Re: Container user '27' is not supported
Just realized that this is already a warning (not failure).
The code that emits this warning is here:
https://github.com/apache/mesos/blob/master/src/slave/containerizer/mesos/isolators/docker/runtime.cpp#L106-L119
And `getContainerUser` is defined here:
https://github.com/apache/mesos/blob/master/src/slave/containerizer/mesos/isolators/docker/runtime.cpp#L384-L395
Basically, if your docker image defines a 'user' in the manifest (i.e.,
`USER` directive in your dockerfile, see
https://docs.docker.com/engine/reference/builder/), Mesos will emit this
warning.
The warning basically tells you that Mesos Containerizer will ignore this
field in the Dockerfile when launching your docker container.
MesosContainerizer will always launch your docker container using the uid
mapped from the specified CommandInfo.user or FrameworkInfo.user on the
agent host, irrespective of whether you defined a 'user' in your dockerfile
or not.
- Jie
On Wed, Dec 27, 2017 at 10:54 AM, Marc Roos <m.r...@f1-outsourcing.eu>
wrote:
>
>
> These are the only messages I get when I am launching the container.
>
> Dec 27 19:38:42 m02 mesos-slave[25084]: W1227 19:38:42.944775 25114
> runtime.cpp:111] Container user 'sflowrt' is not supported yet for
> container db4b85df-bf75-46a2-a080-88079d98b7a4
> Dec 27 19:38:42 m02 mesos-slave[25084]: W1227 19:38:42.944775 25114
> runtime.cpp:111] Container user 'sflowrt' is not supported yet for
> container db4b85df-bf75-46a2-a080-88079d98b7a4
>
> The reason why I am looking at these 'user' settings, is that a default
> mesos setup, is not running them.
>
>
> Marathon conf:
> {
> "id": "sflow/vizceral",
> "cmd": null,
> "cpus": 0.2,
> "mem": 256,
> "instances": 1,
> "acceptedResourceRoles": ["*"],
> "constraints": [["hostname", "CLUSTER", "m02.local"]],
> "container": {
> "type": "MESOS",
> "docker": {
> "image": "sflow/vizceral",
> "credential": null,
> "forcePullImage": false
> }
>
> }
> }
>
> marathon-1.5.2-1.noarch
> mesos-1.4.1-2.0.1.x86_64
>
>
> -Original Message-
> From: Jie Yu [mailto:yujie@gmail.com]
> Sent: woensdag 27 december 2017 17:57
> To: user
> Subject: Re: Container user '27' is not supported
>
> The 'user' specified in the image won't be honored. The current code
> will reject the container launch if the 'user' is specified in the image
> (although, i think we should print a warning if --switch_user flag is on
> because Mesos will always overwrite the user, similar to `docker run
> -u`, I'll send out patch shortly).
>
> Can you try to remove the user directive in your Dockerfile and try
> again?
>
> - Jie
>
> On Tue, Dec 26, 2017 at 6:21 AM, Marc Roos <m.r...@f1-outsourcing.eu>
> wrote:
>
>
>
> I added these changes to the mesos node:
>
> echo "true" > /etc/mesos-slave/switch_user (although I think this
> is the
> default)
> chmod u+s /usr/sbin/mesos-agent
> useradd sflowrt
>
> Modified the marathon conf to:
>
> {
> "id": "sflow/vizceral",
> "cmd": null,
> "cpus": 0.2,
> "mem": 256,
> "user": "sflowrt",
> "instances": 1,
> "acceptedResourceRoles": ["*"],
> "constraints": [["hostname", "CLUSTER", "m02.local"]],
> "container": {
> "type": "MESOS",
> "docker": {
> "image": "sflow/vizceral",
> "credential": null,
> "forcePullImage": false
> }
>
> }
> }
>
> But still getting these:
>
> Dec 26 15:18:02 m02 mesos-slave[25084]: W1226 15:18:02.415927 25111
> runtime.cpp:111] Container user 'sflowrt' is not supported yet for
> container 4e8d2cf6-b772-4e51-8154-1b8b6244f98f
> Dec 26 15:18:02 m02 mesos-slave[25084]: W1226 15:18:02.415927 25111
> runtime.cpp:111] Container user 'sflowrt' is not supported yet for
> container 4e8d2cf6-b772-4e51-8154-1b8b6244f98f
>
>
>
>
>
>
>
>
>
>
>
>
>
> -Original Message-
> From: Tomek Janiszewski [mailto:jani...@gmail.com]
> Sent: zondag 24 december 2017 15:24
> To: user@mesos.apache.org
RE: Container user '27' is not supported
These are the only messages I get when I am launching the container.
