----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/58939/#review181016 -----------------------------------------------------------
src/slave/containerizer/mesos/containerizer.cpp Lines 1112-1126 (patched) <https://reviews.apache.org/r/58939/#comment256447> I don't like the checks here, since we have the following case: what if we have a task with volumes specified in its containerinfo but no image? Let's add `filesystem/isolator` check at docker::store::create(). src/slave/containerizer/mesos/containerizer.cpp Lines 1113 (patched) <https://reviews.apache.org/r/58939/#comment256439> s/is/are/g src/slave/containerizer/mesos/containerizer.cpp Lines 1114 (patched) <https://reviews.apache.org/r/58939/#comment256440> s/to create a new mount namespace/to support container images/g src/slave/containerizer/mesos/containerizer.cpp Lines 1118-1119 (patched) <https://reviews.apache.org/r/58939/#comment256441> I would prefer: The 'filesystem/linux' isolator must be enabled for container images support. src/slave/containerizer/mesos/containerizer.cpp Lines 1123-1124 (patched) <https://reviews.apache.org/r/58939/#comment256442> Ditto. src/slave/containerizer/mesos/isolators/docker/runtime.cpp Lines 70-79 (patched) <https://reviews.apache.org/r/58939/#comment256449> Basically we dont add isolator dependencies inside of any isolator, nor the launcher since the launcher is supposed to be a component for containerizer. src/slave/containerizer/mesos/isolators/docker/runtime.cpp Lines 71 (patched) <https://reviews.apache.org/r/58939/#comment256443> "The 'filesystem/linux' isolator ..." src/tests/containerizer/docker_volume_isolator_tests.cpp Lines 231 (patched) <https://reviews.apache.org/r/58939/#comment256450> No dependency on linux filesystem isolation. src/tests/containerizer/docker_volume_isolator_tests.cpp Lines 386 (patched) <https://reviews.apache.org/r/58939/#comment256451> Ditto. src/tests/containerizer/docker_volume_isolator_tests.cpp Lines 487 (patched) <https://reviews.apache.org/r/58939/#comment256452> Ditto. src/tests/containerizer/docker_volume_isolator_tests.cpp Lines 685 (patched) <https://reviews.apache.org/r/58939/#comment256453> Ditto. src/tests/containerizer/mesos_containerizer_tests.cpp Lines 906-911 (original), 914-930 (patched) <https://reviews.apache.org/r/58939/#comment256454> No need to change this test if you do the check in docker store create(). src/tests/containerizer/mesos_containerizer_tests.cpp Lines 997-999 (original), 1016-1029 (patched) <https://reviews.apache.org/r/58939/#comment256455> Ditto. src/tests/containerizer/mesos_containerizer_tests.cpp Lines 1087-1089 (original), 1117-1130 (patched) <https://reviews.apache.org/r/58939/#comment256456> Ditto. - Gilbert Song On May 9, 2017, 11:08 a.m., Chun-Hung Hsiao wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/58939/ > ----------------------------------------------------------- > > (Updated May 9, 2017, 11:08 a.m.) > > > Review request for mesos, Anand Mazumdar, Gilbert Song, and Jie Yu. > > > Bugs: mesos-7374 > https://issues.apache.org/jira/browse/mesos-7374 > > > Repository: mesos > > > Description > ------- > > Checked if the 'filesystem/linux' isolator is enabled and the 'linux' > launcher is used when launching a mesos containerizer with an image > under Linux. This prevents the executor from messing up with the host > filesystem. The check is in `MesosContainerizerProcess::prepare()` > after provisioning and before launching, since provisioning itself > does not depend on the filesystem isolator. > > Also checked that the 'filesystem/linux' is enabled and the 'linux' > launcher is used when enabling the 'docker/runtime' isolator. > > > Diffs > ----- > > src/slave/containerizer/mesos/containerizer.cpp > 58ab74571fb14c6dbb1907151dc421f93e324bb5 > src/slave/containerizer/mesos/isolators/docker/runtime.cpp > 2a6e0b179394e0485d2495ceb4bbbcb184af08fe > src/tests/containerizer/docker_volume_isolator_tests.cpp > b47a6b5081a63ac474ac4634701b1a572eb58137 > src/tests/containerizer/mesos_containerizer_tests.cpp > 13e0f7e603a3ffdd0965b253d7abfe6a069cd2b4 > > > Diff: https://reviews.apache.org/r/58939/diff/6/ > > > Testing > ------- > > sudo make check > Manually tested on a simplified case of mesos-7374. > > > Thanks, > > Chun-Hung Hsiao > >
