Apache Mesos
containerizer.hpp
Go to the documentation of this file.
1 // Licensed to the Apache Software Foundation (ASF) under one
2 // or more contributor license agreements. See the NOTICE file
3 // distributed with this work for additional information
4 // regarding copyright ownership. The ASF licenses this file
5 // to you under the Apache License, Version 2.0 (the
6 // "License"); you may not use this file except in compliance
7 // with the License. You may obtain a copy of the License at
8 //
9 // http://www.apache.org/licenses/LICENSE-2.0
10 //
11 // Unless required by applicable law or agreed to in writing, software
12 // distributed under the License is distributed on an "AS IS" BASIS,
13 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 // See the License for the specific language governing permissions and
15 // limitations under the License.
16 
17 #ifndef __MESOS_CONTAINERIZER_HPP__
18 #define __MESOS_CONTAINERIZER_HPP__
19 
20 #include <vector>
21 
22 #include <mesos/secret/resolver.hpp>
23 
24 #include <mesos/slave/isolator.hpp>
25 
26 #include <process/clock.hpp>
27 #include <process/http.hpp>
28 #include <process/id.hpp>
29 #include <process/sequence.hpp>
30 #include <process/shared.hpp>
31 #include <process/time.hpp>
32 
33 #include <process/metrics/counter.hpp>
34 
35 #include <stout/hashmap.hpp>
36 #include <stout/multihashmap.hpp>
37 #include <stout/os/int_fd.hpp>
38 
39 #include "slave/csi_server.hpp"
40 #include "slave/gc.hpp"
41 #include "slave/state.hpp"
42 
43 #include "slave/containerizer/containerizer.hpp"
44 
45 #include "slave/containerizer/mesos/launcher.hpp"
46 
47 #include "slave/containerizer/mesos/io/switchboard.hpp"
48 
49 #include "slave/containerizer/mesos/isolators/gpu/nvidia.hpp"
50 
51 #include "slave/containerizer/mesos/provisioner/provisioner.hpp"
52 
53 namespace mesos {
54 namespace internal {
55 namespace slave {
56 
57 // If the container class is not of type `DEBUG` (i.e., it is not set or
58 // `DEFAULT`), we log the line at the INFO level. Otherwise, we use VLOG(1).
59 // The purpose of this macro is to avoid polluting agent logs with information
60 // related to `DEBUG` containers as this type of container can run periodically.
61 #define LOG_BASED_ON_CLASS(containerClass) \
62  LOG_IF(INFO, (containerClass != ContainerClass::DEBUG) || VLOG_IS_ON(1))
63 
64 // Forward declaration.
65 class MesosContainerizerProcess;
66 
67 
68 class MesosContainerizer : public Containerizer
69 {
70 public:
71  static Try<MesosContainerizer*> create(
72  const Flags& flags,
73  bool local,
74  Fetcher* fetcher,
75  GarbageCollector* gc = nullptr,
76  SecretResolver* secretResolver = nullptr,
77  const Option<NvidiaComponents>& nvidia = None(),
78  VolumeGidManager* volumeGidManager = nullptr,
79  PendingFutureTracker* futureTracker = nullptr,
80  CSIServer* csiServer = nullptr);
81 
82  static Try<MesosContainerizer*> create(
83  const Flags& flags,
84  bool local,
85  Fetcher* fetcher,
86  GarbageCollector* gc,
87  const process::Owned<Launcher>& launcher,
88  const process::Shared<Provisioner>& provisioner,
89  const std::vector<process::Owned<mesos::slave::Isolator>>& isolators,
90  VolumeGidManager* volumeGidManager = nullptr);
91 
92  ~MesosContainerizer() override;
93 
94  process::Future<Nothing> recover(
95  const Option<state::SlaveState>& state) override;
96 
97  process::Future<Containerizer::LaunchResult> launch(
98  const ContainerID& containerId,
99  const mesos::slave::ContainerConfig& containerConfig,
100  const std::map<std::string, std::string>& environment,
101  const Option<std::string>& pidCheckpointPath) override;
102 
103  process::Future<process::http::Connection> attach(
104  const ContainerID& containerId) override;
105 
