You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@mesos.apache.org by "Jan Schlicht (JIRA)" <ji...@apache.org> on 2018/08/14 13:36:00 UTC

[jira] [Created] (MESOS-9153) Failures when isolating cgroups can leak containers

Jan Schlicht created MESOS-9153:
-----------------------------------

             Summary: Failures when isolating cgroups can leak containers
                 Key: MESOS-9153
                 URL: https://issues.apache.org/jira/browse/MESOS-9153
             Project: Mesos
          Issue Type: Bug
    Affects Versions: 1.5.1
            Reporter: Jan Schlicht
         Attachments: health_check_leak.txt

When the isolation of cgroups fail (e.g., if cgroup hierarchies changed, as described in [MESOS-3488|https://issues.apache.org/jira/browse/MESOS-3488]) this will lead to a leaked container. Maybe only for nested container. The attached log is a {{VLOG(2)}} logs of a nested container that's started as part of a command health check for Kafka. I've removed all log lines unrelated to this container. Also, the cgroup hierarchy has been manipulated, to run into MESOS-3488.

The linux launcher fails while the containerizer is in {{ISOLATING}} state. The containerizer transitions to {{DESTROYING}} and tries to cleanup the isolators. The isolators ignore the cleanup requests, because the container ID seems to be unknown to them. In case of the Linux Filesystem Isolator, this leads to the container directory not getting cleaned up.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)