You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@mesos.apache.org by an...@apache.org on 2016/10/27 22:32:26 UTC
[1/2] mesos git commit: Added MESOS-6212 to 1.0.2 CHANGELOG.
Repository: mesos
Updated Branches:
refs/heads/1.0.x ec315f28e -> 0cb61f753
Added MESOS-6212 to 1.0.2 CHANGELOG.
Project: http://git-wip-us.apache.org/repos/asf/mesos/repo
Commit: http://git-wip-us.apache.org/repos/asf/mesos/commit/1e36e8f3
Tree: http://git-wip-us.apache.org/repos/asf/mesos/tree/1e36e8f3
Diff: http://git-wip-us.apache.org/repos/asf/mesos/diff/1e36e8f3
Branch: refs/heads/1.0.x
Commit: 1e36e8f3541e477f120060e62075d29657954f97
Parents: ec315f2
Author: Anand Mazumdar <an...@apache.org>
Authored: Thu Oct 27 14:48:43 2016 -0700
Committer: Anand Mazumdar <an...@apache.org>
Committed: Thu Oct 27 14:53:13 2016 -0700
----------------------------------------------------------------------
CHANGELOG | 1 +
1 file changed, 1 insertion(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/mesos/blob/1e36e8f3/CHANGELOG
----------------------------------------------------------------------
diff --git a/CHANGELOG b/CHANGELOG
index 2ad544f..15505e0 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -13,6 +13,7 @@ All Issues:
* [MESOS-6118] - Agent would crash with docker container tasks due to host mount table read.
* [MESOS-6122] - Mesos slave throws systemd errors even when passed a flag to disable systemd
* [MESOS-6152] - Resource leak in libevent_ssl_socket.cpp.
+ * [MESOS-6212] - Validate the name format of mesos managed docker containers.
* [MESOS-6216] - LibeventSSLSocketImpl::create is not safe to call concurrently with os::getenv
* [MESOS-6233] - Master CHECK fails during recovery while relinking to other masters
* [MESOS-6234] - Potential socket leak during Zookeeper network changes
[2/2] mesos git commit: Added name format validation for mesos
managed docker containers.
Posted by an...@apache.org.
Added name format validation for mesos managed docker containers.
Review: https://reviews.apache.org/r/53047/
Project: http://git-wip-us.apache.org/repos/asf/mesos/repo
Commit: http://git-wip-us.apache.org/repos/asf/mesos/commit/0cb61f75
Tree: http://git-wip-us.apache.org/repos/asf/mesos/tree/0cb61f75
Diff: http://git-wip-us.apache.org/repos/asf/mesos/diff/0cb61f75
Branch: refs/heads/1.0.x
Commit: 0cb61f753411f115f7888da38c2b776dee02b072
Parents: 1e36e8f
Author: Manuwela Kanade <ma...@gmail.com>
Authored: Wed Oct 26 22:30:34 2016 -0700
Committer: Anand Mazumdar <an...@apache.org>
Committed: Thu Oct 27 14:53:47 2016 -0700
----------------------------------------------------------------------
src/slave/containerizer/docker.cpp | 24 ++++--
.../docker_containerizer_tests.cpp | 83 ++++++++++++++++++++
2 files changed, 100 insertions(+), 7 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/mesos/blob/0cb61f75/src/slave/containerizer/docker.cpp
----------------------------------------------------------------------
diff --git a/src/slave/containerizer/docker.cpp b/src/slave/containerizer/docker.cpp
index f1ecf3b..9ad98b5 100644
--- a/src/slave/containerizer/docker.cpp
+++ b/src/slave/containerizer/docker.cpp
@@ -36,6 +36,7 @@
#include <stout/hashset.hpp>
#include <stout/jsonify.hpp>
#include <stout/os.hpp>
+#include <stout/uuid.hpp>
#include <stout/os/killtree.hpp>
@@ -94,6 +95,7 @@ const string DOCKER_SYMLINK_DIRECTORY = "docker/links";
Option<ContainerID> parse(const Docker::Container& container)
{
Option<string> name = None();
+ Option<ContainerID> containerId = None();
if (strings::startsWith(container.name, DOCKER_NAME_PREFIX)) {
name = strings::remove(
@@ -114,18 +116,26 @@ Option<ContainerID> parse(const Docker::Container& container)
if (!strings::contains(name.get(), DOCKER_NAME_SEPERATOR)) {
ContainerID id;
id.set_value(name.get());
- return id;
+ containerId = id;
+ } else {
+ vector<string> parts = strings::split(name.get(), DOCKER_NAME_SEPERATOR);
+ if (parts.size() == 2 || parts.size() == 3) {
+ ContainerID id;
+ id.set_value(parts[1]);
+ containerId = id;
+ }
}
- vector<string> parts = strings::split(name.get(), DOCKER_NAME_SEPERATOR);
- if (parts.size() == 2 || parts.size() == 3) {
- ContainerID id;
- id.set_value(parts[1]);
- return id;
+ // Check if id is a valid UUID.