106  process::Future<Nothing> update(
107  const ContainerID& containerId,
108  const Resources& resourceRequests,
109  const google::protobuf::Map<
110  std::string, Value::Scalar>& resourceLimits = {}) override;
111 
112  process::Future<ResourceStatistics> usage(
113  const ContainerID& containerId) override;
114 
115  process::Future<ContainerStatus> status(
116  const ContainerID& containerId) override;
117 
118  process::Future<Option<mesos::slave::ContainerTermination>> wait(
119  const ContainerID& containerId) override;
120 
121  process::Future<Option<mesos::slave::ContainerTermination>> destroy(
122  const ContainerID& containerId) override;
123 
124  process::Future<bool> kill(
125  const ContainerID& containerId,
126  int signal) override;
127 
128  process::Future<hashset<ContainerID>> containers() override;
129 
130  process::Future<Nothing> remove(const ContainerID& containerId) override;
131 
132  process::Future<Nothing> pruneImages(
133  const std::vector<Image>& excludedImages) override;
134 
135 private:
136  explicit MesosContainerizer(
137  const process::Owned<MesosContainerizerProcess>& process);
138 
139  process::Owned<MesosContainerizerProcess> process;
140 };
141 
142 
143 class MesosContainerizerProcess
144  : public process::Process<MesosContainerizerProcess>
145 {
146 public:
147  MesosContainerizerProcess(
148  const Flags& _flags,
149  Fetcher* _fetcher,
150  GarbageCollector* _gc,
151  IOSwitchboard* _ioSwitchboard,
152  const process::Owned<Launcher>& _launcher,
153  const process::Shared<Provisioner>& _provisioner,
154  const std::vector<process::Owned<mesos::slave::Isolator>>& _isolators,
155  VolumeGidManager* _volumeGidManager,
156  const Option<int_fd>& _initMemFd,
157  const Option<int_fd>& _commandExecutorMemFd)
158  : ProcessBase(process::ID::generate("mesos-containerizer")),
159  flags(_flags),
160  fetcher(_fetcher),
161  gc(_gc),
162  ioSwitchboard(_ioSwitchboard),
163  launcher(_launcher),
164  provisioner(_provisioner),
165  isolators(_isolators),
166  volumeGidManager(_volumeGidManager),
167  initMemFd(_initMemFd),
168  commandExecutorMemFd(_commandExecutorMemFd) {}
169 
170  ~MesosContainerizerProcess() override
171  {
172  if (initMemFd.isSome()) {
173  Try<Nothing> close = os::close(initMemFd.get());
174  if (close.isError()) {
175  LOG(WARNING) << "Failed to close memfd '" << stringify(initMemFd.get())
176  << "': " << close.error();
177  }
178  }
179 
180  if (commandExecutorMemFd.isSome()) {
181  Try<Nothing> close = os::close(commandExecutorMemFd.get());
182  if (close.isError()) {
183  LOG(WARNING) << "Failed to close memfd '"
184  << stringify(commandExecutorMemFd.get())
185  << "': " << close.error();
186  }
187  }
188  }
189 
190  virtual process::Future<Nothing> recover(
191  const Option<state::SlaveState>& state);
192 
193  virtual process::Future<Containerizer::LaunchResult> launch(
194  const ContainerID& containerId,
195  const mesos::slave::ContainerConfig& containerConfig,
196  const std::map<std::string, std::string>& environment,
197  const Option<std::string>& pidCheckpointPath);
198 
199  virtual process::Future<process::http::Connection> attach(
200  const ContainerID& containerId);
201 
202  virtual process::Future<Nothing> update(
203  const ContainerID& containerId,
204  const Resources& resourceRequests,
205  const google::protobuf::Map<
206  std::string, Value::Scalar>& resourceLimits = {});
207 
208  virtual process::Future<ResourceStatistics> usage(
209  const ContainerID& containerId);
210 
211  virtual process::Future<ContainerStatus> status(
212  const ContainerID& containerId);
213 
214  virtual process::Future<Option<mesos::slave::ContainerTermination>> wait(
215  const ContainerID& containerId);
216 
