mesos: remove package
It has been broken for >9 months.
This commit is contained in:
parent
34d91a8cba
commit
fadb45e6b5
@ -1,263 +0,0 @@
|
||||
{ stdenv, lib, makeWrapper, fetchurl, curl, sasl, openssh
|
||||
, unzip, gnutar, jdk, python, wrapPython
|
||||
, setuptools, boto, pythonProtobuf, apr, subversion, gzip
|
||||
, leveldb, glog, perf, utillinux, libnl, iproute, openssl, libevent
|
||||
, ethtool, coreutils, which, iptables, maven
|
||||
, bash, autoreconfHook
|
||||
, utf8proc, lz4
|
||||
, withJava ? !stdenv.isDarwin
|
||||
}:
|
||||
|
||||
let
|
||||
mavenRepo = import ./mesos-deps.nix { inherit stdenv curl; };
|
||||
# `tar -z` requires gzip on $PATH, so wrap tar.
|
||||
# At some point, we should try to patch mesos so we add gzip to the PATH when
|
||||
# tar is invoked. I think that only needs to be done here:
|
||||
# src/common/command_utils.cpp
|
||||
# https://github.com/NixOS/nixpkgs/issues/13783
|
||||
tarWithGzip = lib.overrideDerivation gnutar (oldAttrs: {
|
||||
# Original builder is bash 4.3.42 from bootstrap tools, too old for makeWrapper.
|
||||
builder = "${bash}/bin/bash";
|
||||
buildInputs = (oldAttrs.buildInputs or []) ++ [ makeWrapper ];
|
||||
postInstall = (oldAttrs.postInstall or "") + ''
|
||||
wrapProgram $out/bin/tar --prefix PATH ":" "${gzip}/bin"
|
||||
'';
|
||||
});
|
||||
|
||||
in stdenv.mkDerivation rec {
|
||||
version = "1.4.1";
|
||||
pname = "mesos";
|
||||
|
||||
enableParallelBuilding = true;
|
||||
dontDisableStatic = true;
|
||||
|
||||
src = fetchurl {
|
||||
url = "mirror://apache/mesos/${version}/${pname}-${version}.tar.gz";
|
||||
sha256 = "1c7l0rim9ija913gpppz2mcms08ywyqhlzbbspqsi7wwfdd7jwsr";
|
||||
};
|
||||
|
||||
patches = [
|
||||
# https://reviews.apache.org/r/36610/
|
||||
# TODO: is this still needed?
|
||||
./rb36610.patch
|
||||
|
||||
# see https://github.com/cstrahan/mesos/tree/nixos-${version}
|
||||
./nixos.patch
|
||||
];
|
||||
nativeBuildInputs = [
|
||||
autoreconfHook
|
||||
];
|
||||
buildInputs = [
|
||||
makeWrapper curl sasl
|
||||
python wrapPython boto setuptools leveldb
|
||||
subversion apr glog openssl libevent
|
||||
utf8proc lz4
|
||||
] ++ lib.optionals stdenv.isLinux [
|
||||
libnl
|
||||
] ++ lib.optionals withJava [
|
||||
jdk maven
|
||||
];
|
||||
|
||||
propagatedBuildInputs = [
|
||||
pythonProtobuf
|
||||
];
|
||||
|
||||
NIX_CFLAGS_COMPILE = "-Wno-error=format-overflow -Wno-error=class-memaccess";
|
||||
|
||||
preConfigure = ''
|
||||
# https://issues.apache.org/jira/browse/MESOS-6616
|
||||
configureFlagsArray+=(
|
||||
"CXXFLAGS=-O2 -Wno-error=strict-aliasing"
|
||||
)
|
||||
|
||||
substituteInPlace 3rdparty/stout/include/stout/jsonify.hpp \
|
||||
--replace '<xlocale.h>' '<locale.h>'
|
||||
# Fix cases where makedev(),major(),minor() are referenced through
|
||||
# <sys/types.h> instead of <sys/sysmacros.h>
|
||||
sed 1i'#include <sys/sysmacros.h>' -i src/linux/fs.cpp
|
||||
sed 1i'#include <sys/sysmacros.h>' -i src/slave/containerizer/mesos/isolators/gpu/isolator.cpp
|
||||
substituteInPlace 3rdparty/stout/include/stout/os/posix/chown.hpp \
|
||||
--subst-var-by chown ${coreutils}/bin/chown
|
||||
|
||||
substituteInPlace 3rdparty/stout/Makefile.am \
|
||||
--replace "-lprotobuf" \
|
||||
"${pythonProtobuf.protobuf}/lib/libprotobuf.a"
|
||||
|
||||
substituteInPlace 3rdparty/stout/include/stout/os/posix/fork.hpp \
|
||||
--subst-var-by sh ${bash}/bin/bash
|
||||
|
||||
substituteInPlace 3rdparty/stout/include/stout/posix/os.hpp \
|
||||
--subst-var-by tar ${tarWithGzip}/bin/tar
|
||||
|
||||
substituteInPlace src/cli/mesos-scp \
|
||||
--subst-var-by scp ${openssh}/bin/scp
|
||||
|
||||
substituteInPlace src/common/command_utils.cpp \
|
||||
--subst-var-by curl ${curl}/bin/curl \
|
||||
--subst-var-by gzip ${gzip}/bin/gzip \
|
||||
--subst-var-by sha512sum ${coreutils}/bin/sha512sum \
|
||||
--subst-var-by tar ${tarWithGzip}/bin/tar
|
||||
|
||||
substituteInPlace src/launcher/fetcher.cpp \
|
||||
--subst-var-by cp ${coreutils}/bin/cp \
|
||||
--subst-var-by gzip ${gzip}/bin/gzip \
|
||||
--subst-var-by tar ${tarWithGzip}/bin/tar \
|
||||
--subst-var-by unzip ${unzip}/bin/unzip
|
||||
|
||||
substituteInPlace src/python/cli/src/mesos/cli.py \
|
||||
--subst-var-by mesos-resolve $out/bin/mesos-resolve
|
||||
|
||||
substituteInPlace src/python/native_common/ext_modules.py.in \