Dec 27 19:38:42 m02 mesos-slave[25084]: W1227 19:38:42.944775 25114
runtime.cpp:111] Container user 'sflowrt' is not supported yet for
container db4b85df-bf75-46a2-a080-88079d98b7a4
Dec 27 19:38:42 m02 mesos-slave[25084]: W1227 19:38:42.944775 25114
runtime.cpp:111] Container user 'sflowrt' is not supported yet for
container db4b85df-bf75-46a2-a080-88079d98b7a4
The reason why I am looking at these 'user' settings, is that a default
mesos setup, is not running them.
Marathon conf:
{
"id": "sflow/vizceral",
"cmd": null,
"cpus": 0.2,
"mem": 256,
"instances": 1,
"acceptedResourceRoles": ["*"],
"constraints": [["hostname", "CLUSTER", "m02.local"]],
"container": {
"type": "MESOS",
"docker": {
"image": "sflow/vizceral",
"credential": null,
"forcePullImage": false
}
}
}
marathon-1.5.2-1.noarch
mesos-1.4.1-2.0.1.x86_64
-Original Message-
From: Jie Yu [mailto:yujie@gmail.com]
Sent: woensdag 27 december 2017 17:57
To: user
Subject: Re: Container user '27' is not supported
The 'user' specified in the image won't be honored. The current code
will reject the container launch if the 'user' is specified in the image
(although, i think we should print a warning if --switch_user flag is on
because Mesos will always overwrite the user, similar to `docker run
-u`, I'll send out patch shortly).
Can you try to remove the user directive in your Dockerfile and try
again?
- Jie
On Tue, Dec 26, 2017 at 6:21 AM, Marc Roos <m.r...@f1-outsourcing.eu>
wrote:
I added these changes to the mesos node:
echo "true" > /etc/mesos-slave/switch_user (although I think this
is the
default)
chmod u+s /usr/sbin/mesos-agent
useradd sflowrt
Modified the marathon conf to:
{
"id": "sflow/vizceral",
"cmd": null,
"cpus": 0.2,
"mem": 256,
"user": "sflowrt",
"instances": 1,
"acceptedResourceRoles": ["*"],
"constraints": [["hostname", "CLUSTER", "m02.local"]],
"container": {
"type": "MESOS",
"docker": {
"image": "sflow/vizceral",
"credential": null,
"forcePullImage": false
}
}
}
But still getting these:
Dec 26 15:18:02 m02 mesos-slave[25084]: W1226 15:18:02.415927 25111
runtime.cpp:111] Container user 'sflowrt' is not supported yet for
container 4e8d2cf6-b772-4e51-8154-1b8b6244f98f
Dec 26 15:18:02 m02 mesos-slave[25084]: W1226 15:18:02.415927 25111
runtime.cpp:111] Container user 'sflowrt' is not supported yet for
container 4e8d2cf6-b772-4e51-8154-1b8b6244f98f
-Original Message-
From: Tomek Janiszewski [mailto:jani...@gmail.com]
Sent: zondag 24 december 2017 15:24
To: user@mesos.apache.org
Subject: Re: Container user '27' is not supported
This might be the following limitations
> If the --switch_user flag is set on the agent and the framework
specifies a user (either CommandInfo.user or FrameworkInfo.user),
we
expect that user exists in the container image and its uid and gids
matches that on the host. User namespace is not supported yet. If
the
user is not specified, root will be used by default. The operator
or the
framework can limit the capabilities of the container by using the
linux/capabilities isolator.