217  virtual process::Future<Containerizer::LaunchResult> exec(
218  const ContainerID& containerId,
219  int_fd pipeWrite);
220 
221  virtual process::Future<Option<mesos::slave::ContainerTermination>> destroy(
222  const ContainerID& containerId,
223  const Option<mesos::slave::ContainerTermination>& termination);
224 
225  virtual process::Future<bool> kill(
226  const ContainerID& containerId,
227  int signal);
228 
229  virtual process::Future<Nothing> remove(const ContainerID& containerId);
230 
231  virtual process::Future<hashset<ContainerID>> containers();
232 
233  virtual process::Future<Nothing> pruneImages(
234  const std::vector<Image>& excludedImages);
235 
236 private:
237  enum State
238  {
239  STARTING,
240  PROVISIONING,
241  PREPARING,
242  ISOLATING,
243  FETCHING,
244  RUNNING,
245  DESTROYING
246  };
247 
248  friend std::ostream& operator<<(std::ostream& stream, const State& state);
249 
250  process::Future<Nothing> _recover(
251  const std::vector<mesos::slave::ContainerState>& recoverable,
252  const hashset<ContainerID>& orphans);
253 
254  process::Future<std::vector<Nothing>> recoverIsolators(
255  const std::vector<mesos::slave::ContainerState>& recoverable,
256  const hashset<ContainerID>& orphans);
257 
258  process::Future<Nothing> recoverProvisioner(
259  const std::vector<mesos::slave::ContainerState>& recoverable,
260  const hashset<ContainerID>& orphans);
261 
262  process::Future<Nothing> __recover(
263  const std::vector<mesos::slave::ContainerState>& recovered,
264  const hashset<ContainerID>& orphans);
265 
266  process::Future<Nothing> prepare(
267  const ContainerID& containerId,
268  const Option<ProvisionInfo>& provisionInfo);
269 
270  process::Future<Nothing> fetch(
271  const ContainerID& containerId);
272 
273  process::Future<Containerizer::LaunchResult> _launch(
274  const ContainerID& containerId,
275  const Option<mesos::slave::ContainerIO>& containerIO,
276  const std::map<std::string, std::string>& environment,
277  const Option<std::string>& pidCheckpointPath);
278 
279  process::Future<Nothing> isolate(
280  const ContainerID& containerId,
281  pid_t _pid);
282 
283  // Continues 'destroy()' once nested containers are handled.
284  void _destroy(
285  const ContainerID& containerId,
286  const Option<mesos::slave::ContainerTermination>& termination,
287  const State& previousState,
288  const std::vector<
289  process::Future<Option<mesos::slave::ContainerTermination>>>& destroys);
290 
291  // Continues '_destroy()' once isolators has completed.
292  void __destroy(
293  const ContainerID& containerId,
294  const Option<mesos::slave::ContainerTermination>& termination);
295 
296  // Continues '__destroy()' once all processes have been killed
297  // by the launcher.
298  void ___destroy(
299  const ContainerID& containerId,
300  const Option<mesos::slave::ContainerTermination>& termination,
301  const process::Future<Nothing>& future);
302 
303  // Continues '___destroy()' once we get the exit status of the container.
304  void ____destroy(
305  const ContainerID& containerId,
306  const Option<mesos::slave::ContainerTermination>& termination);
307 
308  // Continues '____destroy()' once all isolators have completed
309  // cleanup.
310  void _____destroy(
311  const ContainerID& containerId,
312  const Option<mesos::slave::ContainerTermination>& termination,
313  const process::Future<std::vector<process::Future<Nothing>>>& cleanups);
314 
315  // Continues '_____destroy()' once provisioner have completed destroy.
316  void ______destroy(
317  const ContainerID& containerId,
318  const Option<mesos::slave::ContainerTermination>& termination,
319  const process::Future<bool>& destroy);
320 
321  // Schedules a path for garbage collection based on its modification time.
