Support bridged networking mode for Docker containerizer

[ConnorDoyle]

• This is a planned feature for Mesos 0.20.1. See Mesos JIRA issue 1621.
• Some preliminary work to support this from Marathon lives in the docker_bridge branch.

[tnachen]

I think it's worthy to note that Marathon can also do random port selection for you!

[ConnorDoyle]

Consider it noted! Here's a sample of the API we'd like to provide:

{
  "id": "bridged-webapp",
  "cmd": "python3 -m http.server 8080",
  "cpus": 0.5,
  "mem": 64.0,
  "instances": 2,
  "container": {
    "type": "DOCKER",
    "docker": {
      "image": "python:3",
      "network": "BRIDGE",
      "portMappings": [
        { "containerPort": 8080, "hostPort": 0, "protocol": "tcp"},
        { "containerPort": 161, "hostPort": 0, "protocol": "udp"}
      ]
    }
  },
  "healthChecks": [
    {
      "protocol": "HTTP",
      "portIndex": 0,
      "path": "/",
      "gracePeriodSeconds": 5,
      "intervalSeconds": 20,
      "maxConsecutiveFailures": 3
    }
  ]
}

Here "hostPort": 0 retains its traditional meaning in Marathon, which is "a random port from the range included in the Mesos resource offer". The resulting ports for each task will be accessible via environment variables as well as the task details in the REST API.

[BenWhitehead]

Can we also update the env variables available inside the docker container to allow easier lookup of assigned ports?

For example it would be convenient to be able to do something like the following:

java -jar server.jar -Dhttp.port=$PORT_8080

This also fits in a little better with the docker pattern when linking containers. Here I've started one container running postgres then linked to it from another container and it's easy for my application to lookup the mapped port from the environment variables published into my container.

POSTGRES_ENV_LANG=en_US.utf8
POSTGRES_ENV_PGDATA=/var/lib/postgresql/data
POSTGRES_ENV_PG_MAJOR=9.3
POSTGRES_ENV_PG_VERSION=9.3.5-1.pgdg70+1
POSTGRES_NAME=/cranky_fermi/postgres
POSTGRES_PORT=tcp://172.17.0.15:5432
POSTGRES_PORT_5432_TCP=tcp://172.17.0.15:5432
POSTGRES_PORT_5432_TCP_ADDR=172.17.0.15
POSTGRES_PORT_5432_TCP_PORT=5432
POSTGRES_PORT_5432_TCP_PROTO=tcp

[ConnorDoyle]

@BenWhitehead tagging the environment variable with the associated container port seems useful, but in your first example wouldn't you want to bind simply to 8080 from inside the container? Binding to the host port is what the bridge helps you avoid.

[BenWhitehead]

Possibly, but also being able to say "bind to what's supposed to be 8080" would allow for host networking to work as well.

[ConnorDoyle]

Ah, so this is not necessarily a docker-only issue? As described it seems equally applicable for an arbitrary command running in a cgroups container.

[BenWhitehead]

That's true, maybe it's bigger than the docker networking this issue aims to address.

[ConnorDoyle]

Good points though, would you mind adding a separate issue to track this idea?

[BenWhitehead]

Created #588 with an example to keep track

[fillorkill]

looks like bridged networking is being moved to mesos 0.21.0. Would be nice to support CLI override for now.

[fillorkill]

I build mesos 0.21.0 which supports bridged networking with patch #25270, https://reviews.apache.org/r/25270/. It seems to be working but I'm unable to build marathon using the docker_bridge branch. Getting the same errors as here https://travis-ci.org/mesosphere/marathon/builds/34526949

[fillorkill]

nvm my last comment. I hacked around the problem by using a local maven jar package complied from mesos 0.21.0 with patch 25720 added. I have now a cluster with bridged networking running without problems.

[ConnorDoyle]

Great news! The eagle has landed in Mesos: https://reviews.apache.org/r/25270 and will ship with 0.20.1.