Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Triton compatibility for Mesos #1

Merged
merged 1 commit into from Aug 6, 2015
Merged
Changes from all commits
Commits
File filter...
Filter file types
Jump to…
Jump to file
Failed to load files.

Always

Just for now

@@ -381,6 +381,8 @@ Future<Nothing> Docker::run(
argv.push_back("-e");
argv.push_back("MESOS_SANDBOX=" + mappedDirectory);

/*

This comment has been minimized.

Copy link
@misterbisson

misterbisson Oct 16, 2015

Remove the attempt to mount the Mesos sandbox as a host volume in the Docker container. Because Docker containers run in a multi-tenant environment, there's no access to the underlying host filesystem. This is an important factor in multi-tenant security.

foreach (const Volume& volume, containerInfo.volumes()) {
string volumeConfig = volume.container_path();
if (volume.has_host_path()) {
@@ -410,6 +412,8 @@ Future<Nothing> Docker::run(
argv.push_back("-v");
argv.push_back(sandboxDirectory + ":" + mappedDirectory);
*/

const string& image = dockerInfo.image();

argv.push_back("--net");
@@ -2816,7 +2816,13 @@ void Master::_accept(

// Add task.
if (pending) {
_offeredResources -= addTask(task_, framework, slave);
Resources taskResources; Resources ports;

This comment has been minimized.

Copy link
@misterbisson

misterbisson Oct 16, 2015

This removes network ports as a consumable resource. Because every container gets one or more unique network interfaces, there's never a port conflict to worry about. This simplified networking is one of the many advantages of Joyent's container-native infrastructure.

taskResources = addTask(task_, framework, slave);
ports = taskResources.get("ports");
taskResources -= ports;

_offeredResources -= taskResources;


// TODO(bmahler): Consider updating this log message to
// indicate when the executor is also being launched.
@@ -1303,11 +1303,14 @@ void DockerContainerizerProcess::destroy(
container->termination.set(termination);

containers_.erase(containerId);

remove(container->name(), None());

This comment has been minimized.

Copy link
@misterbisson

misterbisson Oct 16, 2015

Here (and in a number of places throughout this file), we're removing stopped Docker containers. Billing accrues for every provisioned container in Joyent's container-native infrastructure, so this step eliminates the need for garbage collection of stopped containers.

delete container;

return;
}


if (container->state == Container::DESTROYING) {
// Destroy has already been initiated.
return;
@@ -1348,6 +1351,8 @@ void DockerContainerizerProcess::destroy(
// removing the container here means that we won't proceed with
// the Docker::run.
containers_.erase(containerId);

remove(container->name(), None());
delete container;

return;
@@ -1365,6 +1370,8 @@ void DockerContainerizerProcess::destroy(
container->termination.set(termination);

containers_.erase(containerId);

remove(container->name(), None());
delete container;

return;
@@ -1456,6 +1463,7 @@ void DockerContainerizerProcess::__destroy(
container->name(),
container->executorName());

remove(container->name(), None());
delete container;

return;
@@ -1499,6 +1507,8 @@ void DockerContainerizerProcess::___destroy(
container->name(),
container->executorName());


remove(container->name(), None());
delete container;
}

@@ -257,8 +257,12 @@ class DockerContainerizerProcess

static std::string name(const SlaveID& slaveId, const std::string& id)
{
return DOCKER_NAME_PREFIX + slaveId.value() + DOCKER_NAME_SEPERATOR +
stringify(id);
std::string slaveIdstring = slaveId.value();
std::transform(slaveIdstring.begin(), slaveIdstring.end(),

This comment has been minimized.

Copy link
@misterbisson

misterbisson Oct 16, 2015

Here we force the Docker container name to be lower case to prevent bugs elsewhere.

slaveIdstring.begin(), ::tolower);

return DOCKER_NAME_PREFIX + slaveIdstring + DOCKER_NAME_SEPERATOR +
stringify(id);
}

Container(const ContainerID& id)
ProTip! Use n and p to navigate between commits in a pull request.
You can’t perform that action at this time.