[jira] [Commented] (MESOS-5278) Add a CLI allowing a user to enter a container.
[ https://issues.apache.org/jira/browse/MESOS-5278?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15310050#comment-15310050 ] Guangya Liu commented on MESOS-5278: Did some test with python as follows. 1) Create a volume file {code} root@mesos002:~/test/setns# cat /root/test/v6.json [{ "container_path":"\/tmp\/abc2", "mode":"RW", "source": { "docker_volume": { "driver":"convoy", "driver_options": {"parameter":[ { "key":"iops", "value":"150" } ]}, "name":"dvd2" }, "type":"DOCKER_VOLUME" } }] {code} 2) Start up mesos-executor {code} root@mesos002:~/src/mesos/m2/mesos/build# ./src/mesos-execute --master=192.168.56.12:5050 --command="sleep 10" --name=test --docker_image=ubuntu:14.04 --volumes=/root/test/v6.json I0601 00:19:22.391978 31447 scheduler.cpp:187] Version: 1.0.0 I0601 00:19:22.394105 31471 scheduler.cpp:471] New master detected at master@192.168.56.12:5050 Subscribed with ID '6ead2bbc-ae7e-4973-9a8d-0c9c02668573-' Submitted task 'test' to agent '6ead2bbc-ae7e-4973-9a8d-0c9c02668573-S0' Received status update TASK_RUNNING for task 'test' source: SOURCE_EXECUTOR {code} 3) Check convoy volume list and mount point {code} root@mesos002:~/test/setns# convoy list { "01569b03-81f2-47be-8d16-169c1adcb541": { "UUID": "01569b03-81f2-47be-8d16-169c1adcb541", "Name": "dvd2", "Driver": "devicemapper", "MountPoint": "/var/lib/convoy/devicemapper/mounts/01569b03-81f2-47be-8d16-169c1adcb541", "CreatedTime": "Mon Apr 18 10:57:32 +0800 2016", "DriverInfo": { "DevID": "12", "Device": "/dev/mapper/01569b03-81f2-47be-8d16-169c1adcb541", "Driver": "devicemapper", "MountPoint": "/var/lib/convoy/devicemapper/mounts/01569b03-81f2-47be-8d16-169c1adcb541", "Size": "107374182400" }, "Snapshots": {} } } root@mesos002:~/test/setns# ls /var/lib/convoy/devicemapper/mounts/01569b03-81f2-47be-8d16-169c1adcb541 ibm2 lost+found {code} 4) Using a python script to enter the mnt namespace of the container. {code} root@mesos002:~/test/setns# cat setns.py #!/usr/bin/env python import ctypes import sys import os import subprocess f = None libc = ctypes.CDLL('libc.so.6') myfd = os.open('/proc/31563/ns/mnt', os.O_RDONLY) libc.setns(myfd, 0) subprocess.Popen(['ls', '/tmp/abc2']) root@mesos002:~/test/setns# python setns.py ibm2 lost+found {code} There are currently two issues for this CLI: 1) The agent do not export the executor pid or task pid, so I cannot get the task process id now. Seems we need to expose the executor pid or task pid to mesos task endpoint? 2) Where does {{mesos enter}} run? Only in master or on the host where the container is running? I can see that for docker, I have to run {{docker exec}} on the docker server where the container is running; but with swarm, I can run {{docker exec}} anywhere. If want to enable {{mesos enter}} run anywhere, we may need to add some logic such as {{remote exec}} to {{mesos enter}}. > Add a CLI allowing a user to enter a container. > --- > > Key: MESOS-5278 > URL: https://issues.apache.org/jira/browse/MESOS-5278 > Project: Mesos > Issue Type: Improvement >Reporter: Jie Yu >Assignee: Guangya Liu > > Containers created by the unified containerizer (Mesos containerizer) uses > various namespaces (e.g., mount, network, etc.). > To improve debugability, we should create a CLI that allows an operator or a > user to enter the namespaces associated with the container, and execute an > arbitrary command in that container (similar to `docker exec`). -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (MESOS-5278) Add a CLI allowing a user to enter a container.
