Re: Review Request 44706: Implemented isolate() method of "network/cni" isolator.

Sun, 20 Mar 2016 12:09:06 -0700 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/44706/#review124460
-----------------------------------------------------------



Some initial comments. Will do a pass to finish the rest later.


src/slave/containerizer/mesos/isolators/network/cni/cni.hpp (lines 32 - 56)
<https://reviews.apache.org/r/44706/#comment187034>

    Can we introduce paths.hpp|cpp under cni/ directory  for the canonical 
locations.
    
    ```
    constexpr char ROOT_DIR[] = "...";
    
    string cni::paths::getNamespaceHandle(
        const string& rootDir,
        const ContainerID& containerId);
        
    string cni::paths::getNetworkPath(
        const string& rootDir,
        const ContainerID& containerId,
        const string& name);
    
    string cni::paths::getIPv4Path(
        const string& rootDir,
        const ContainerID& containerId,
        const string& name,
        const string& ifname);
        
    string cni::paths::getIPv6Path(
        const string& rootDir,
        const ContainerID& containerId,
        const string& name,
        const string& ifname);
    ```



src/slave/containerizer/mesos/isolators/network/cni/cni.cpp (lines 206 - 212)
<https://reviews.apache.org/r/44706/#comment187035>

    I suggest we save a rootDir in the isolator process. We can easily switch 
to use a flag later. Also, we need to call 'realpath' here to make sure it's a 
realpath.
    
    We also need to make sure ROOT_DIR is a self bind mounted directory 
(slave+shared) so that namespace bind mount does not leak into containers.


- Jie Yu


On March 20, 2016, 4:27 p.m., Qian Zhang wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/44706/
> -----------------------------------------------------------
> 
> (Updated March 20, 2016, 4:27 p.m.)
> 
> 
> Review request for mesos, Avinash sridharan, Gilbert Song, and Jie Yu.
> 
> 
> Bugs: MESOS-4759
>     https://issues.apache.org/jira/browse/MESOS-4759
> 
> 
> Repository: mesos
> 
> 
> Description
> -------
> 
> Implemented isolate() method of "network/cni" isolator.
> 
> 
> Diffs
> -----
> 
>   src/slave/containerizer/mesos/isolators/network/cni/cni.hpp PRE-CREATION 
>   src/slave/containerizer/mesos/isolators/network/cni/cni.cpp PRE-CREATION 
> 
> Diff: https://reviews.apache.org/r/44706/diff/
> 
> 
> Testing
> -------
> 
> make check
> 
> 
> Thanks,
> 
> Qian Zhang
> 
>

Reply via email to