You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@mesos.apache.org by ji...@apache.org on 2015/06/23 21:59:45 UTC

[2/2] mesos git commit: Updated Isolator to return required namespaces.

Updated Isolator to return required namespaces.

This would enable the MesosContainerizer to pass on a list of namespaces
to LinuxLauncher instead of having LinuxLauncher guess it from the
isolation flags.

Review: https://reviews.apache.org/r/35585


Project: http://git-wip-us.apache.org/repos/asf/mesos/repo
Commit: http://git-wip-us.apache.org/repos/asf/mesos/commit/2143ae03
Tree: http://git-wip-us.apache.org/repos/asf/mesos/tree/2143ae03
Diff: http://git-wip-us.apache.org/repos/asf/mesos/diff/2143ae03

Branch: refs/heads/master
Commit: 2143ae0315990ed663bf5810a801adeacff3a986
Parents: 06af7a3
Author: Kapil Arya <ka...@mesosphere.io>
Authored: Tue Jun 23 12:32:32 2015 -0700
Committer: Jie Yu <yu...@gmail.com>
Committed: Tue Jun 23 12:59:33 2015 -0700

----------------------------------------------------------------------
 include/mesos/slave/isolator.hpp                        | 12 ++++++++++++
 src/slave/containerizer/isolator.cpp                    |  6 ++++++
 src/slave/containerizer/isolators/filesystem/shared.cpp |  8 ++++++++
 src/slave/containerizer/isolators/filesystem/shared.hpp |  2 ++
 src/slave/containerizer/isolators/namespaces/pid.cpp    |  6 ++++++
 src/slave/containerizer/isolators/namespaces/pid.hpp    |  2 ++
 .../containerizer/isolators/network/port_mapping.cpp    |  6 ++++++
 .../containerizer/isolators/network/port_mapping.hpp    |  2 ++
 8 files changed, 44 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/mesos/blob/2143ae03/include/mesos/slave/isolator.hpp
----------------------------------------------------------------------
diff --git a/include/mesos/slave/isolator.hpp b/include/mesos/slave/isolator.hpp
index 18edc03..ef2205d 100644
--- a/include/mesos/slave/isolator.hpp
+++ b/include/mesos/slave/isolator.hpp
@@ -30,6 +30,7 @@
 #include <process/process.hpp>
 
 #include <stout/hashset.hpp>
+#include <stout/option.hpp>
 #include <stout/try.hpp>
 
 namespace mesos {
@@ -81,6 +82,15 @@ public:
   explicit Isolator(process::Owned<IsolatorProcess> process);
   ~Isolator();
 
+  // Returns the namespaces required by the isolator. The namespaces
+  // are created while launching the executor. Isolators may return
+  // a None() to indicate that they don't require any namespaces
+  // (e.g., Isolators for OS X).
+  // TODO(karya): Since namespaces are Linux-only, create a separate
+  // LinuxIsolator (and corresponding LinuxIsolatorProcess) class
+  // for Linux-specific isolators.
+  process::Future<Option<int>> namespaces();
+
   // Recover containers from the run states and the orphan containers
   // (known to the launcher but not known to the slave) detected by
   // the launcher.
@@ -137,6 +147,8 @@ class IsolatorProcess : public process::Process<IsolatorProcess>
 public:
   virtual ~IsolatorProcess() {}
 
+  virtual process::Future<Option<int>> namespaces() { return None(); }
+
   virtual process::Future<Nothing> recover(
       const std::list<ExecutorRunState>& state,
       const hashset<ContainerID>& orphans) = 0;

http://git-wip-us.apache.org/repos/asf/mesos/blob/2143ae03/src/slave/containerizer/isolator.cpp
----------------------------------------------------------------------
diff --git a/src/slave/containerizer/isolator.cpp b/src/slave/containerizer/isolator.cpp
index d51ecc9..278824c 100644
--- a/src/slave/containerizer/isolator.cpp
+++ b/src/slave/containerizer/isolator.cpp
@@ -42,6 +42,12 @@ Isolator::~Isolator()
 }
 
 
+Future<Option<int>> Isolator::namespaces()
+{
+  return dispatch(process.get(), &IsolatorProcess::namespaces);
+}
+
+
 Future<Nothing> Isolator::recover(
     const list<ExecutorRunState>& state,
     const hashset<ContainerID>& orphans)

http://git-wip-us.apache.org/repos/asf/mesos/blob/2143ae03/src/slave/containerizer/isolators/filesystem/shared.cpp
----------------------------------------------------------------------
diff --git a/src/slave/containerizer/isolators/filesystem/shared.cpp b/src/slave/containerizer/isolators/filesystem/shared.cpp
index 5049306..24f3074 100644
--- a/src/slave/containerizer/isolators/filesystem/shared.cpp
+++ b/src/slave/containerizer/isolators/filesystem/shared.cpp
@@ -18,6 +18,8 @@
 
