You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@mesos.apache.org by an...@apache.org on 2016/10/27 22:32:27 UTC

[2/2] mesos git commit: Added name format validation for mesos managed docker containers.

Added name format validation for mesos managed docker containers.

Review: https://reviews.apache.org/r/53047/


Project: http://git-wip-us.apache.org/repos/asf/mesos/repo
Commit: http://git-wip-us.apache.org/repos/asf/mesos/commit/0cb61f75
Tree: http://git-wip-us.apache.org/repos/asf/mesos/tree/0cb61f75
Diff: http://git-wip-us.apache.org/repos/asf/mesos/diff/0cb61f75

Branch: refs/heads/1.0.x
Commit: 0cb61f753411f115f7888da38c2b776dee02b072
Parents: 1e36e8f
Author: Manuwela Kanade <ma...@gmail.com>
Authored: Wed Oct 26 22:30:34 2016 -0700
Committer: Anand Mazumdar <an...@apache.org>
Committed: Thu Oct 27 14:53:47 2016 -0700

----------------------------------------------------------------------
 src/slave/containerizer/docker.cpp              | 24 ++++--
 .../docker_containerizer_tests.cpp              | 83 ++++++++++++++++++++
 2 files changed, 100 insertions(+), 7 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/mesos/blob/0cb61f75/src/slave/containerizer/docker.cpp
----------------------------------------------------------------------
diff --git a/src/slave/containerizer/docker.cpp b/src/slave/containerizer/docker.cpp
index f1ecf3b..9ad98b5 100644
--- a/src/slave/containerizer/docker.cpp
+++ b/src/slave/containerizer/docker.cpp
@@ -36,6 +36,7 @@
 #include <stout/hashset.hpp>
 #include <stout/jsonify.hpp>
 #include <stout/os.hpp>
+#include <stout/uuid.hpp>
 
 #include <stout/os/killtree.hpp>
 
@@ -94,6 +95,7 @@ const string DOCKER_SYMLINK_DIRECTORY = "docker/links";
 Option<ContainerID> parse(const Docker::Container& container)
 {
   Option<string> name = None();
+  Option<ContainerID> containerId = None();
 
   if (strings::startsWith(container.name, DOCKER_NAME_PREFIX)) {
     name = strings::remove(
@@ -114,18 +116,26 @@ Option<ContainerID> parse(const Docker::Container& container)
     if (!strings::contains(name.get(), DOCKER_NAME_SEPERATOR)) {
       ContainerID id;
       id.set_value(name.get());
-      return id;
+      containerId = id;
+    } else {
+      vector<string> parts = strings::split(name.get(), DOCKER_NAME_SEPERATOR);
+      if (parts.size() == 2 || parts.size() == 3) {
+        ContainerID id;
+        id.set_value(parts[1]);
+        containerId = id;
+      }
     }
 
-    vector<string> parts = strings::split(name.get(), DOCKER_NAME_SEPERATOR);
-    if (parts.size() == 2 || parts.size() == 3) {
-      ContainerID id;
-      id.set_value(parts[1]);
-      return id;
+    // Check if id is a valid UUID.
+    if (containerId.isSome()) {
+      Try<UUID> uuid = UUID::fromString(containerId.get().value());
+      if (uuid.isError()) {
+        return None();
+      }
     }
   }
 
-  return None();
+  return containerId;
 }
 
 

http://git-wip-us.apache.org/repos/asf/mesos/blob/0cb61f75/src/tests/containerizer/docker_containerizer_tests.cpp
----------------------------------------------------------------------
diff --git a/src/tests/containerizer/docker_containerizer_tests.cpp b/src/tests/containerizer/docker_containerizer_tests.cpp
index 4d049ed..3c7515c 100644
--- a/src/tests/containerizer/docker_containerizer_tests.cpp
+++ b/src/tests/containerizer/docker_containerizer_tests.cpp
@@ -1437,6 +1437,89 @@ TEST_F(DockerContainerizerTest, ROOT_DOCKER_SkipRecoverNonDocker)
 }
 
 
+// This test checks the docker containerizer doesn't recover containers
+// with malformed uuid.
+TEST_F(DockerContainerizerTest, ROOT_DOCKER_SkipRecoverMalformedUUID)
+{
+  MockDocker* mockDocker =
+    new MockDocker(tests::flags.docker, tests::flags.docker_socket);
+
+  Shared<Docker> docker(mockDocker);
+
+  slave::Flags flags = CreateSlaveFlags();
+  flags.docker_kill_orphans = true;
+
+  Fetcher fetcher;
+
+  Try<ContainerLogger*> logger =
+    ContainerLogger::create(flags.container_logger);
+
+  ASSERT_SOME(logger);
+
+  MockDockerContainerizer dockerContainerizer(
+      flags,
+      &fetcher,
+      Owned<ContainerLogger>(logger.get()),
+      docker);
+
+  SlaveID slaveId;
+  slaveId.set_value("s1");
+  ContainerID containerId;
+  containerId.set_value("malformedUUID");
+
+  string container = containerName(slaveId, containerId);
+
+  // Clean up container if it still exists.
+  ASSERT_TRUE(docker->rm(container, true).await(Seconds(30)));
+
+  Resources resources = Resources::parse("cpus:1;mem:512").get();
+  ContainerInfo containerInfo;
+  containerInfo.set_type(ContainerInfo::DOCKER);
+
+  // TODO(tnachen): Use local image to test if possible.
+  ContainerInfo::DockerInfo dockerInfo;
+  dockerInfo.set_image("alpine");
+  containerInfo.mutable_docker()->CopyFrom(dockerInfo);
+
+  CommandInfo commandInfo;
+  commandInfo.set_value("sleep 1000");
+
+  Future<Option<int>> run =
+    docker->run(
+        containerInfo,
+        commandInfo,
+        container,
+        flags.work_dir,
+        flags.sandbox_directory,
+        resources);
+
+  ASSERT_TRUE(
+    exists(docker, slaveId, containerId, ContainerState::RUNNING));
+
+  SlaveState slaveState;
+  slaveState.id = slaveId;
+  FrameworkState frameworkState;
+
+  ExecutorID execId;
+  execId.set_value("e1");
+
+  ExecutorState execState;
+  ExecutorInfo execInfo;
+  execState.info = execInfo;
+
+  FrameworkID frameworkId;
+  frameworkState.executors.put(execId, execState);
+  slaveState.frameworks.put(frameworkId, frameworkState);
+
+  Future<Nothing> recover = dockerContainerizer.recover(slaveState);
+  AWAIT_READY(recover);
+
+  // The container should still exist and should not get killed
+  // by containerizer recovery.
+  ASSERT_TRUE(exists(docker, slaveId, containerId));
+}
+
+
 #ifdef __linux__
 // This test verifies that we can launch a docker container with
 // persistent volume.