOS-7853
Repository: mesos
Description (updated)
-------
Introduced `--disallow_top_level_pid_ns_sharing` agent flag.
Diffs (updated)
-----
docs/configuration.md 041c3dfb9c0c1718770f74dfb33a9f5d6fbe9b61
src/slave/flags.hpp 032880dfa68cd29420e559d34e592e57827cfc07
src/slave/flags.cpp 4171604090ffebe79fa35579458cabff7270c0de
Diff: https://reviews.apache.org/r/61406/diff/2/
Changes: https://reviews.apache.org/r/61406/diff/1-2/
Testing
-------
Thanks,
Qian Zhang
Re: Review Request 61406: Introduced `--share_pid_namespace` agent
flag.
Posted by Qian Zhang <zh...@gmail.com>.
> On Aug. 4, 2017, 12:29 a.m., Jie Yu wrote:
> > why we need this flag? I think we need a way for operator to prevent top level containers on a host to share with agent pid namespace.
>
> Gilbert Song wrote:
> @Qian, I guess you are trying to simplify the agent flag name, but I think we may want to emphasize that:
> 1. this is for top level container only
> 2. it is operator specific
>
> Do you have anyother concern for the flag name mentioned in the JIRA?
@Jie and @Gilbert, I know the original proposed flag name is `--disallow_top_level_pid_ns_sharing`, however, I went through all the agent flags, it seems there is no one named with `--disallow` or `--allow` as the prefix, that's why I named it `--share_pid_namespace`. However, I agree the original name is more explicit and clear, so I will change it back later.
- Qian
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/61406/#review182120
-----------------------------------------------------------
On Aug. 3, 2017, 11:20 p.m., Qian Zhang wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/61406/
> -----------------------------------------------------------
>
> (Updated Aug. 3, 2017, 11:20 p.m.)
>
>
> Review request for mesos, Gastón Kleiman, Gilbert Song, Jie Yu, Kevin Klues, and Vinod Kone.
>
>
> Bugs: MESOS-7853
> https://issues.apache.org/jira/browse/MESOS-7853
>
>
> Repository: mesos
>
>
> Description
> -------
>
> Introduced `--share_pid_namespace` agent flag.
>
>
> Diffs
> -----
>
> docs/configuration.md 041c3dfb9c0c1718770f74dfb33a9f5d6fbe9b61
> src/slave/flags.hpp 032880dfa68cd29420e559d34e592e57827cfc07
> src/slave/flags.cpp 4171604090ffebe79fa35579458cabff7270c0de
>
>
> Diff: https://reviews.apache.org/r/61406/diff/1/
>
>
> Testing
> -------
>
>
> Thanks,
>
> Qian Zhang
>
>
Re: Review Request 61406: Introduced `--share_pid_namespace` agent
flag.
Posted by Gilbert Song <so...@gmail.com>.
> On Aug. 3, 2017, 9:29 a.m., Jie Yu wrote:
> > why we need this flag? I think we need a way for operator to prevent top level containers on a host to share with agent pid namespace.
@Qian, I guess you are trying to simplify the agent flag name, but I think we may want to emphasize that:
1. this is for top level container only
2. it is operator specific
Do you have anyother concern for the flag name mentioned in the JIRA?
- Gilbert
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/61406/#review182120
-----------------------------------------------------------
On Aug. 3, 2017, 8:20 a.m., Qian Zhang wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/61406/
> -----------------------------------------------------------
>
> (Updated Aug. 3, 2017, 8:20 a.m.)
>
>
> Review request for mesos, Gastón Kleiman, Gilbert Song, Jie Yu, Kevin Klues, and Vinod Kone.
>
>
> Bugs: MESOS-7853
> https://issues.apache.org/jira/browse/MESOS-7853
>
>
> Repository: mesos
>
>
> Description
> -------
>
> Introduced `--share_pid_namespace` agent flag.
>
>
> Diffs
> -----
>
> docs/configuration.md 041c3dfb9c0c1718770f74dfb33a9f5d6fbe9b61
> src/slave/flags.hpp 032880dfa68cd29420e559d34e592e57827cfc07
> src/slave/flags.cpp 4171604090ffebe79fa35579458cabff7270c0de
>
>
> Diff: https://reviews.apache.org/r/61406/diff/1/
>
>
> Testing
> -------
>
>
> Thanks,
>
> Qian Zhang
>
>
Re: Review Request 61406: Introduced `--share_pid_namespace` agent
flag.
Posted by Jie Yu <yu...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/61406/#review182120
-----------------------------------------------------------
why we need this flag? I think we need a way for operator to prevent top level containers on a host to share with agent pid namespace.
- Jie Yu
On Aug. 3, 2017, 3:20 p.m., Qian Zhang wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/61406/
> -----------------------------------------------------------
>
> (Updated Aug. 3, 2017, 3:20 p.m.)
>
>
> Review request for mesos, Gastón Kleiman, Gilbert Song, Jie Yu, Kevin Klues, and Vinod Kone.
>
>
> Bugs: MESOS-7853
> https://issues.apache.org/jira/browse/MESOS-7853
>
>
> Repository: mesos
>
>
> Description
> -------
>
> Introduced `--share_pid_namespace` agent flag.
>
>
> Diffs
> -----
>
> docs/configuration.md 041c3dfb9c0c1718770f74dfb33a9f5d6fbe9b61
> src/slave/flags.hpp 032880dfa68cd29420e559d34e592e57827cfc07
> src/slave/flags.cpp 4171604090ffebe79fa35579458cabff7270c0de
>
>
> Diff: https://reviews.apache.org/r/61406/diff/1/
>
>
> Testing
> -------
>
>
> Thanks,
>
> Qian Zhang
>
>