Uploaded image for project: 'Mesos'
  1. Mesos
  2. MESOS-8356

Persistent volume ownership is set to root despite of sandbox owner (frameworkInfo.user) when docker executor is used

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Critical
    • Resolution: Fixed
    • 1.1.3, 1.2.3, 1.3.1, 1.4.1
    • 1.3.2, 1.4.2, 1.5.0
    • None
    • Centos 7, Mesos 1.4.1, Docker Engine 1.13

    Description

      PersistentVolume ownership is not set to match the sandbox user when the docker executor is used. Looks like the issue was introduced by https://reviews.apache.org/r/45963/
      I didn't check the universal containerizer yet.

      As far as I understand the following code is supposed to check that a volume is not being already used by other tasks/containers.

      src/slave/containerizer/docker.cpp

          foreachvalue (const Container* container, containers_) {
            if (container->resources.contains(resource)) {
              isVolumeInUse = true;
              break;
            }
          }
      

      But it doesn't exclude a container to be launch (In my case I have only one container - no group of tasks). Thus the ownership of PersistentVolume stays "root" (I run mesos-agent under root) and it's impossible to use the volume inside the container. We always run processes inside Docker containers under unprivileged user.

      Making a small patch to exclude the container to launch fixes the issue.

          foreachvalue (const Container* container, containers_) {
            if (container->resources.contains(resource) &&
                containerId != container->id) {
              isVolumeInUse = true;
              break;
            }
          }
      

      Attachments

        Activity

          People

            jieyu Jie Yu
            kkalin Konstantin Kalin
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: