[ https://issues.apache.org/jira/browse/MESOS-5350?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15279388#comment-15279388 ]
Joseph Wu commented on MESOS-5350: ---------------------------------- Work in progress: || Review || Summary || | https://reviews.apache.org/r/47149/ | Split {{DockerContainerizerProcess::launch}} | | https://reviews.apache.org/r/47205/ | {{mesos-docker-executer}} {{--task_environment}} flag | | https://reviews.apache.org/r/47212/ | Duplicate {{executorEnvironment}} call | | https://reviews.apache.org/r/47213/ | {{FlagsBase::toVector}} | | https://reviews.apache.org/r/47214/ | Subprocess cleanup due to above | | https://reviews.apache.org/r/47215/ | Dockerized {{mesos-docker-executer}} tweak | | https://reviews.apache.org/r/47150/ | Introduce new hook (partial) | | TODO | Put hook into the DockerContainerizer | > Add asynchronous hook for validating docker containerizer tasks > --------------------------------------------------------------- > > Key: MESOS-5350 > URL: https://issues.apache.org/jira/browse/MESOS-5350 > Project: Mesos > Issue Type: Improvement > Components: docker, modules > Reporter: Joseph Wu > Assignee: Joseph Wu > Priority: Minor > Labels: containerizer, hooks, mesosphere > > It is possible to plug in custom validation logic for the MesosContainerizer > via an {{Isolator}} module, but the same is not true of the > DockerContainerizer. > Basic logic can be plugged into the DockerContainerizer via {{Hooks}}, but > this has some notable differences compared to isolators: > * Hooks are synchronous. > * Modifications to tasks via Hooks have lower priority compared to the task > itself. i.e. If both the {{TaskInfo}} and > {{slaveExecutorEnvironmentDecorator}} define the same environment variable, > the {{TaskInfo}} wins. > * Hooks have no effect if they fail (short of segfaulting) > i.e. The {{slavePreLaunchDockerHook}} has a return type of {{Try<Nothing>}}: > https://github.com/apache/mesos/blob/628ccd23501078b04fb21eee85060a6226a80ef8/include/mesos/hook.hpp#L90 > But the effect of returning an {{Error}} is a log message: > https://github.com/apache/mesos/blob/628ccd23501078b04fb21eee85060a6226a80ef8/src/hook/manager.cpp#L227-L230 > We should add a hook to the DockerContainerizer to narrow this gap. This new > hook would: > * Be called at roughly the same place as {{slavePreLaunchDockerHook}} > https://github.com/apache/mesos/blob/628ccd23501078b04fb21eee85060a6226a80ef8/src/slave/containerizer/docker.cpp#L1022 > * Return a {{Future}} and require splitting up > {{DockerContainerizer::launch}}. > * Prevent a task from launching if it returns a {{Failure}}. -- This message was sent by Atlassian JIRA (v6.3.4#6332)