If you're new to Mesos
See the getting started page for more information about downloading, building, and deploying Mesos.
If you'd like to get involved or you're looking for support
See our community page for more details.
Shared Filesystem Isolator in Mesos Containerizer
This document describes the
filesystem/shared isolator. You can turn
on this isolator by specifying the
--isolation agent flag (i.e.,
NOTE: This isolator has been deprecated in favor of using
filesystem/shared isolator can optionally be used on Linux hosts
to enable modifications to each container’s view of the shared
The modifications are specified in the ContainerInfo included in the
ExecutorInfo, either by a framework or by using the
--default_container_info agent flag.
ContainerInfo specifies Volumes which map parts of the shared filesystem (host_path) into the container’s view of the filesystem (container_path), as read-write or read-only. The host_path can be absolute, in which case it will make the filesystem subtree rooted at host_path also accessible under container_path for each container. If host_path is relative then it is considered as a directory relative to the executor’s work directory. The directory will be created and permissions copied from the corresponding directory (which must exist) in the shared filesystem.
The primary use-case for this isolator is to selectively make parts of
the shared filesystem private to each container. For example, a
private “/tmp” directory can be achieved with
container_path="/tmp" which will create a directory “tmp” inside the
executor’s work directory (mode 1777) and simultaneously mount it as
/tmp inside the container. This is transparent to processes running
inside the container. Containers will not be able to see the host’s
/tmp or any other container’s /tmp.