322  // Equivalent to the `Slave::garbageCollect` method.
323  process::Future<Nothing> garbageCollect(const std::string& path);
324 
325  // Call back for when an isolator limits a container and impacts the
326  // processes. This will trigger container destruction.
327  void limited(
328  const ContainerID& containerId,
329  const process::Future<mesos::slave::ContainerLimitation>& future);
330 
331  // Helper for reaping the 'init' process of a container.
332  process::Future<Option<int>> reap(
333  const ContainerID& containerId,
334  pid_t pid);
335 
336  // Call back for when the executor exits. This will trigger container
337  // destroy.
338  void reaped(const ContainerID& containerId);
339 
340  // TODO(jieyu): Consider introducing an Isolators struct and moving
341  // all isolator related operations to that struct.
342  process::Future<std::vector<process::Future<Nothing>>> cleanupIsolators(
343  const ContainerID& containerId);
344 
345  const Flags flags;
346  Fetcher* fetcher;
347 
348  // NOTE: This actor may be nullptr in tests, as not all tests need to
349  // share this actor with the agent.
350  GarbageCollector* gc;
351 
352  IOSwitchboard* ioSwitchboard;
353  const process::Owned<Launcher> launcher;
354  const process::Shared<Provisioner> provisioner;
355  const std::vector<process::Owned<mesos::slave::Isolator>> isolators;
356  VolumeGidManager* volumeGidManager;
357  const Option<int_fd> initMemFd;
358  const Option<int_fd> commandExecutorMemFd;
359 
360  struct Container
361  {
362  Container()
363  : state(STARTING),
364  lastStateTransition(process::Clock::now()),
365  sequence("mesos-container-status-updates") {}
366 
367  // Promise for futures returned from wait().
368  process::Promise<mesos::slave::ContainerTermination> termination;
369 
370  // NOTE: this represents 'PID 1', i.e., the "init" of the
371  // container that we created (it may be for an executor, or any
372  // arbitrary process that has been launched in the event of nested
373  // containers).
374  Option<pid_t> pid;
375 
376  // Sandbox directory for the container. It is optional here because
377  // we don't keep track of sandbox directory for orphan containers.
378  // It is not checkpointed explicitly; on recovery, it is reconstructed
379  // from executor's directory and hierarchy of containers.
380  //
381  // NOTE: This holds the sandbox path in the host mount namespace,
382  // while MESOS_SANDBOX is the path in the container mount namespace.
383  Option<std::string> directory;
384 
385  // We keep track of the future exit status for the container if it
386  // has been launched. If the container has not been launched yet,
387  // 'status' will be set to None().
388  //
389  // NOTE: A container has an exit status does not mean that it has
390  // been properly destroyed. We need to perform cleanup on
391  // isolators and provisioner after that.
392  Option<process::Future<Option<int>>> status;
393 
394  // We keep track of the future for 'provisioner->provision' so
395  // that we can discard the provisioning for the container which
396  // is destroyed when it is being provisioned.
397  process::Future<ProvisionInfo> provisioning;
398 
399  // We keep track of the future that is waiting for all the
400  // 'isolator->prepare' to finish so that destroy will only start
401  // calling cleanup after all isolators have finished preparing.
402  process::Future<std::vector<Option<mesos::slave::ContainerLaunchInfo>>>
403  launchInfos;
404 
405  // We keep track of the future that is waiting for all the
406  // 'isolator->isolate' futures so that destroy will only start
407  // calling cleanup after all isolators have finished isolating.
408  process::Future<std::vector<Nothing>> isolation;
409 
410  // We keep track of the resource requests and limits for each container so
411  // we can set the ResourceStatistics limits in usage().
412  Resources resourceRequests;
413  google::protobuf::Map<std::string, Value::Scalar> resourceLimits;
414 
415  // The configuration for the container to be launched.
416  // This can only be None if the underlying container is launched
417  // before we checkpoint `ContainerConfig` in MESOS-6894.
418  // TODO(zhitao): Drop the `Option` part at the end of deprecation
419  // cycle.
