Triton compatibility for Mesos #1

Merged
merged 1 commit into from Aug 6, 2015
Jump to file or symbol
Failed to load files and symbols.
+27 −3
Diff settings

Always

Just for now

View
@@ -381,6 +381,8 @@ Future<Nothing> Docker::run(
argv.push_back("-e");
argv.push_back("MESOS_SANDBOX=" + mappedDirectory);
+ /*
+

This comment has been minimized.

@misterbisson

misterbisson Oct 16, 2015

Remove the attempt to mount the Mesos sandbox as a host volume in the Docker container. Because Docker containers run in a multi-tenant environment, there's no access to the underlying host filesystem. This is an important factor in multi-tenant security.

@misterbisson

misterbisson Oct 16, 2015

Remove the attempt to mount the Mesos sandbox as a host volume in the Docker container. Because Docker containers run in a multi-tenant environment, there's no access to the underlying host filesystem. This is an important factor in multi-tenant security.

foreach (const Volume& volume, containerInfo.volumes()) {
string volumeConfig = volume.container_path();
if (volume.has_host_path()) {
@@ -410,6 +412,8 @@ Future<Nothing> Docker::run(
argv.push_back("-v");
argv.push_back(sandboxDirectory + ":" + mappedDirectory);
+ */
+
const string& image = dockerInfo.image();
argv.push_back("--net");
View
@@ -2816,7 +2816,13 @@ void Master::_accept(
// Add task.
if (pending) {
- _offeredResources -= addTask(task_, framework, slave);
+ Resources taskResources; Resources ports;

This comment has been minimized.

@misterbisson

misterbisson Oct 16, 2015

This removes network ports as a consumable resource. Because every container gets one or more unique network interfaces, there's never a port conflict to worry about. This simplified networking is one of the many advantages of Joyent's container-native infrastructure.

@misterbisson

misterbisson Oct 16, 2015

This removes network ports as a consumable resource. Because every container gets one or more unique network interfaces, there's never a port conflict to worry about. This simplified networking is one of the many advantages of Joyent's container-native infrastructure.

+ taskResources = addTask(task_, framework, slave);
+ ports = taskResources.get("ports");
+ taskResources -= ports;
+
+ _offeredResources -= taskResources;
+
// TODO(bmahler): Consider updating this log message to
// indicate when the executor is also being launched.
@@ -1303,11 +1303,14 @@ void DockerContainerizerProcess::destroy(
container->termination.set(termination);
containers_.erase(containerId);
+
+ remove(container->name(), None());

This comment has been minimized.

@misterbisson

misterbisson Oct 16, 2015

Here (and in a number of places throughout this file), we're removing stopped Docker containers. Billing accrues for every provisioned container in Joyent's container-native infrastructure, so this step eliminates the need for garbage collection of stopped containers.

@misterbisson

misterbisson Oct 16, 2015

Here (and in a number of places throughout this file), we're removing stopped Docker containers. Billing accrues for every provisioned container in Joyent's container-native infrastructure, so this step eliminates the need for garbage collection of stopped containers.

delete container;
return;
}
+
if (container->state == Container::DESTROYING) {
// Destroy has already been initiated.
return;
@@ -1348,6 +1351,8 @@ void DockerContainerizerProcess::destroy(
// removing the container here means that we won't proceed with
// the Docker::run.
containers_.erase(containerId);
+
+ remove(container->name(), None());
delete container;
return;
@@ -1365,6 +1370,8 @@ void DockerContainerizerProcess::destroy(
container->termination.set(termination);
containers_.erase(containerId);
+
+ remove(container->name(), None());
delete container;
return;
@@ -1456,6 +1463,7 @@ void DockerContainerizerProcess::__destroy(
container->name(),
container->executorName());
+ remove(container->name(), None());
delete container;
return;
@@ -1499,6 +1507,8 @@ void DockerContainerizerProcess::___destroy(
container->name(),
container->executorName());
+
+ remove(container->name(), None());
delete container;
}
@@ -257,8 +257,12 @@ class DockerContainerizerProcess
static std::string name(const SlaveID& slaveId, const std::string& id)
{
- return DOCKER_NAME_PREFIX + slaveId.value() + DOCKER_NAME_SEPERATOR +
- stringify(id);
+ std::string slaveIdstring = slaveId.value();
+ std::transform(slaveIdstring.begin(), slaveIdstring.end(),

This comment has been minimized.

@misterbisson

misterbisson Oct 16, 2015

Here we force the Docker container name to be lower case to prevent bugs elsewhere.

@misterbisson

misterbisson Oct 16, 2015

Here we force the Docker container name to be lower case to prevent bugs elsewhere.

+ slaveIdstring.begin(), ::tolower);
+
+ return DOCKER_NAME_PREFIX + slaveIdstring + DOCKER_NAME_SEPERATOR +
+ stringify(id);
}
Container(const ContainerID& id)