[ https://issues.apache.org/jira/browse/MESOS-5278?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15292484#comment-15292484 ] Guangya Liu commented on MESOS-5278: [~jieyu] , one question want to get some help from you: 1) The "mesos ps" can get all containers from the mesos cluster, so the operator can run this command on any host in the mesos cluster. 2) for the new introduced CLI "mesos enter", as we need call {{setns}} to enter the container and {{execvp}} to run the command in the container, seems this command needs to be run on the agent where the container is running; otherwise, we may need some logic to ssh to the agent where the container is running first. Any comments? [~idownes] what is the behaviour of your internal {{mesos enter}}? Thanks. > Add a CLI allowing a user to enter a container. > --- > > Key: MESOS-5278 > URL: https://issues.apache.org/jira/browse/MESOS-5278 > Project: Mesos > Issue Type: Improvement >Reporter: Jie Yu >Assignee: Guangya Liu > > Containers created by the unified containerizer (Mesos containerizer) uses > various namespaces (e.g., mount, network, etc.). > To improve debugability, we should create a CLI that allows an operator or a > user to enter the namespaces associated with the container, and execute an > arbitrary command in that container (similar to `docker exec`). -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (MESOS-5278) Add a CLI allowing a user to enter a container.
[ https://issues.apache.org/jira/browse/MESOS-5278?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15283843#comment-15283843 ] Guangya Liu commented on MESOS-5278: [~haosd...@gmail.com] , we need to put {{mesos-*}} under {{$PATH}} if want {{mesos}} command pick up those sub commands, after putting {{mesos-*}} under {{$PATH}}, I can get all subcommands for {{mesos}}. > Add a CLI allowing a user to enter a container. > --- > > Key: MESOS-5278 > URL: https://issues.apache.org/jira/browse/MESOS-5278 > Project: Mesos > Issue Type: Improvement >Reporter: Jie Yu >Assignee: Guangya Liu > > Containers created by the unified containerizer (Mesos containerizer) uses > various namespaces (e.g., mount, network, etc.). > To improve debugability, we should create a CLI that allows an operator or a > user to enter the namespaces associated with the container, and execute an > arbitrary command in that container (similar to `docker exec`). -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (MESOS-5278) Add a CLI allowing a user to enter a container.
[ https://issues.apache.org/jira/browse/MESOS-5278?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15275546#comment-15275546 ] Guangya Liu commented on MESOS-5278: [~idownes] Can you please share your internal version of this tool? I want to take it as a reference. Thanks. > Add a CLI allowing a user to enter a container. > --- > > Key: MESOS-5278 > URL: https://issues.apache.org/jira/browse/MESOS-5278 > Project: Mesos > Issue Type: Improvement >Reporter: Jie Yu >Assignee: Guangya Liu > > Containers created by the unified containerizer (Mesos containerizer) uses > various namespaces (e.g., mount, network, etc.). > To improve debugability, we should create a CLI that allows an operator or a > user to enter the namespaces associated with the container, and execute an > arbitrary command in that container (similar to `docker exec`). -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (MESOS-5278) Add a CLI allowing a user to enter a container.
[ https://issues.apache.org/jira/browse/MESOS-5278?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15259388#comment-15259388 ] haosdent commented on MESOS-5278: - I use homebrew to install mesos, and could find it. mesos-ps maps to {{src/cli/mesos-ps}} in Mesos code. {code} mesos help Usage: mesos [OPTIONS] Available commands: help cat execute local log ps resolve scp tail daemon.sh master slave start-cluster.sh start-masters.sh start-slaves.sh stop-cluster.sh stop-masters.sh stop-slaves.sh cat execute local log ps resolve scp tail {code} > Add a CLI allowing a user to enter a container. > --- > > Key: MESOS-5278 > URL: https://issues.apache.org/jira/browse/MESOS-5278 > Project: Mesos > Issue Type: Improvement >Reporter: Jie Yu >Assignee: Guangya Liu > > Containers created by the unified containerizer (Mesos containerizer) uses > various namespaces (e.g., mount, network, etc.). > To improve debugability, we should create a CLI that allows an operator or a > user to enter the namespaces associated with the container, and execute an > arbitrary command in that container (similar to `docker exec`). -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (MESOS-5278) Add a CLI allowing a user to enter a container.
