Github user jieyu commented on a diff in the pull request:
https://github.com/apache/mesos/pull/263#discussion_r168655002
--- Diff: src/slave/containerizer/mesos/isolators/network/cni/cni.cpp ---
@@ -751,10 +751,11 @@ Future<Option<ContainerLaunchInfo>>
NetworkCniIsolatorProcess::prepare(
launchInfo.add_clone_namespaces(CLONE_NEWNET);
launchInfo.add_clone_namespaces(CLONE_NEWNS);
launchInfo.add_clone_namespaces(CLONE_NEWUTS);
+ infos[containerId]->needsSeparateNs = needsSeparateNs;
--- End diff --
I'd just store `joinParentNetwork` boolean in the `Info` struct.
Looks like we need some way to checkpoint this information. Otherwise,
after recovery, how does the isolator tell if it needs to call CNI detach for
nested container? Currently, since nested container always share with its
parent, no need to do any cleanup. But it's no longer true with this change.
But I think we can tell if we discover a nested container having
checkpointed data under `/var/run/mesos/isolators/network/cni/`. See
`src/slave/containerizer/mesos/isolators/network/cni/paths.hpp` for the
checkpointing layout. You'll notice this when you properly implement recover()
method.
---