420  Option<mesos::slave::ContainerConfig> config;
421 
422  // The container class that can be `DEFAULT` or `DEBUG`.
423  // Returns `DEFAULT` even if the container class is not defined.
424  mesos::slave::ContainerClass containerClass();
425 
426  // Container's information at the moment it was launched. For example,
427  // used to bootstrap the launch information of future child DEBUG
428  // containers. Checkpointed and restored on recovery. Optional because
429  // it is not set for orphan containers.
430  //
431  // NOTE: Some of these data, may change during the container lifetime,
432  // e.g., the working directory. Such changes are not be captured here,
433  // which might be problematic, e.g., for DEBUG containers relying on
434  // some data in parent working directory.
435  Option<mesos::slave::ContainerLaunchInfo> launchInfo;
436 
437  State state;
438  process::Time lastStateTransition;
439 
440  // Used when `status` needs to be collected from isolators
441  // associated with this container. `Sequence` allows us to
442  // maintain the order of `status` requests for a given container.
443  process::Sequence sequence;
444 
445  // Child containers nested under this container.
446  hashset<ContainerID> children;
447  };
448 
449  hashmap<ContainerID, process::Owned<Container>> containers_;
450 
451  // Helper to transition container state.
452  void transition(const ContainerID& containerId, const State& state);
453 
454  // Helper to determine if a container is supported by an isolator.
455  bool isSupportedByIsolator(
456  const ContainerID& containerId,
457  bool isolatorSupportsNesting,
458  bool isolatorSupportsStandalone);
459 
460  struct Metrics
461  {
462  Metrics();
463  ~Metrics();
464 
465  process::metrics::Counter container_destroy_errors;
466  } metrics;
467 };
468 
469 
470 std::ostream& operator<<(
471  std::ostream& stream,
472  const MesosContainerizerProcess::State& state);
473 
474 } // namespace slave {
475 } // namespace internal {
476 } // namespace mesos {
477 
478 #endif // __MESOS_CONTAINERIZER_HPP__
mesos::internal::slave::MesosContainerizer::containers
process::Future< hashset< ContainerID > > containers() override
path
Definition: path.hpp:29
cgroups::isolate
Try< Nothing > isolate(const std::string &hierarchy, const std::string &cgroup, pid_t pid)
process::ID::generate
std::string generate(const std::string &prefix="")
Returns &#39;prefix(N)&#39; where N represents the number of instances where the same prefix (wrt...
mesos::internal::slave::MesosContainerizer::launch
process::Future< Containerizer::LaunchResult > launch(const ContainerID &containerId, const mesos::slave::ContainerConfig &containerConfig, const std::map< std::string, std::string > &environment, const Option< std::string > &pidCheckpointPath) override
mesos::internal::slave::MesosContainerizerProcess::~MesosContainerizerProcess
~MesosContainerizerProcess() override
Definition: containerizer.hpp:170
Option
Definition: option.hpp:29
mesos::internal::slave::operator<<
std::ostream & operator<<(std::ostream &stream, const MesosContainerizerProcess::State &state)
mesos::internal::slave::Fetcher
Definition: fetcher.hpp:49
Try
Definition: check.hpp:33
csi_server.hpp
mesos::internal::slave::MesosContainerizer::update
process::Future< Nothing > update(const ContainerID &containerId, const Resources &resourceRequests, const google::protobuf::Map< std::string, Value::Scalar > &resourceLimits={}) override
mesos::internal::slave::CSIServer
Definition: csi_server.hpp:49
mesos::internal::slave::MesosContainerizer::pruneImages
process::Future< Nothing > pruneImages(const std::vector< Image > &excludedImages) override
mesos::internal::slave::MesosContainerizer::kill
process::Future< bool > kill(const ContainerID &containerId, int signal) override
mesos::Resources
Definition: resources.hpp:83
mesos::internal::slave::VolumeGidManager