|
||||
--replace "-lprotobuf" \
|
||||
"${pythonProtobuf.protobuf}/lib/libprotobuf.a"
|
||||
|
||||
substituteInPlace src/slave/containerizer/mesos/isolators/gpu/volume.cpp \
|
||||
--subst-var-by cp ${coreutils}/bin/cp \
|
||||
--subst-var-by which ${which}/bin/which
|
||||
|
||||
substituteInPlace src/slave/containerizer/mesos/isolators/posix/disk.cpp \
|
||||
--subst-var-by du ${coreutils}/bin/du
|
||||
|
||||
substituteInPlace src/slave/containerizer/mesos/provisioner/backends/copy.cpp \
|
||||
--subst-var-by cp ${coreutils}/bin/cp \
|
||||
--subst-var-by rm ${coreutils}/bin/rm
|
||||
|
||||
substituteInPlace src/uri/fetchers/copy.cpp \
|
||||
--subst-var-by cp ${coreutils}/bin/cp
|
||||
|
||||
substituteInPlace src/uri/fetchers/curl.cpp \
|
||||
--subst-var-by curl ${curl}/bin/curl
|
||||
|
||||
substituteInPlace src/uri/fetchers/docker.cpp \
|
||||
--subst-var-by curl ${curl}/bin/curl
|
||||
|
||||
substituteInPlace src/Makefile.am \
|
||||
--subst-var-by mavenRepo ${mavenRepo} \
|
||||
--replace "-lprotobuf" \
|
||||
"${pythonProtobuf.protobuf}/lib/libprotobuf.a"
|
||||
|
||||
'' + lib.optionalString stdenv.isLinux ''
|
||||
|
||||
substituteInPlace src/linux/perf.cpp \
|
||||
--subst-var-by perf ${perf}/bin/perf
|
||||
|
||||
substituteInPlace src/slave/containerizer/mesos/isolators/docker/volume/isolator.cpp \
|
||||
--subst-var-by mount ${utillinux}/bin/mount
|
||||
|
||||
substituteInPlace src/slave/containerizer/mesos/isolators/filesystem/linux.cpp \
|
||||
--subst-var-by mount ${utillinux}/bin/mount
|
||||
|
||||
substituteInPlace src/slave/containerizer/mesos/isolators/filesystem/shared.cpp \
|
||||
--subst-var-by mount ${utillinux}/bin/mount
|
||||
|
||||
substituteInPlace src/slave/containerizer/mesos/isolators/gpu/isolator.cpp \
|
||||
--subst-var-by mount ${utillinux}/bin/mount
|
||||
|
||||
substituteInPlace src/slave/containerizer/mesos/isolators/namespaces/pid.cpp \
|
||||
--subst-var-by mount ${utillinux}/bin/mount
|
||||
|
||||
substituteInPlace src/slave/containerizer/mesos/isolators/network/cni/cni.cpp \
|
||||
--subst-var-by mount ${utillinux}/bin/mount
|
||||
|
||||
substituteInPlace src/slave/containerizer/mesos/isolators/network/cni/plugins/port_mapper/port_mapper.cpp \
|
||||
--subst-var-by iptables ${iptables}/bin/iptables
|
||||
|
||||
substituteInPlace src/slave/containerizer/mesos/isolators/network/port_mapping.cpp \
|
||||
--subst-var-by ethtool ${ethtool}/sbin/ethtool \
|
||||
--subst-var-by ip ${iproute}/bin/ip \
|
||||
--subst-var-by mount ${utillinux}/bin/mount \
|
||||
--subst-var-by tc ${iproute}/bin/tc
|
||||
|
||||
substituteInPlace src/slave/containerizer/mesos/isolators/volume/image.cpp \
|
||||
--subst-var-by mount ${utillinux}/bin/mount
|
||||
|
||||
substituteInPlace src/slave/containerizer/mesos/isolators/volume/sandbox_path.cpp \
|
||||
--subst-var-by mount ${utillinux}/bin/mount
|
||||
'';
|
||||
|
||||
configureFlags = [
|
||||
"--sbindir=\${out}/bin"
|
||||
"--with-apr=${apr.dev}"
|
||||
"--with-svn=${subversion.dev}"
|
||||
"--with-leveldb=${leveldb}"
|
||||
"--with-glog=${glog}"
|
||||
"--enable-optimize"
|
||||
"--disable-python-dependency-install"
|
||||
"--enable-ssl"
|
||||
"--with-ssl=${openssl.dev}"
|
||||
"--enable-libevent"
|
||||
"--with-libevent=${libevent.dev}"
|
||||
"--with-protobuf=${pythonProtobuf.protobuf}"
|
||||
"PROTOBUF_JAR=${mavenRepo}/com/google/protobuf/protobuf-java/3.3.0/protobuf-java-3.3.0.jar"
|
||||
(if withJava then "--enable-java" else "--disable-java")
|
||||
] ++ lib.optionals stdenv.isLinux [
|
||||
"--with-network-isolator"
|
||||
"--with-nl=${libnl.dev}"
|
||||
];
|
||||
|
||||
postInstall = ''
|
||||
rm -rf $out/var
|
||||
rm $out/bin/*.sh
|
||||
|
||||
# Inspired by: pkgs/development/python-modules/generic/default.nix
|
||||
pushd src/python
|
||||
mkdir -p $out/lib/${python.libPrefix}/site-packages
|
||||
export PYTHONPATH="$out/lib/${python.libPrefix}/site-packages:$PYTHONPATH"
|
||||
${python}/bin/${python.executable} setup.py install \
|
||||
--install-lib=$out/lib/${python.libPrefix}/site-packages \
|
||||
--old-and-unmanageable \
|
||||
--prefix="$out"
|
||||
rm -f "$out/lib/${python.libPrefix}"/site-packages/site.py*
|
||||
popd
|
||||
|
||||
# optional python dependency for mesos cli
|
||||
pushd src/python/cli
|
||||
