[MESOS-8356] Persistent volume ownership is set to root despite of sandbox owner (frameworkInfo.user) when docker executor is used - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Critical
Resolution: Fixed
Affects Version/s: 1.1.3, 1.2.3, 1.3.1, 1.4.1
Fix Version/s: 1.3.2, 1.4.2, 1.5.0
Component/s: None
Labels:
- persistent-volumes
Environment:

Centos 7, Mesos 1.4.1, Docker Engine 1.13

Target Version/s:

1.3.2, 1.4.2, 1.5.1

Description

PersistentVolume ownership is not set to match the sandbox user when the docker executor is used. Looks like the issue was introduced by https://reviews.apache.org/r/45963/
I didn't check the universal containerizer yet.

As far as I understand the following code is supposed to check that a volume is not being already used by other tasks/containers.

src/slave/containerizer/docker.cpp

    foreachvalue (const Container* container, containers_) {
      if (container->resources.contains(resource)) {
        isVolumeInUse = true;
        break;
      }
    }

But it doesn't exclude a container to be launch (In my case I have only one container - no group of tasks). Thus the ownership of PersistentVolume stays "root" (I run mesos-agent under root) and it's impossible to use the volume inside the container. We always run processes inside Docker containers under unprivileged user.

Making a small patch to exclude the container to launch fixes the issue.

    foreachvalue (const Container* container, containers_) {
      if (container->resources.contains(resource) &&
          containerId != container->id) {
        isVolumeInUse = true;
        break;
      }
    }

Attachments

Activity

People

Assignee:: Jie Yu

Reporter:: Konstantin Kalin

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 22/Dec/17 14:48

Updated:: 09/Jan/18 20:55

Resolved:: 09/Jan/18 20:55