You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@mesos.apache.org by al...@apache.org on 2017/05/11 10:16:44 UTC

[03/11] mesos git commit: Ensured DEBUG container shares MESOS_SANDBOX with its parent.

Ensured DEBUG container shares MESOS_SANDBOX with its parent.

Review: https://reviews.apache.org/r/58818


Project: http://git-wip-us.apache.org/repos/asf/mesos/repo
Commit: http://git-wip-us.apache.org/repos/asf/mesos/commit/eecbd501
Tree: http://git-wip-us.apache.org/repos/asf/mesos/tree/eecbd501
Diff: http://git-wip-us.apache.org/repos/asf/mesos/diff/eecbd501

Branch: refs/heads/master
Commit: eecbd501670547c051a99522679c86539503adb4
Parents: 5435f84
Author: Alexander Rukletsov <al...@apache.org>
Authored: Thu Apr 27 19:16:36 2017 +0200
Committer: Alexander Rukletsov <al...@apache.org>
Committed: Thu May 11 12:15:55 2017 +0200

----------------------------------------------------------------------
 src/slave/containerizer/mesos/containerizer.cpp |   3 +-
 .../nested_mesos_containerizer_tests.cpp        | 124 +++++++++++++++++++
 2 files changed, 125 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/mesos/blob/eecbd501/src/slave/containerizer/mesos/containerizer.cpp
----------------------------------------------------------------------
diff --git a/src/slave/containerizer/mesos/containerizer.cpp b/src/slave/containerizer/mesos/containerizer.cpp
index 4c24f0b..13e5e3c 100644
--- a/src/slave/containerizer/mesos/containerizer.cpp
+++ b/src/slave/containerizer/mesos/containerizer.cpp
@@ -1457,8 +1457,7 @@ Future<bool> MesosContainerizerProcess::_launch(
     variable->set_value(value);
   }
 
-  // TODO(klueska): Remove the check below once we have a good way of
-  // setting the sandbox directory for DEBUG containers.
+  // DEBUG containers inherit MESOS_SANDBOX from their parent.
   if (!container->config.has_container_class() ||
       container->config.container_class() != ContainerClass::DEBUG) {
     // TODO(jieyu): Consider moving this to filesystem isolator.

http://git-wip-us.apache.org/repos/asf/mesos/blob/eecbd501/src/tests/containerizer/nested_mesos_containerizer_tests.cpp
----------------------------------------------------------------------
diff --git a/src/tests/containerizer/nested_mesos_containerizer_tests.cpp b/src/tests/containerizer/nested_mesos_containerizer_tests.cpp
index 3f06df2..e148fa3 100644
--- a/src/tests/containerizer/nested_mesos_containerizer_tests.cpp
+++ b/src/tests/containerizer/nested_mesos_containerizer_tests.cpp
@@ -419,6 +419,130 @@ TEST_F(NestedMesosContainerizerTest,
 }
 