${python}/bin/${python.executable} setup.py install \
|
||||
--install-lib=$out/lib/${python.libPrefix}/site-packages \
|
||||
--old-and-unmanageable \
|
||||
--prefix="$out"
|
||||
popd
|
||||
'' + stdenv.lib.optionalString withJava ''
|
||||
mkdir -p $out/share/java
|
||||
cp src/java/target/mesos-*.jar $out/share/java
|
||||
|
||||
MESOS_NATIVE_JAVA_LIBRARY=$out/lib/libmesos${stdenv.hostPlatform.extensions.sharedLibrary}
|
||||
|
||||
mkdir -p $out/nix-support
|
||||
touch $out/nix-support/setup-hook
|
||||
echo "export MESOS_NATIVE_JAVA_LIBRARY=$MESOS_NATIVE_JAVA_LIBRARY" >> $out/nix-support/setup-hook
|
||||
echo "export MESOS_NATIVE_LIBRARY=$MESOS_NATIVE_JAVA_LIBRARY" >> $out/nix-support/setup-hook
|
||||
'';
|
||||
|
||||
postFixup = ''
|
||||
if test -e $out/nix-support/propagated-build-inputs; then
|
||||
ln -s $out/nix-support/propagated-build-inputs $out/nix-support/propagated-user-env-packages
|
||||
fi
|
||||
|
||||
for inputsfile in propagated-build-inputs propagated-native-build-inputs; do
|
||||
if test -e $out/nix-support/$inputsfile; then
|
||||
createBuildInputsPth $inputsfile "$(cat $out/nix-support/$inputsfile)"
|
||||
fi
|
||||
done
|
||||
|
||||
for f in $out/libexec/mesos/python/mesos/*.py; do
|
||||
${python}/bin/${python.executable} -c "import py_compile; py_compile.compile('$f')"
|
||||
done
|
||||
|
||||
# wrap the python programs
|
||||
for prog in mesos-cat mesos-ps mesos-scp mesos-tail; do
|
||||
wrapProgram "$out/bin/$prog" \
|
||||
--prefix PYTHONPATH ":" "$out/lib/${python.libPrefix}/site-packages"
|
||||
true
|
||||
done
|
||||
'';
|
||||
|
||||
meta = with lib; {
|
||||
homepage = "http://mesos.apache.org";
|
||||
license = licenses.asl20;
|
||||
description = "A cluster manager that provides efficient resource isolation and sharing across distributed applications, or frameworks";
|
||||
maintainers = with maintainers; [ cstrahan offline ];
|
||||
platforms = platforms.unix;
|
||||
broken = true; # Broken since 2019-10-22 (https://hydra.nixos.org/build/115475123)
|
||||
};
|
||||
}
|
File diff suppressed because it is too large
Load Diff
@ -1,14 +0,0 @@
|
||||
{stdenv, curl}:
|
||||
|
||||
stdenv.mkDerivation {
|
||||
name = "mesos-maven-deps";
|
||||
builder = ./fetch-mesos-deps.sh;
|
||||
|
||||
outputHashAlgo = "sha256";
|
||||
outputHashMode = "recursive";
|
||||
outputHash = "10h0qs7svw0cqjkyxs8z6s3qraa8ga920zfrr59rdlanbwg4klly";
|
||||
|
||||
nativeBuildInputs = [ curl ];
|
||||
|
||||
impureEnvVars = stdenv.lib.fetchers.proxyImpureEnvVars;
|
||||
}
|
@ -1,731 +0,0 @@
|
||||
diff --git i/3rdparty/stout/include/stout/os/posix/fork.hpp w/3rdparty/stout/include/stout/os/posix/fork.hpp
|
||||
index a29967d..290b98b 100644
|
||||
--- i/3rdparty/stout/include/stout/os/posix/fork.hpp
|
||||
+++ w/3rdparty/stout/include/stout/os/posix/fork.hpp
|
||||
@@ -369,7 +369,7 @@ private:
|
||||
if (exec.isSome()) {
|
||||
// Execute the command (via '/bin/sh -c command').
|
||||
const char* command = exec.get().command.c_str();
|
||||
- execlp("sh", "sh", "-c", command, (char*) nullptr);
|
||||
+ execlp("@sh@", "sh", "-c", command, (char*) nullptr);
|
||||
EXIT(EXIT_FAILURE)
|
||||
<< "Failed to execute '" << command << "': " << os::strerror(errno);
|
||||
} else if (wait.isSome()) {
|
||||
diff --git i/3rdparty/stout/include/stout/posix/os.hpp w/3rdparty/stout/include/stout/posix/os.hpp
|
||||
index 8511dfd..1e7be01 100644
|
||||
--- i/3rdparty/stout/include/stout/posix/os.hpp
|
||||
+++ w/3rdparty/stout/include/stout/posix/os.hpp
|
||||
@@ -366,7 +366,7 @@ inline Try<std::set<pid_t>> pids(Option<pid_t> group, Option<pid_t> session)
|
||||
inline Try<Nothing> tar(const std::string& path, const std::string& archive)
|
||||
{
|
||||
Try<std::string> tarOut =
|
||||
- os::shell("tar %s %s %s", "-czf", archive.c_str(), path.c_str());
|
||||
+ os::shell("@tar@ %s %s %s", "-czf", archive.c_str(), path.c_str());
|
||||
|
||||
if (tarOut.isError()) {
|
||||
return Error("Failed to archive " + path + ": " + tarOut.error());
|
||||
diff --git i/src/Makefile.am w/src/Makefile.am
|
||||
index 68fff14..c572f92 100644
|
||||
--- i/src/Makefile.am
|
||||
+++ w/src/Makefile.am
|
||||
@@ -1775,7 +1775,7 @@ if HAS_JAVA
|
||||
|
||||
$(MESOS_JAR): $(MESOS_JAR_SOURCE) $(MESOS_JAR_GENERATED) java/mesos.pom
|
||||
@echo "Building mesos-$(PACKAGE_VERSION).jar ..."