Definition: volume_gid_manager.hpp:42
flags::fetch
Try< T > fetch(const std::string &value)
Definition: fetch.hpp:38
process::reap
Future< Option< int > > reap(pid_t pid)
mesos::internal::slave::Flags
Definition: flags.hpp:39
mesos::internal::slave::MesosContainerizer::wait
process::Future< Option< mesos::slave::ContainerTermination > > wait(const ContainerID &containerId) override
process::metrics::Counter
Definition: counter.hpp:26
process::Sequence
Definition: sequence.hpp:33
hashmap
Definition: hashmap.hpp:38
mesos::internal::tests::environment
Environment * environment
pid_t
DWORD pid_t
Definition: windows.hpp:181
mesos::internal::slave::Containerizer
Definition: containerizer.hpp:64
process::Shared
Definition: owned.hpp:26
mesos::internal::slave::MesosContainerizer::create
static Try< MesosContainerizer * > create(const Flags &flags, bool local, Fetcher *fetcher, GarbageCollector *gc=nullptr, SecretResolver *secretResolver=nullptr, const Option< NvidiaComponents > &nvidia=None(), VolumeGidManager *volumeGidManager=nullptr, PendingFutureTracker *futureTracker=nullptr, CSIServer *csiServer=nullptr)
mesos::internal::slave::MesosContainerizer::recover
process::Future< Nothing > recover(const Option< state::SlaveState > &state) override
mesos::internal::slave::MesosContainerizerProcess::MesosContainerizerProcess
MesosContainerizerProcess(const Flags &_flags, Fetcher *_fetcher, GarbageCollector *_gc, IOSwitchboard *_ioSwitchboard, const process::Owned< Launcher > &_launcher, const process::Shared< Provisioner > &_provisioner, const std::vector< process::Owned< mesos::slave::Isolator >> &_isolators, VolumeGidManager *_volumeGidManager, const Option< int_fd > &_initMemFd, const Option< int_fd > &_commandExecutorMemFd)
Definition: containerizer.hpp:147
mesos::internal::PendingFutureTracker
Definition: future_tracker.hpp:84
os::close
Try< Nothing > close(int fd)
Definition: close.hpp:24
mesos::internal::slave::MesosContainerizer::usage
process::Future< ResourceStatistics > usage(const ContainerID &containerId) override
mesos
Definition: agent.hpp:25
mesos::internal::slave::IOSwitchboard
Definition: switchboard.hpp:53
Try::error
static Try error(const E &e)
Definition: try.hpp:43
process::Time
Definition: time.hpp:23
mesos::internal::slave::MesosContainerizerProcess
Definition: containerizer.hpp:143
mesos::internal::slave::MesosContainerizer::attach
process::Future< process::http::Connection > attach(const ContainerID &containerId) override
flags
#define flags
Definition: decoder.hpp:18
None
Definition: none.hpp:27
internal
Definition: attributes.hpp:24
Try::isError
bool isError() const
Definition: try.hpp:78
os::children
std::set< pid_t > children(pid_t, const std::list< Process > &, bool)
Definition: os.hpp:217
process
Definition: executor.hpp:48
int_fd.hpp
process::Clock::now
static Time now()
The current clock time for either the current process that makes this call or the global clock time i...
mesos::internal::slave::MesosContainerizer
Definition: containerizer.hpp:68
cgroups::prepare
Try< std::string > prepare(const std::string &baseHierarchy, const std::string &subsystem, const std::string &cgroup)
mesos::internal::tests::Metrics
JSON::Object Metrics()
mesos::SecretResolver
Definition: resolver.hpp:34
int_fd
int int_fd
Definition: int_fd.hpp:35
ns::stringify
std::string stringify(int flags)
process::Owned
Definition: owned.hpp:36
process::Process
Definition: process.hpp:505
flags
Definition: parse.hpp:33
process::metrics::internal::metrics
PID< MetricsProcess > metrics
mesos::internal::slave::MesosContainerizer::destroy
process::Future< Option< mesos::slave::ContainerTermination > > destroy(const ContainerID &containerId) override
mesos::internal::slave::MesosContainerizer::status
process::Future< ContainerStatus > status(const ContainerID &containerId) override
Generated by   doxygen 1.8.11