 
+// This test verifies that a debug container
+// shares MESOS_SANDBOX with its parent.
+TEST_F(NestedMesosContainerizerTest,
+       ROOT_CGROUPS_DebugNestedContainerInheritsMesosSandbox)
+{
+  slave::Flags flags = CreateSlaveFlags();
+  flags.launcher = "linux";
+  flags.isolation = "cgroups/cpu,filesystem/linux,namespaces/pid";
+
+  Fetcher fetcher;
+
+  Try<MesosContainerizer*> create = MesosContainerizer::create(
+      flags,
+      false,
+      &fetcher);
+
+  ASSERT_SOME(create);
+
+  Owned<MesosContainerizer> containerizer(create.get());
+
+  SlaveState state;
+  state.id = SlaveID();
+
+  AWAIT_READY(containerizer->recover(state));
+
+  ContainerID containerId;
+  containerId.set_value(UUID::random().toString());
+
+  // Use a pipe to pass parent's MESOS_SANDBOX value to a child container.
+  Try<std::array<int, 2>> pipes_ = os::pipe();
+  ASSERT_SOME(pipes_);
+
+  const std::array<int, 2>& pipes = pipes_.get();
+
+  // NOTE: We use a non-shell command here to use 'bash -c' to execute
+  // the 'echo', which deals with the file descriptor, because of a bug
+  // in ubuntu dash. Multi-digit file descriptor is not supported in
+  // ubuntu dash, which executes the shell command.
+  CommandInfo command;
+  command.set_shell(false);
+  command.set_value("/bin/bash");
+  command.add_arguments("bash");
+  command.add_arguments("-c");
+  command.add_arguments(
+      "echo $MESOS_SANDBOX >&" + stringify(pipes[1]) + ";" + "sleep 1000");
+
+  ExecutorInfo executor;
+  executor.mutable_executor_id()->set_value("executor");
+  executor.mutable_command()->CopyFrom(command);
+  executor.mutable_resources()->CopyFrom(Resources::parse("cpus:1").get());
+
+  Try<string> directory = environment->mkdtemp();
+  ASSERT_SOME(directory);
+
+  Future<bool> launch = containerizer->launch(
+      containerId,
+      None(),
+      executor,
+      directory.get(),
+      None(),
+      state.id,
+      map<string, string>(),
+      true); // TODO(benh): Ever want to test not checkpointing?
+
+  AWAIT_ASSERT_TRUE(launch);
+
+  // Wait for the parent container to start running its task
+  // before launching a debug container inside it.
+  AWAIT_READY(process::io::poll(pipes[0], process::io::READ));
+  close(pipes[1]);
+
+  // Launch a nested debug container that compares MESOS_SANDBOX
+  // it sees with the one its parent sees.
+  {
+    ContainerID nestedContainerId;
+    nestedContainerId.mutable_parent()->CopyFrom(containerId);
+    nestedContainerId.set_value(UUID::random().toString());
+
+    // NOTE: We use a non-shell command here to use 'bash -c' to execute
+    // the 'read', which deals with the file descriptor, because of a bug
+    // in ubuntu dash. Multi-digit file descriptor is not supported in
+    // ubuntu dash, which executes the shell command.
+    CommandInfo nestedCommand;
+    nestedCommand.set_shell(false);
+    nestedCommand.set_value("/bin/bash");
+    nestedCommand.add_arguments("bash");
+    nestedCommand.add_arguments("-c");
+    nestedCommand.add_arguments(
+        "read PARENT_SANDBOX <&" + stringify(pipes[0]) + ";"
+        "[ ${PARENT_SANDBOX} == ${MESOS_SANDBOX} ] && exit 0 || exit 1;");
+
+    Future<bool> launchNested = containerizer->launch(
+        nestedContainerId,
+        nestedCommand,
+        None(),
+        None(),
+        state.id,
+        ContainerClass::DEBUG);
+
+    AWAIT_ASSERT_TRUE(launchNested);
+
+    Future<Option<ContainerTermination>> waitNested = containerizer->wait(
+        nestedContainerId);
+
+    AWAIT_READY(waitNested);
+    ASSERT_SOME(waitNested.get());
+    ASSERT_TRUE(waitNested.get()->has_status());
+    EXPECT_WEXITSTATUS_EQ(0, waitNested.get()->status());
+
+    close(pipes[0]);
+  }
+
+  // Destroy the containerizer with all associated containers.
+  Future<Option<ContainerTermination>> wait = containerizer->wait(containerId);
+
+  containerizer->destroy(containerId);
+
+  AWAIT_READY(wait);
+  ASSERT_SOME(wait.get());
+  ASSERT_TRUE(wait.get()->has_status());
+  EXPECT_WTERMSIG_EQ(SIGKILL, wait.get()->status());
+}
+
+
 TEST_F(NestedMesosContainerizerTest,
        ROOT_CGROUPS_LaunchNestedDebugCheckPidNamespace)
 {