|
||||
- @cd $(abs_top_builddir)/src/java && $(MVN) -B -f mesos.pom clean package
|
||||
+ @cd $(abs_top_builddir)/src/java && $(MVN) -B -f mesos.pom -Dmaven.repo.local=@mavenRepo@ clean package
|
||||
|
||||
# Convenience library for JNI bindings.
|
||||
# TODO(Charles Reiss): We really should be building the Java library
|
||||
diff --git i/src/cli/mesos-scp w/src/cli/mesos-scp
|
||||
index a71ab07..1043d1b 100755
|
||||
--- i/src/cli/mesos-scp
|
||||
+++ w/src/cli/mesos-scp
|
||||
@@ -19,7 +19,8 @@ if sys.version_info < (2,6,0):
|
||||
|
||||
|
||||
def scp(host, src, dst):
|
||||
- cmd = 'scp -pr %s %s' % (src, host + ':' + dst)
|
||||
+ cmd = '@scp@ -pr %s %s' % (src, host + ':' + dst)
|
||||
+
|
||||
try:
|
||||
process = subprocess.Popen(
|
||||
cmd,
|
||||
diff --git i/src/common/command_utils.cpp w/src/common/command_utils.cpp
|
||||
index c50be76..388cc53 100644
|
||||
--- i/src/common/command_utils.cpp
|
||||
+++ w/src/common/command_utils.cpp
|
||||
@@ -142,7 +142,7 @@ Future<Nothing> tar(
|
||||
|
||||
argv.emplace_back(input);
|
||||
|
||||
- return launch("tar", argv)
|
||||
+ return launch("@tar@", argv)
|
||||
.then([]() { return Nothing(); });
|
||||
}
|
||||
|
||||
@@ -164,7 +164,7 @@ Future<Nothing> untar(
|
||||
argv.emplace_back(directory.get());
|
||||
}
|
||||
|
||||
- return launch("tar", argv)
|
||||
+ return launch("@tar@", argv)
|
||||
.then([]() { return Nothing(); });
|
||||
}
|
||||
|
||||
@@ -172,7 +172,7 @@ Future<Nothing> untar(
|
||||
Future<string> sha512(const Path& input)
|
||||
{
|
||||
#ifdef __linux__
|
||||
- const string cmd = "sha512sum";
|
||||
+ const string cmd = "@sha512sum@";
|
||||
vector<string> argv = {
|
||||
cmd,
|
||||
input // Input file to compute shasum.
|
||||
@@ -208,7 +208,7 @@ Future<Nothing> gzip(const Path& input)
|
||||
input
|
||||
};
|
||||
|
||||
- return launch("gzip", argv)
|
||||
+ return launch("@gzip@", argv)
|
||||
.then([]() { return Nothing(); });
|
||||
}
|
||||
|
||||
@@ -221,7 +221,7 @@ Future<Nothing> decompress(const Path& input)
|
||||
input
|
||||
};
|
||||
|
||||
- return launch("gzip", argv)
|
||||
+ return launch("@gzip@", argv)
|
||||
.then([]() { return Nothing(); });
|
||||
}
|
||||
|
||||
diff --git i/src/launcher/fetcher.cpp w/src/launcher/fetcher.cpp
|
||||
index 42980f5..3aebeed 100644
|
||||
--- i/src/launcher/fetcher.cpp
|
||||
+++ w/src/launcher/fetcher.cpp
|
||||
@@ -80,17 +80,17 @@ static Try<bool> extract(
|
||||
strings::endsWith(sourcePath, ".tar.bz2") ||
|
||||
strings::endsWith(sourcePath, ".txz") ||
|
||||
strings::endsWith(sourcePath, ".tar.xz")) {
|
||||
- command = {"tar", "-C", destinationDirectory, "-xf", sourcePath};
|
||||
+ command = {"@tar@", "-C", destinationDirectory, "-xf", sourcePath};
|
||||
} else if (strings::endsWith(sourcePath, ".gz")) {
|
||||
string pathWithoutExtension = sourcePath.substr(0, sourcePath.length() - 3);
|
||||
string filename = Path(pathWithoutExtension).basename();
|
||||
string destinationPath = path::join(destinationDirectory, filename);
|
||||
|
||||
- command = {"gunzip", "-d", "-c"};
|
||||
+ command = {"@gunzip@", "-d", "-c"};
|
||||
in = Subprocess::PATH(sourcePath);
|
||||
out = Subprocess::PATH(destinationPath);
|
||||
} else if (strings::endsWith(sourcePath, ".zip")) {
|
||||
- command = {"unzip", "-o", "-d", destinationDirectory, sourcePath};
|
||||
+ command = {"@unzip@", "-o", "-d", destinationDirectory, sourcePath};
|
||||
} else {
|
||||
return false;
|
||||
}
|
||||
@@ -193,7 +193,7 @@ static Try<string> copyFile(
|
||||
const string& sourcePath,
|
||||
const string& destinationPath)
|
||||
{
|
||||
- int status = os::spawn("cp", {"cp", sourcePath, destinationPath});
|
||||
+ int status = os::spawn("cp", {"@cp@", sourcePath, destinationPath});
|
||||
|
||||
if (status == -1) {
|
||||
return ErrnoError("Failed to copy '" + sourcePath + "'");
|
||||
diff --git i/src/linux/perf.cpp w/src/linux/perf.cpp
|
||||
index b301e25..356a2cf 100644
|
||||
--- i/src/linux/perf.cpp
|
||||
+++ w/src/linux/perf.cpp
|
||||
@@ -128,7 +128,7 @@ private:
|
||||
// NOTE: The supervisor childhook places perf in its own process group
|
||||
// and will kill the perf process when the parent dies.