niedz., 24.12.2017, 14:20 użytkownik Marc Roos
<m.r...@f1-outsourcing.eu> napisał:
I am seeing this in the logs:
Container user '27' is not supported yet for container
d823196a-4ec3-41e3-a4c0-6680ba5cc99
I guess this means that the container requests to run under
a
specific
user id, and this is not yet available in mesos?
mesos-1.4.1-2.0.1.x86_64
Re: Container user '27' is not supported
The 'user' specified in the image won't be honored. The current code will
reject the container launch if the 'user' is specified in the image
(although, i think we should print a warning if --switch_user flag is on
because Mesos will always overwrite the user, similar to `docker run -u`,
I'll send out patch shortly).
Can you try to remove the user directive in your Dockerfile and try again?
- Jie
On Tue, Dec 26, 2017 at 6:21 AM, Marc Roos <m.r...@f1-outsourcing.eu> wrote:
>
> I added these changes to the mesos node:
>
> echo "true" > /etc/mesos-slave/switch_user (although I think this is the
> default)
> chmod u+s /usr/sbin/mesos-agent
> useradd sflowrt
>
> Modified the marathon conf to:
>
> {
> "id": "sflow/vizceral",
> "cmd": null,
> "cpus": 0.2,
> "mem": 256,
> "user": "sflowrt",
> "instances": 1,
> "acceptedResourceRoles": ["*"],
> "constraints": [["hostname", "CLUSTER", "m02.local"]],
> "container": {
> "type": "MESOS",
> "docker": {
> "image": "sflow/vizceral",
> "credential": null,
> "forcePullImage": false
> }
>
> }
> }
>
> But still getting these:
>
> Dec 26 15:18:02 m02 mesos-slave[25084]: W1226 15:18:02.415927 25111
> runtime.cpp:111] Container user 'sflowrt' is not supported yet for
> container 4e8d2cf6-b772-4e51-8154-1b8b6244f98f
> Dec 26 15:18:02 m02 mesos-slave[25084]: W1226 15:18:02.415927 25111
> runtime.cpp:111] Container user 'sflowrt' is not supported yet for
> container 4e8d2cf6-b772-4e51-8154-1b8b6244f98f
>
>
>
>
>
>
>
>
>
>
>
>
> -Original Message-
> From: Tomek Janiszewski [mailto:jani...@gmail.com]
> Sent: zondag 24 december 2017 15:24
> To: user@mesos.apache.org
> Subject: Re: Container user '27' is not supported
>
> This might be the following limitations
>
> > If the --switch_user flag is set on the agent and the framework
> specifies a user (either CommandInfo.user or FrameworkInfo.user), we
> expect that user exists in the container image and its uid and gids
> matches that on the host. User namespace is not supported yet. If the
> user is not specified, root will be used by default. The operator or the
> framework can limit the capabilities of the container by using the
> linux/capabilities isolator.
>
>
>
> niedz., 24.12.2017, 14:20 użytkownik Marc Roos
> <m.r...@f1-outsourcing.eu> napisał:
>
>
>
> I am seeing this in the logs:
>
> Container user '27' is not supported yet for container
> d823196a-4ec3-41e3-a4c0-6680ba5cc99
>
> I guess this means that the container requests to run under a
> specific
> user id, and this is not yet available in mesos?