+ if (containerId.isSome()) {
+ Try<UUID> uuid = UUID::fromString(containerId.get().value());
+ if (uuid.isError()) {
+ return None();
+ }
}
}
- return None();
+ return containerId;
}
http://git-wip-us.apache.org/repos/asf/mesos/blob/0cb61f75/src/tests/containerizer/docker_containerizer_tests.cpp
----------------------------------------------------------------------
diff --git a/src/tests/containerizer/docker_containerizer_tests.cpp b/src/tests/containerizer/docker_containerizer_tests.cpp
index 4d049ed..3c7515c 100644
--- a/src/tests/containerizer/docker_containerizer_tests.cpp
+++ b/src/tests/containerizer/docker_containerizer_tests.cpp
@@ -1437,6 +1437,89 @@ TEST_F(DockerContainerizerTest, ROOT_DOCKER_SkipRecoverNonDocker)
}
+// This test checks the docker containerizer doesn't recover containers
+// with malformed uuid.
+TEST_F(DockerContainerizerTest, ROOT_DOCKER_SkipRecoverMalformedUUID)
+{
+ MockDocker* mockDocker =
+ new MockDocker(tests::flags.docker, tests::flags.docker_socket);
+
+ Shared<Docker> docker(mockDocker);
+
+ slave::Flags flags = CreateSlaveFlags();
+ flags.docker_kill_orphans = true;
+
+ Fetcher fetcher;
+
+ Try<ContainerLogger*> logger =
+ ContainerLogger::create(flags.container_logger);
+
+ ASSERT_SOME(logger);
+
+ MockDockerContainerizer dockerContainerizer(
+ flags,
+ &fetcher,
+ Owned<ContainerLogger>(logger.get()),
+ docker);
+
+ SlaveID slaveId;
+ slaveId.set_value("s1");
+ ContainerID containerId;
+ containerId.set_value("malformedUUID");
+
+ string container = containerName(slaveId, containerId);
+
+ // Clean up container if it still exists.
+ ASSERT_TRUE(docker->rm(container, true).await(Seconds(30)));
+
+ Resources resources = Resources::parse("cpus:1;mem:512").get();
+ ContainerInfo containerInfo;
+ containerInfo.set_type(ContainerInfo::DOCKER);
+
+ // TODO(tnachen): Use local image to test if possible.
+ ContainerInfo::DockerInfo dockerInfo;
+ dockerInfo.set_image("alpine");
+ containerInfo.mutable_docker()->CopyFrom(dockerInfo);
+
+ CommandInfo commandInfo;
+ commandInfo.set_value("sleep 1000");
+
+ Future<Option<int>> run =
+ docker->run(
+ containerInfo,
+ commandInfo,
+ container,
+ flags.work_dir,
+ flags.sandbox_directory,
+ resources);
+
+ ASSERT_TRUE(
+ exists(docker, slaveId, containerId, ContainerState::RUNNING));
+
+ SlaveState slaveState;
+ slaveState.id = slaveId;
+ FrameworkState frameworkState;
+
+ ExecutorID execId;
+ execId.set_value("e1");
+
+ ExecutorState execState;
+ ExecutorInfo execInfo;
+ execState.info = execInfo;
+
+ FrameworkID frameworkId;
+ frameworkState.executors.put(execId, execState);
+ slaveState.frameworks.put(frameworkId, frameworkState);
+
+ Future<Nothing> recover = dockerContainerizer.recover(slaveState);
+ AWAIT_READY(recover);
+
+ // The container should still exist and should not get killed
+ // by containerizer recovery.
+ ASSERT_TRUE(exists(docker, slaveId, containerId));
+}
+
+
#ifdef __linux__
// This test verifies that we can launch a docker container with
// persistent volume.