|
||||
Try<Subprocess> _perf = subprocess(
|
||||
- "perf",
|
||||
+ "@perf@",
|
||||
argv,
|
||||
Subprocess::PIPE(),
|
||||
Subprocess::PIPE(),
|
||||
diff --git i/src/linux/systemd.cpp w/src/linux/systemd.cpp
|
||||
index 6318f48..394d88d 100644
|
||||
--- i/src/linux/systemd.cpp
|
||||
+++ w/src/linux/systemd.cpp
|
||||
@@ -196,13 +196,21 @@ bool exists()
|
||||
// This is static as the init system should not change while we are running.
|
||||
static const bool exists = []() -> bool {
|
||||
// (1) Test whether `/sbin/init` links to systemd.
|
||||
- const Result<string> realpath = os::realpath("/sbin/init");
|
||||
- if (realpath.isError() || realpath.isNone()) {
|
||||
- LOG(WARNING) << "Failed to test /sbin/init for systemd environment: "
|
||||
- << (realpath.isError() ? realpath.error()
|
||||
- : "does not exist");
|
||||
-
|
||||
- return false;
|
||||
+ // cstrahan(nixos): first assume we're on NixOS, then try non-NixOS
|
||||
+ Result<string> realpath = os::realpath("/run/current-system/systemd/lib/systemd/systemd");
|
||||
+ Result<string> realpathNixOS = realpath;
|
||||
+ if (realpathNixOS.isError() || realpathNixOS.isNone()) {
|
||||
+ Result<string> realpathNonNixOS = realpath = os::realpath("/sbin/init");
|
||||
+ if (realpathNonNixOS.isError() || realpathNonNixOS.isNone()) {
|
||||
+ LOG(WARNING) << "Failed to test /run/current-system/systemd/lib/systemd/systemd for systemd environment: "
|
||||
+ << (realpathNixOS.isError() ? realpathNixOS.error()
|
||||
+ : "does not exist");
|
||||
+ LOG(WARNING) << "Failed to test /sbin/init for systemd environment: "
|
||||
+ << (realpathNonNixOS.isError() ? realpathNonNixOS.error()
|
||||
+ : "does not exist");
|
||||
+
|
||||
+ return false;
|
||||
+ }
|
||||
}
|
||||
|
||||
CHECK_SOME(realpath);
|
||||
@@ -278,6 +286,10 @@ Path hierarchy()
|
||||
|
||||
Try<Nothing> daemonReload()
|
||||
{
|
||||
+ // cstrahan(nixos): should we patch these `systemctl`s?
|
||||
+ // probably don't want to hard-code a particular systemd store path here,
|
||||
+ // but if we use /run/current-system/sw/bin/systemctl,
|
||||
+ // we won't be able to support non-NixOS distros.
|
||||
Try<string> daemonReload = os::shell("systemctl daemon-reload");
|
||||
if (daemonReload.isError()) {
|
||||
return Error("Failed to reload systemd daemon: " + daemonReload.error());
|
||||
diff --git i/src/python/cli/src/mesos/cli.py w/src/python/cli/src/mesos/cli.py
|
||||
index 4a9b558..c08a8b9 100644
|
||||
--- i/src/python/cli/src/mesos/cli.py
|
||||
+++ w/src/python/cli/src/mesos/cli.py
|
||||
@@ -40,7 +40,7 @@ def resolve(master):
|
||||
import subprocess
|
||||
|
||||
process = subprocess.Popen(
|
||||
- ['mesos-resolve', master],
|
||||
+ ['@mesos-resolve@', master],
|
||||
stdin=None,
|
||||
stdout=subprocess.PIPE,
|
||||
stderr=subprocess.PIPE,
|
||||
diff --git i/src/slave/containerizer/mesos/isolators/docker/volume/isolator.cpp w/src/slave/containerizer/mesos/isolators/docker/volume/isolator.cpp
|
||||
index 5b630c1..d63ad69 100644
|
||||
--- i/src/slave/containerizer/mesos/isolators/docker/volume/isolator.cpp
|
||||
+++ w/src/slave/containerizer/mesos/isolators/docker/volume/isolator.cpp
|
||||
@@ -499,7 +499,7 @@ Future<Option<ContainerLaunchInfo>> DockerVolumeIsolatorProcess::_prepare(
|
||||
// unsafe arbitrary commands).
|
||||
CommandInfo* command = launchInfo.add_pre_exec_commands();
|
||||
command->set_shell(false);
|
||||
- command->set_value("mount");
|
||||
+ command->set_value("@mount@");
|
||||
command->add_arguments("mount");
|
||||
command->add_arguments("-n");
|
||||
command->add_arguments("--rbind");
|
||||
diff --git i/src/slave/containerizer/mesos/isolators/filesystem/linux.cpp w/src/slave/containerizer/mesos/isolators/filesystem/linux.cpp
|
||||
index d7fe9a8..1361a4e 100644
|
||||
--- i/src/slave/containerizer/mesos/isolators/filesystem/linux.cpp
|
||||
+++ w/src/slave/containerizer/mesos/isolators/filesystem/linux.cpp
|
||||
@@ -154,9 +154,9 @@ Try<Isolator*> LinuxFilesystemIsolatorProcess::create(const Flags& flags)
|
||||
// here because 'create' will only be invoked during
|
||||
// initialization.
|
||||
Try<string> mount = os::shell(
|
||||
- "mount --bind %s %s && "
|
||||
- "mount --make-private %s && "
|
||||
- "mount --make-shared %s",
|
||||
+ "@mount@ --bind %s %s && "
|
||||
+ "@mount@ --make-private %s && "
|
||||
+ "@mount@ --make-shared %s",
|
||||
workDir->c_str(),
|
||||
workDir->c_str(),
|
||||
workDir->c_str(),
|
||||
@@ -175,8 +175,8 @@ Try<Isolator*> LinuxFilesystemIsolatorProcess::create(const Flags& flags)
|
||||
LOG(INFO) << "Making '" << workDir.get() << "' a shared mount";
|
||||
|
||||
Try<string> mount = os::shell(
|
||||
- "mount --make-private %s && "
|
||||
- "mount --make-shared %s",
|
||||
+ "@mount@ --make-private %s && "
|
||||
+ "@mount@ --make-shared %s",
|
||||
workDir->c_str(),
|
||||
workDir->c_str());
|
||||
|
||||
@@ -422,7 +422,7 @@ Try<vector<CommandInfo>> LinuxFilesystemIsolatorProcess::getPreExecCommands(
|
||||
|
||||
CommandInfo command;
|
||||
command.set_shell(false);
|
||||
- command.set_value("mount");
|
||||
+ command.set_value("@mount@");
|
||||
command.add_arguments("mount");
|
||||
command.add_arguments("-n");
|
||||
command.add_arguments("--rbind");
|
||||
@@ -610,7 +610,7 @@ Try<vector<CommandInfo>> LinuxFilesystemIsolatorProcess::getPreExecCommands(
|
||||
// TODO(jieyu): Consider the mode in the volume.
|
||||
CommandInfo command;
|
||||
command.set_shell(false);
|
||||
- command.set_value("mount");
|
||||
+ command.set_value("@mount@");
|
||||
command.add_arguments("mount");
|
||||
command.add_arguments("-n");
|
||||
command.add_arguments("--rbind");
|
||||
diff --git i/src/slave/containerizer/mesos/isolators/filesystem/shared.cpp w/src/slave/containerizer/mesos/isolators/filesystem/shared.cpp
|
||||
index 927d95b..576dc63 100644
|
||||
--- i/src/slave/containerizer/mesos/isolators/filesystem/shared.cpp
|
||||
+++ w/src/slave/containerizer/mesos/isolators/filesystem/shared.cpp
|
||||
@@ -208,7 +208,7 @@ Future<Option<ContainerLaunchInfo>> SharedFilesystemIsolatorProcess::prepare(
|
||||
}
|
||||
|
||||
launchInfo.add_pre_exec_commands()->set_value(
|
||||
- "mount -n --bind " + hostPath + " " + volume.container_path());
|
||||
+ "@mount@ -n --bind " + hostPath + " " + volume.container_path());
|
||||
}
|
||||
|
||||
return launchInfo;
|
||||
diff --git i/src/slave/containerizer/mesos/isolators/gpu/isolator.cpp w/src/slave/containerizer/mesos/isolators/gpu/isolator.cpp
|
||||
index 25636b5..33ec315 100644
|
||||
--- i/src/slave/containerizer/mesos/isolators/gpu/isolator.cpp
|
||||
+++ w/src/slave/containerizer/mesos/isolators/gpu/isolator.cpp
|
||||
@@ -401,7 +401,7 @@ Future<Option<ContainerLaunchInfo>> NvidiaGpuIsolatorProcess::_prepare(
|
||||
}
|
||||
|
||||
launchInfo.add_pre_exec_commands()->set_value(
|
||||
- "mount --no-mtab --rbind --read-only " +
|
||||
+ "@mount@ --no-mtab --rbind --read-only " +
|
||||
volume.HOST_PATH() + " " + target);
|
||||
}
|
||||
|
||||
diff --git i/src/slave/containerizer/mesos/isolators/gpu/volume.cpp w/src/slave/containerizer/mesos/isolators/gpu/volume.cpp
|
||||
index 536a3c7..e2819dd 100644
|
||||
--- i/src/slave/containerizer/mesos/isolators/gpu/volume.cpp
|
||||
+++ w/src/slave/containerizer/mesos/isolators/gpu/volume.cpp
|
||||
@@ -274,7 +274,7 @@ Try<NvidiaVolume> NvidiaVolume::create()
|
||||
string path = path::join(hostPath, "bin", binary);
|
||||
|
||||
if (!os::exists(path)) {
|
||||
- string command = "which " + binary;
|
||||
+ string command = "@which@ " + binary;
|
||||
Try<string> which = os::shell(command);
|
||||
|
||||
if (which.isSome()) {
|
||||
@@ -288,7 +288,7 @@ Try<NvidiaVolume> NvidiaVolume::create()
|
||||
: "No such file or directory"));
|
||||
}
|
||||
|
||||
- command = "cp " + realpath.get() + " " + path;
|
||||
+ command = "@cp@ " + realpath.get() + " " + path;
|
||||
Try<string> cp = os::shell(command);
|
||||
if (cp.isError()) {
|
||||
return Error("Failed to os::shell '" + command + "': " + cp.error());
|
||||
@@ -360,7 +360,7 @@ Try<NvidiaVolume> NvidiaVolume::create()
|
||||
Path(realpath.get()).basename());
|
||||
|
||||
if (!os::exists(libraryPath)) {
|
||||
- string command = "cp " + realpath.get() + " " + libraryPath;
|
||||
+ string command = "@cp@ " + realpath.get() + " " + libraryPath;
|
||||
Try<string> cp = os::shell(command);
|
||||
if (cp.isError()) {
|
||||
return Error("Failed to os::shell '" + command + "':"
|
||||
diff --git i/src/slave/containerizer/mesos/isolators/namespaces/pid.cpp w/src/slave/containerizer/mesos/isolators/namespaces/pid.cpp
|
||||
index 42bc2e1..2f9066e 100644
|
||||
--- i/src/slave/containerizer/mesos/isolators/namespaces/pid.cpp
|
||||
+++ w/src/slave/containerizer/mesos/isolators/namespaces/pid.cpp
|
||||
@@ -131,7 +131,7 @@ Future<Option<ContainerLaunchInfo>> NamespacesPidIsolatorProcess::prepare(
|
||||
//
|
||||
// TOOD(jieyu): Consider unmount the existing /proc.
|
||||
launchInfo.add_pre_exec_commands()->set_value(
|
||||
- "mount -n -t proc proc /proc -o nosuid,noexec,nodev");
|
||||
+ "@mount@ -n -t proc proc /proc -o nosuid,noexec,nodev");
|
||||
|
||||
return launchInfo;
|
||||
}
|
||||
diff --git i/src/slave/containerizer/mesos/isolators/network/cni/cni.cpp w/src/slave/containerizer/mesos/isolators/network/cni/cni.cpp
|
||||
index fc68f04..267b040 100644
|
||||
--- i/src/slave/containerizer/mesos/isolators/network/cni/cni.cpp
|
||||
+++ w/src/slave/containerizer/mesos/isolators/network/cni/cni.cpp
|
||||
@@ -205,9 +205,9 @@ Try<Isolator*> NetworkCniIsolatorProcess::create(const Flags& flags)
|
||||
// here because 'create' will only be invoked during
|
||||
// initialization.
|
||||
Try<string> mount = os::shell(
|
||||
- "mount --bind %s %s && "
|
||||
- "mount --make-private %s && "
|
||||
- "mount --make-shared %s",
|
||||
+ "@mount@ --bind %s %s && "
|
||||
+ "@mount@ --make-private %s && "
|
||||
+ "@mount@ --make-shared %s",
|
||||
rootDir->c_str(),
|
||||
rootDir->c_str(),
|
||||
rootDir->c_str(),
|
||||
@@ -227,8 +227,8 @@ Try<Isolator*> NetworkCniIsolatorProcess::create(const Flags& flags)
|
||||
LOG(INFO) << "Making '" << rootDir.get() << "' a shared mount";
|
||||
|
||||
Try<string> mount = os::shell(
|
||||
- "mount --make-private %s && "
|
||||
- "mount --make-shared %s",
|
||||
+ "@mount@ --make-private %s && "
|
||||
+ "@mount@ --make-shared %s",
|
||||
rootDir->c_str(),
|
||||
rootDir->c_str());
|
||||
|
||||
diff --git i/src/slave/containerizer/mesos/isolators/network/cni/plugins/port_mapper/port_mapper.cpp w/src/slave/containerizer/mesos/isolators/network/cni/plugins/port_mapper/port_mapper.cpp
|
||||
index 43cf3e4..94bad8b 100644
|
||||
--- i/src/slave/containerizer/mesos/isolators/network/cni/plugins/port_mapper/port_mapper.cpp
|
||||
+++ w/src/slave/containerizer/mesos/isolators/network/cni/plugins/port_mapper/port_mapper.cpp
|
||||
@@ -301,7 +301,7 @@ Try<Nothing> PortMapper::addPortMapping(
|
||||
# Check if the `chain` exists in the iptable. If it does not
|
||||
# exist go ahead and install the chain in the iptables NAT
|
||||
# table.
|
||||
- iptables -w -t nat --list %s
|
||||
+ @iptables@ -w -t nat --list %s
|
||||
if [ $? -ne 0 ]; then
|
||||
# NOTE: When we create the chain, there is a possibility of a
|
||||
# race due to which a container launch can fail. This can
|
||||
@@ -315,25 +315,25 @@ Try<Nothing> PortMapper::addPortMapping(
|
||||
# since it can happen only when the chain is created the first
|
||||
# time and two commands for creation of the chain are executed
|
||||
# simultaneously.
|
||||
- (iptables -w -t nat -N %s || exit 1)
|
||||
+ (@iptables@ -w -t nat -N %s || exit 1)
|
||||
|
||||
# Once the chain has been installed add a rule in the PREROUTING
|
||||
# chain to jump to this chain for any packets that are
|
||||
# destined to a local address.
|
||||
- (iptables -w -t nat -A PREROUTING \
|
||||
+ (@iptables@ -w -t nat -A PREROUTING \
|
||||
-m addrtype --dst-type LOCAL -j %s || exit 1)
|
||||
|
||||
# For locally generated packets we need a rule in the OUTPUT
|
||||
# chain as well, since locally generated packets directly hit
|
||||
# the output CHAIN, bypassing PREROUTING.
|
||||
- (iptables -w -t nat -A OUTPUT \
|
||||
+ (@iptables@ -w -t nat -A OUTPUT \
|
||||
! -d 127.0.0.0/8 -m addrtype \
|
||||
--dst-type LOCAL -j %s || exit 1)
