Uploaded image for project: 'Mesos'
  1. Mesos
  2. MESOS-6324

CNI should not use `ifconfig` in executors `pre_exec_command`

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • None
    • 1.0.2, 1.1.0
    • containerization
    • None
    • Mesosphere Sprint 44
    • 1

    Description

      Currently the `network/cni` isolator sets up the `pre_exec_command` for executors when a container needs to be launched on a non-host network. The `pre_exec_command` is `ifconfig lo up`. This is done to primarily bring loopback up in the new network namespace.

      Setting up the `pre_exec_command` to bring loopback up is problematic since the executors PATH variable is generally very limited (doesn't contain all path that the agents PATH variable has due to security concerns).

      Therefore instead of running `ifconfig lo up` in the `pre_exec_command` we should run it in `NetworkCniIsolatorSetup` subcommand, which runs with the same PATH variable as the agent.

      Attachments

        Activity

          People

            avinash.mesos Avinash Sridharan
            avinash.mesos Avinash Sridharan
            Jie Yu Jie Yu
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: