[MESOS-7374] Running DOCKER images in Mesos Container Runtime without `linux/filesystem` isolation enabled renders host unusable - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Blocker
Resolution: Fixed
Affects Version/s: 1.2.0
Fix Version/s: 1.4.0
Component/s: containerization
Labels:
- containerizer
- mesosphere

Target Version/s:

1.4.0
Epic Link:
Unified Container
Sprint:
Mesosphere Sprint 57, Mesosphere Sprint 58, Mesosphere Sprint 59, Mesosphere Sprint 60
Story Points:
3

Description

If I run the pod below (using Marathon 1.4.2) against a mesos agent that has the flags (also below), then the overlay filesystem replaces the system root mount, effectively rendering the host unusable until reboot.

flags:

--containerizers mesos,docker
--image_providers APPC,DOCKER
--isolation cgroups/cpu,cgroups/mem,docker/runtime

pod definition for Marathon:

{
  "id": "/simplepod",
  "scaling": { "kind": "fixed", "instances": 1 },
  "containers": [
    {
      "name": "sleep1",
      "exec": { "command": { "shell": "sleep 1000" } },
      "resources": { "cpus": 0.1, "mem": 32 },
      "image": {
        "id": "alpine",
        "kind": "DOCKER"
      }
    }
  ],
  "networks": [ {"mode": "host"} ]
}

Mesos should probably check for this and avoid replacing the system root mount point at startup or launch time.

Attachments

Activity

People

Assignee:: Chun-Hung Hsiao

Reporter:: Tim Harper

Shepherd:: Gilbert Song

Votes:: 0 Vote for this issue

Watchers:: 8 Start watching this issue

Dates

Created:: 10/Apr/17 02:57

Updated:: 02/Aug/17 23:41

Resolved:: 02/Aug/17 23:41