>
> mesos-1.4.1-2.0.1.x86_64
>
>
>
>
RE: Container user '27' is not supported
I added these changes to the mesos node:
echo "true" > /etc/mesos-slave/switch_user (although I think this is the
default)
chmod u+s /usr/sbin/mesos-agent
useradd sflowrt
Modified the marathon conf to:
{
"id": "sflow/vizceral",
"cmd": null,
"cpus": 0.2,
"mem": 256,
"user": "sflowrt",
"instances": 1,
"acceptedResourceRoles": ["*"],
"constraints": [["hostname", "CLUSTER", "m02.local"]],
"container": {
"type": "MESOS",
"docker": {
"image": "sflow/vizceral",
"credential": null,
"forcePullImage": false
}
}
}
But still getting these:
Dec 26 15:18:02 m02 mesos-slave[25084]: W1226 15:18:02.415927 25111
runtime.cpp:111] Container user 'sflowrt' is not supported yet for
container 4e8d2cf6-b772-4e51-8154-1b8b6244f98f
Dec 26 15:18:02 m02 mesos-slave[25084]: W1226 15:18:02.415927 25111
runtime.cpp:111] Container user 'sflowrt' is not supported yet for
container 4e8d2cf6-b772-4e51-8154-1b8b6244f98f
-Original Message-
From: Tomek Janiszewski [mailto:jani...@gmail.com]
Sent: zondag 24 december 2017 15:24
To: user@mesos.apache.org
Subject: Re: Container user '27' is not supported
This might be the following limitations
> If the --switch_user flag is set on the agent and the framework
specifies a user (either CommandInfo.user or FrameworkInfo.user), we
expect that user exists in the container image and its uid and gids
matches that on the host. User namespace is not supported yet. If the
user is not specified, root will be used by default. The operator or the
framework can limit the capabilities of the container by using the
linux/capabilities isolator.
niedz., 24.12.2017, 14:20 użytkownik Marc Roos
<m.r...@f1-outsourcing.eu> napisał:
I am seeing this in the logs:
Container user '27' is not supported yet for container
d823196a-4ec3-41e3-a4c0-6680ba5cc99
I guess this means that the container requests to run under a
specific
user id, and this is not yet available in mesos?
mesos-1.4.1-2.0.1.x86_64
Re: Container user '27' is not supported
> On Dec 25, 2017, at 2:22 PM, Marc Roos <m.r...@f1-outsourcing.eu> wrote:
>
>
> Should this be done via the parameters? What key?
>
> "parameters": [{ "key": "net", "value": "host" }]
>
>
> {
> "id": "sflow/vizceral",
> "cmd": null,
> "cpus": 0.2,
> "mem": 256,
> "instances": 1,
> "acceptedResourceRoles": ["*"],
> "constraints": [["hostname", "CLUSTER", "m02.local"]],
> "container": {
>"type": "MESOS",
>"docker": {
> "image": "sflow/vizceral",
> "credential": null,
> "forcePullImage": false
>}
>
> }
> }
I guess this is a Marathon task spec? I’m not familiar with the Marathon API,
but it looks to me like you would specify the “user” field in application:
https://docs.mesosphere.com/1.9/deploying-services/marathon-api/#/apps/V2Apps3
>
>
> Dec 25 23:15:40 m02 mesos-slave[18569]: W1225 23:15:40.251715 18595
> runtime.cpp:111] Container user 'sflowrt' is not supported yet for
> container 375b21ca-2d12-4a81-8429-897aac75eaa0
> Dec 25 23:15:40 m02 mesos-slave[18569]: W1225 23:15:40.251715 18595
> runtime.cpp:111] Container user 'sflowrt' is not supported yet for
> container 375b21ca-2d12-4a81-8429-897aac75eaa0
>
> -Original Message-
> From: James Peach [mailto:jor...@gmail.com]
> Sent: zondag 24 december 2017 18:01
> To: user
> Subject: Re: Container user '27' is not supported
>
>
>
>> On Dec 24, 2017, at 5:20 AM, Marc Roos <m.r...@f1-outsourcing.eu>
> wrote:
>>
>>
>> I am seeing this in the logs:
>>
>> Container user '27' is not supported yet for container
>> d823196a-4ec3-41e3-a4c0-6680ba5cc99
>>
>> I guess this means that the container requests to run under a specific
>
>> user id, and this is not yet available in mesos?
