mesos-reviews mailing list archives

Site index · List index

Message view	« Date » · « Thread »
Top	« Date » · « Thread »
From	haosdent huang <haosd...@apache.org>
Subject	Re: Review Request 58200: Fix mesos runs with docker(pid namespace mismatch).
Date	Fri, 07 Apr 2017 16:45:58 GMT
> On April 7, 2017, 4:31 p.m., haosdent huang wrote: > > This requires `mesos-docker-executor` share the same namespace with `mesos-agent`. So need `--pid=host`. And `nsenter` requires privileged permissions, so need `--privileged=true`. - haosdent ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/58200/#review171361 ----------------------------------------------------------- On April 7, 2017, 4:40 p.m., Deshi Xiao wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/58200/ > ----------------------------------------------------------- > > (Updated April 7, 2017, 4:40 p.m.) > > > Review request for mesos, Alexander Rukletsov and haosdent huang. > > > Bugs: MESOS-7210 > https://issues.apache.org/jira/browse/MESOS-7210 > > > Repository: mesos > > > Description > ------- > > Becuase MESOS HTTP checks doesn't work when mesos runs with > --docker_mesos_image ( pid namespace mismatch ).So let docker > executor run with container add host pid mapping(--pid=host) > > > Diffs > ----- > > src/slave/containerizer/docker.cpp ad9ab847cb3093724ef374d036c896b4e7f18b5e > > > Diff: https://reviews.apache.org/r/58200/diff/1/ > > > Testing > ------- > > 1. Build the image with latest code. Let's name the image with `mesos-build` here. > > 2. Launch mesos master. > > ``` > $ docker run \ > -it \ > --pid host \ > --net host \ > --privileged \ > -v /var/run/docker.sock:/var/run/docker.sock \ > -v /sys/fs/cgroup:/sys/fs/cgroup \ > mesos-build \ > mesos-master \ > --hostname=127.0.0.1 \ > --ip=127.0.0.1 \ > --port=5050 \ > --work_dir=/tmp/mesos > ``` > > 3. Launch mesos agent. > > ``` > $ docker run \ > -it \ > --pid host \ > --net host \ > --privileged \ > -v /var/run/docker.sock:/var/run/docker.sock \ > -v /sys/fs/cgroup:/sys/fs/cgroup \ > mesos-build \ > mesos-agent \ > --hostname=127.0.0.1 \ > --ip=127.0.0.1 \ > --master=127.0.0.1:5050 \ > --systemd_enable_support=false \ > --work_dir=/tmp/mesos \ > --containerizers=docker,mesos \ > --docker_mesos_image=mesos-build > ``` > > 4. Launch task with health check. > > Define the task with health check. > > ``` > $ cat /tmp/task.json > { > "name": "test-health-check", > "task_id": {"value" : "test-health-check"}, > "agent_id": {"value" : ""}, > "resources": [ > { > "name": "cpus", > "type": "SCALAR", > "scalar": { > "value": 0.1 > }, > "role": "" > }, > { > "name": "mem", > "type": "SCALAR", > "scalar": { > "value": 32 > }, > "role": "" > } > ], > "command": { > "value": "sleep 1000" > }, > "container": { > "type": "DOCKER", > "volumes": [], > "docker": { > "image": "mesos-build", > "network": "HOST" > } > }, > "health_check": { > "type": "HTTP", > "http": { > "scheme": "http", > "port": 5050 > }, > "gracePeriodSeconds": 300, > "intervalSeconds": 60, > "timeoutSeconds": 20, > "maxConsecutiveFailures": 3 > } > } > ``` > > Lauch task > > ``` > $ mesos-execute --master=127.0.0.1:5050 --task=/tmp/task.json > ``` > > And verified the healthy status of task is correct. > > ``` > I0407 16:29:57.258509 88767 health_checker.cpp:123] Entered the net namespace of task (pid: '88727') successfully > I0407 16:29:57.334801 88643 health_checker.cpp:395] Performed HTTP health check for task 'test-health-check' in 86.311186ms > I0407 16:29:57.334872 88643 health_checker.cpp:319] HTTP health check for task 'test-health-check' passed > ``` > > > Thanks, > > Deshi Xiao > >
Mime	Unnamed multipart/alternative (inline, None, 0 bytes) Unnamed text/plain (inline, 7-Bit, 3814 bytes)
	View raw message