mesos-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Qian Zhang <zhq527...@gmail.com>
Subject Re: Review Request 60766: Ignored containers that join CNI networks.
Date Tue, 22 Aug 2017 15:08:06 GMT


> On Aug. 21, 2017, 4:32 p.m., Qian Zhang wrote:
> > src/slave/containerizer/mesos/containerizer.cpp
> > Line 244 (original), 245 (patched)
> > <https://reviews.apache.org/r/60766/diff/8/?file=1800294#file1800294line245>
> >
> >     So here we only count `network/cni` isolator and `network/port_mapping` isolator,
either of them (but not both of them) can work with `network/ports` isolator. Can you please
also update the comments accordingly?
> 
> James Peach wrote:
>     This is already commented just above.

The comments is:
> One and only one `network` isolator is required

However, I think we may need to be more explicitly, like: Only one of `network/cni` and `network/port_mapping`
isolators is required.


> On Aug. 21, 2017, 4:32 p.m., Qian Zhang wrote:
> > src/slave/containerizer/mesos/isolators/network/ports.cpp
> > Lines 392-402 (patched)
> > <https://reviews.apache.org/r/60766/diff/8/?file=1800296#file1800296line392>
> >
> >     Can we check `state->executor_info().container().network_infos()` rather
than checking CNI container dir?
> 
> James Peach wrote:
>     Are we guaranteed to have a named network in `state->executor_info` in the case
of nested containers joining the parent network? If not, then I think we still have to check
whether the root container has a CNI configuration. I updated the patch to do this.

Why do we need to check `state->executor_info` for nested containers? In this `recover()`
method, for a nested container, I think we still need to check `state->executor_info` for
its root container. Or maybe you can just check `infos.contains(rootContainerId)` for nested
container like what you did in `prepare()`, but I am not sure if nested containers always
come after their root container in the `state` list, it looks like it can be guaranteed.


- Qian


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/60766/#review183307
-----------------------------------------------------------


On Aug. 22, 2017, 6:01 a.m., James Peach wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/60766/
> -----------------------------------------------------------
> 
> (Updated Aug. 22, 2017, 6:01 a.m.)
> 
> 
> Review request for mesos, Qian Zhang and Jiang Yan Xu.
> 
> 
> Bugs: MESOS-7675
>     https://issues.apache.org/jira/browse/MESOS-7675
> 
> 
> Repository: mesos
> 
> 
> Description
> -------
> 
> Working on the assumption that containers with CNI networks will
> get their own IP addresses and don't need port isolation, ignore
> any containers that are joining CNI networks.
> 
> 
> Diffs
> -----
> 
>   src/slave/containerizer/mesos/containerizer.cpp 5772421c3078d36225b946a5286b8c1bf2f007e8

>   src/slave/containerizer/mesos/isolators/network/ports.hpp PRE-CREATION 
>   src/slave/containerizer/mesos/isolators/network/ports.cpp PRE-CREATION 
> 
> 
> Diff: https://reviews.apache.org/r/60766/diff/9/
> 
> 
> Testing
> -------
> 
> make check (Fedora 26).
> 
> 
> Thanks,
> 
> James Peach
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message