 #include <set>
 
+#include "linux/ns.hpp"
+
 #include "slave/containerizer/isolators/filesystem/shared.hpp"
 
 using namespace process;
@@ -62,6 +64,12 @@ Try<Isolator*> SharedFilesystemIsolatorProcess::create(const Flags& flags)
 }
 
 
+process::Future<Option<int>> SharedFilesystemIsolatorProcess::namespaces()
+{
+  return CLONE_NEWNS;
+}
+
+
 Future<Nothing> SharedFilesystemIsolatorProcess::recover(
     const list<ExecutorRunState>& states,
     const hashset<ContainerID>& orphans)

http://git-wip-us.apache.org/repos/asf/mesos/blob/2143ae03/src/slave/containerizer/isolators/filesystem/shared.hpp
----------------------------------------------------------------------
diff --git a/src/slave/containerizer/isolators/filesystem/shared.hpp b/src/slave/containerizer/isolators/filesystem/shared.hpp
index 08c6ffe..4d7d9a9 100644
--- a/src/slave/containerizer/isolators/filesystem/shared.hpp
+++ b/src/slave/containerizer/isolators/filesystem/shared.hpp
@@ -39,6 +39,8 @@ public:
 
   virtual ~SharedFilesystemIsolatorProcess();
 
+  virtual process::Future<Option<int>> namespaces();
+
   virtual process::Future<Nothing> recover(
       const std::list<mesos::slave::ExecutorRunState>& states,
       const hashset<ContainerID>& orphans);

http://git-wip-us.apache.org/repos/asf/mesos/blob/2143ae03/src/slave/containerizer/isolators/namespaces/pid.cpp
----------------------------------------------------------------------
diff --git a/src/slave/containerizer/isolators/namespaces/pid.cpp b/src/slave/containerizer/isolators/namespaces/pid.cpp
index c6b28aa..5de0791 100644
--- a/src/slave/containerizer/isolators/namespaces/pid.cpp
+++ b/src/slave/containerizer/isolators/namespaces/pid.cpp
@@ -121,6 +121,12 @@ Result<ino_t> NamespacesPidIsolatorProcess::getNamespace(
 }
 
 
+process::Future<Option<int>> NamespacesPidIsolatorProcess::namespaces()
+{
+  return CLONE_NEWPID | CLONE_NEWNS;
+}
+
+
 Future<Nothing> NamespacesPidIsolatorProcess::recover(
     const list<ExecutorRunState>& states,
     const hashset<ContainerID>& orphans)

http://git-wip-us.apache.org/repos/asf/mesos/blob/2143ae03/src/slave/containerizer/isolators/namespaces/pid.hpp
----------------------------------------------------------------------
diff --git a/src/slave/containerizer/isolators/namespaces/pid.hpp b/src/slave/containerizer/isolators/namespaces/pid.hpp
index 6b24e29..9cda3fd 100644
--- a/src/slave/containerizer/isolators/namespaces/pid.hpp
+++ b/src/slave/containerizer/isolators/namespaces/pid.hpp
@@ -56,6 +56,8 @@ public:
 
   virtual ~NamespacesPidIsolatorProcess() {}
 
+  virtual process::Future<Option<int>> namespaces();
+
   virtual process::Future<Nothing> recover(
       const std::list<mesos::slave::ExecutorRunState>& states,
       const hashset<ContainerID>& orphans);

http://git-wip-us.apache.org/repos/asf/mesos/blob/2143ae03/src/slave/containerizer/isolators/network/port_mapping.cpp
----------------------------------------------------------------------
diff --git a/src/slave/containerizer/isolators/network/port_mapping.cpp b/src/slave/containerizer/isolators/network/port_mapping.cpp
index 1eb8173..f8018f2 100644
--- a/src/slave/containerizer/isolators/network/port_mapping.cpp
+++ b/src/slave/containerizer/isolators/network/port_mapping.cpp
@@ -1633,6 +1633,12 @@ Try<Isolator*> PortMappingIsolatorProcess::create(const Flags& flags)
 }
 
 
+process::Future<Option<int>> PortMappingIsolatorProcess::namespaces()
+{
+  return CLONE_NEWNET;
+}
+
+
 Future<Nothing> PortMappingIsolatorProcess::recover(
     const list<ExecutorRunState>& states,
     const hashset<ContainerID>& orphans)

http://git-wip-us.apache.org/repos/asf/mesos/blob/2143ae03/src/slave/containerizer/isolators/network/port_mapping.hpp
----------------------------------------------------------------------
diff --git a/src/slave/containerizer/isolators/network/port_mapping.hpp b/src/slave/containerizer/isolators/network/port_mapping.hpp
index 7777ee8..6b5cf62 100644
--- a/src/slave/containerizer/isolators/network/port_mapping.hpp
+++ b/src/slave/containerizer/isolators/network/port_mapping.hpp
@@ -152,6 +152,8 @@ public:
 
   virtual ~PortMappingIsolatorProcess() {}
 
+  virtual process::Future<Option<int>> namespaces();
+
   virtual process::Future<Nothing> recover(
       const std::list<mesos::slave::ExecutorRunState>& states,
       const hashset<ContainerID>& orphans);