>
> This means that the containerizer parsed the continaer user out of the
> manifest, but we don’t support running the container as that user. You
> should continue to use the TaskInfo message to specify which user the
> container will run as.
>
> J
>
RE: Container user '27' is not supported
Should this be done via the parameters? What key?
"parameters": [{ "key": "net", "value": "host" }]
{
"id": "sflow/vizceral",
"cmd": null,
"cpus": 0.2,
"mem": 256,
"instances": 1,
"acceptedResourceRoles": ["*"],
"constraints": [["hostname", "CLUSTER", "m02.local"]],
"container": {
"type": "MESOS",
"docker": {
"image": "sflow/vizceral",
"credential": null,
"forcePullImage": false
}
}
}
Dec 25 23:15:40 m02 mesos-slave[18569]: W1225 23:15:40.251715 18595
runtime.cpp:111] Container user 'sflowrt' is not supported yet for
container 375b21ca-2d12-4a81-8429-897aac75eaa0
Dec 25 23:15:40 m02 mesos-slave[18569]: W1225 23:15:40.251715 18595
runtime.cpp:111] Container user 'sflowrt' is not supported yet for
container 375b21ca-2d12-4a81-8429-897aac75eaa0
-Original Message-
From: James Peach [mailto:jor...@gmail.com]
Sent: zondag 24 december 2017 18:01
To: user
Subject: Re: Container user '27' is not supported
> On Dec 24, 2017, at 5:20 AM, Marc Roos <m.r...@f1-outsourcing.eu>
wrote:
>
>
> I am seeing this in the logs:
>
> Container user '27' is not supported yet for container
> d823196a-4ec3-41e3-a4c0-6680ba5cc99
>
> I guess this means that the container requests to run under a specific
> user id, and this is not yet available in mesos?
This means that the containerizer parsed the continaer user out of the
manifest, but we don’t support running the container as that user. You
should continue to use the TaskInfo message to specify which user the
container will run as.
J
Re: Container user '27' is not supported
> On Dec 24, 2017, at 5:20 AM, Marc Roos <m.r...@f1-outsourcing.eu> wrote: > > > I am seeing this in the logs: > > Container user '27' is not supported yet for container > d823196a-4ec3-41e3-a4c0-6680ba5cc99 > > I guess this means that the container requests to run under a specific > user id, and this is not yet available in mesos? This means that the containerizer parsed the continaer user out of the manifest, but we don’t support running the container as that user. You should continue to use the TaskInfo message to specify which user the container will run as. J
Re: Container user '27' is not supported
This might be the following limitations > If the --switch_user flag is set on the agent and the framework specifies a user (either CommandInfo.user or FrameworkInfo.user), we expect that user exists in the container image and its uid and gids matches that on the host. User namespace is not supported yet. If the user is not specified, root will be used by default. The operator or the framework can limit the capabilities of the container by using the linux/capabilities isolator. niedz., 24.12.2017, 14:20 użytkownik Marc Roos <m.r...@f1-outsourcing.eu> napisał: > > I am seeing this in the logs: > > Container user '27' is not supported yet for container > d823196a-4ec3-41e3-a4c0-6680ba5cc99 > > I guess this means that the container requests to run under a specific > user id, and this is not yet available in mesos? > > mesos-1.4.1-2.0.1.x86_64 >
Container user '27' is not supported
I am seeing this in the logs: Container user '27' is not supported yet for container d823196a-4ec3-41e3-a4c0-6680ba5cc99 I guess this means that the container requests to run under a specific user id, and this is not yet available in mesos? mesos-1.4.1-2.0.1.x86_64