[ https://issues.apache.org/jira/browse/MESOS-5278?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15259339#comment-15259339 ] Guangya Liu commented on MESOS-5278: [~idownes] Which mesos command are you using? I tried `mesos` command but found that it does not have the `ps` option. {code} root@mesos002:~/src/mesos/m3/mesos/build/src# ./mesos --help Not expecting '--help' before command Usage: lt-mesos [OPTIONS] Available commands: help health-check execute docker-executor resolve containerizer executor logrotate-logger usage master fetcher agent log tests slave http-executor local {code} > Add a CLI allowing a user to enter a container. > --- > > Key: MESOS-5278 > URL: https://issues.apache.org/jira/browse/MESOS-5278 > Project: Mesos > Issue Type: Improvement >Reporter: Jie Yu > > Containers created by the unified containerizer (Mesos containerizer) uses > various namespaces (e.g., mount, network, etc.). > To improve debugability, we should create a CLI that allows an operator or a > user to enter the namespaces associated with the container, and execute an > arbitrary command in that container (similar to `docker exec`). -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (MESOS-5278) Add a CLI allowing a user to enter a container.
[ https://issues.apache.org/jira/browse/MESOS-5278?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15259250#comment-15259250 ] Ian Downes commented on MESOS-5278: --- [~xujyan] yeah :-) it's got some code specific to Aurora's Thermos executor where it verifies the calling uid has access permission on the sandbox directory to implement crude access control when run under setuid root. It's only a small part though which could be generalized if people agreed with the broader approach. [~vinodkone] I just tried various mesos subcommands and they seem to be broken on at least 0.26.x and 0.27.x...? {code} $ mesos ps File "/usr/local/bin/mesos-ps", line 194 with ThreadingExecutor() as executor: ^ SyntaxError: invalid syntax {code} > Add a CLI allowing a user to enter a container. > --- > > Key: MESOS-5278 > URL: https://issues.apache.org/jira/browse/MESOS-5278 > Project: Mesos > Issue Type: Improvement >Reporter: Jie Yu > > Containers created by the unified containerizer (Mesos containerizer) uses > various namespaces (e.g., mount, network, etc.). > To improve debugability, we should create a CLI that allows an operator or a > user to enter the namespaces associated with the container, and execute an > arbitrary command in that container (similar to `docker exec`). -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (MESOS-5278) Add a CLI allowing a user to enter a container.
[ https://issues.apache.org/jira/browse/MESOS-5278?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15257380#comment-15257380 ] Vinod Kone commented on MESOS-5278: --- Would be great to add this as a subcommand to the existing "mesos" CLI ( does that work anymore?) instead of creating a new one. > Add a CLI allowing a user to enter a container. > --- > > Key: MESOS-5278 > URL: https://issues.apache.org/jira/browse/MESOS-5278 > Project: Mesos > Issue Type: Improvement >Reporter: Jie Yu > > Containers created by the unified containerizer (Mesos containerizer) uses > various namespaces (e.g., mount, network, etc.). > To improve debugability, we should create a CLI that allows an operator or a > user to enter the namespaces associated with the container, and execute an > arbitrary command in that container (similar to `docker exec`). -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (MESOS-5278) Add a CLI allowing a user to enter a container.
[ https://issues.apache.org/jira/browse/MESOS-5278?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15257144#comment-15257144 ] Yan Xu commented on MESOS-5278: --- This is basically MESOS-2349 right? [~idownes] we are interested too and can help with review if you share it. :) > Add a CLI allowing a user to enter a container. > --- > > Key: MESOS-5278 > URL: https://issues.apache.org/jira/browse/MESOS-5278 > Project: Mesos > Issue Type: Improvement >Reporter: Jie Yu > > Containers created by the unified containerizer (Mesos containerizer) uses > various namespaces (e.g., mount, network, etc.). > To improve debugability, we should create a CLI that allows an operator or a > user to enter the namespaces associated with the container, and execute an > arbitrary command in that container (similar to `docker exec`). -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (MESOS-5278) Add a CLI allowing a user to enter a container.
[ https://issues.apache.org/jira/browse/MESOS-5278?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15257112#comment-15257112 ] Ian Downes commented on MESOS-5278: --- I wrote an internal version of this tool which was simplified to support our environment. I can share that if you're interested? Either way, I'm definitely interested in providing input and can review. > Add a CLI allowing a user to enter a container. > --- > > Key: MESOS-5278 > URL: https://issues.apache.org/jira/browse/MESOS-5278 > Project: Mesos > Issue Type: Improvement >Reporter: Jie Yu > > Containers created by the unified containerizer (Mesos containerizer) uses > various namespaces (e.g., mount, network, etc.). > To improve debugability, we should create a CLI that allows an operator or a > user to enter the namespaces associated with the container, and execute an > arbitrary command in that container (similar to `docker exec`). -- This message was sent by Atlassian JIRA (v6.3.4#6332)