|
||||
fi
|
||||
|
||||
# Within the `chain` go ahead and install the DNAT rule, if it
|
||||
# does not exist.
|
||||
- (iptables -w -t nat -C %s || iptables -t nat -A %s))~",
|
||||
+ (@iptables@ -w -t nat -C %s || @iptables@ -t nat -A %s))~",
|
||||
chain,
|
||||
chain,
|
||||
chain,
|
||||
@@ -360,7 +360,7 @@ Try<Nothing> PortMapper::delPortMapping()
|
||||
# The iptables command searches for the DNAT rules with tag
|
||||
# "container_id: <CNI_CONTAINERID>", and if it exists goes ahead
|
||||
# and deletes it.
|
||||
- iptables -w -t nat -S %s | sed "/%s/ s/-A/iptables -w -t nat -D/e")~",
|
||||
+ @iptables@ -w -t nat -S %s | sed "/%s/ s/-A/@iptables@ -w -t nat -D/e")~",
|
||||
chain,
|
||||
getIptablesRuleTag()).get();
|
||||
|
||||
diff --git i/src/slave/containerizer/mesos/isolators/network/port_mapping.cpp w/src/slave/containerizer/mesos/isolators/network/port_mapping.cpp
|
||||
index 57d4ccd..68c9577 100644
|
||||
--- i/src/slave/containerizer/mesos/isolators/network/port_mapping.cpp
|
||||
+++ w/src/slave/containerizer/mesos/isolators/network/port_mapping.cpp
|
||||
@@ -1394,19 +1394,19 @@ Try<Isolator*> PortMappingIsolatorProcess::create(const Flags& flags)
|
||||
// Check the availability of a few Linux commands that we will use.
|
||||
// We use the blocking os::shell here because 'create' will only be
|
||||
// invoked during initialization.
|
||||
- Try<string> checkCommandTc = os::shell("tc filter show");
|
||||
+ Try<string> checkCommandTc = os::shell("@tc@ filter show");
|
||||
if (checkCommandTc.isError()) {
|
||||
return Error("Check command 'tc' failed: " + checkCommandTc.error());
|
||||
}
|
||||
|
||||
// NOTE: loopback device always exists.
|
||||
- Try<string> checkCommandEthtool = os::shell("ethtool -k lo");
|
||||
+ Try<string> checkCommandEthtool = os::shell("@ethtool@ -k lo");
|
||||
if (checkCommandEthtool.isError()) {
|
||||
return Error("Check command 'ethtool' failed: "
|
||||
+ checkCommandEthtool.error());
|
||||
}
|
||||
|
||||
- Try<string> checkCommandIp = os::shell("ip link show");
|
||||
+ Try<string> checkCommandIp = os::shell("@ip@ link show");
|
||||
if (checkCommandIp.isError()) {
|
||||
return Error("Check command 'ip' failed: " + checkCommandIp.error());
|
||||
}
|
||||
@@ -1940,9 +1940,9 @@ Try<Isolator*> PortMappingIsolatorProcess::create(const Flags& flags)
|
||||
// visible. It's OK to use the blocking os::shell here because
|
||||
// 'create' will only be invoked during initialization.
|
||||
Try<string> mount = os::shell(
|
||||
- "mount --bind %s %s && "
|
||||
- "mount --make-slave %s && "
|
||||
- "mount --make-shared %s",
|
||||
+ "@mount@ --bind %s %s && "
|
||||
+ "@mount@ --make-slave %s && "
|
||||
+ "@mount@ --make-shared %s",
|
||||
bindMountRoot->c_str(),
|
||||
bindMountRoot->c_str(),
|
||||
bindMountRoot->c_str(),
|
||||
@@ -1959,8 +1959,8 @@ Try<Isolator*> PortMappingIsolatorProcess::create(const Flags& flags)
|
||||
// shared mount yet (possibly due to slave crash while preparing
|
||||
// the work directory mount). It's safe to re-do the following.
|
||||
Try<string> mount = os::shell(
|
||||
- "mount --make-slave %s && "
|
||||
- "mount --make-shared %s",
|
||||
+ "@mount@ --make-slave %s && "
|
||||
+ "@mount@ --make-shared %s",
|
||||
bindMountRoot->c_str(),
|
||||
bindMountRoot->c_str());
|
||||
|
||||
@@ -1979,8 +1979,8 @@ Try<Isolator*> PortMappingIsolatorProcess::create(const Flags& flags)
|
||||
// so that they are in different peer groups.
|
||||
if (entry.shared() == bindMountEntry->shared()) {
|
||||
Try<string> mount = os::shell(
|
||||
- "mount --make-slave %s && "
|
||||
- "mount --make-shared %s",
|
||||
+ "@mount@ --make-slave %s && "
|
||||
+ "@mount@ --make-shared %s",
|
||||
bindMountRoot->c_str(),
|
||||
bindMountRoot->c_str());
|
||||
|
||||
@@ -3927,6 +3927,8 @@ Try<Nothing> PortMappingIsolatorProcess::removeHostIPFilters(
|
||||
// TODO(jieyu): Use the Subcommand abstraction to remove most of the
|
||||
// logic here. Completely remove this function once we can assume a
|
||||
// newer kernel where 'setns' works for mount namespaces.
|
||||
+// cstrahan(nixos): this is executed in the container,
|
||||
+// so we don't want to substitute paths here.
|
||||
string PortMappingIsolatorProcess::scripts(Info* info)
|
||||
{
|
||||
ostringstream script;
|
||||
@@ -3937,7 +3939,7 @@ string PortMappingIsolatorProcess::scripts(Info* info)
|
||||
// Mark the mount point PORT_MAPPING_BIND_MOUNT_ROOT() as slave
|
||||
// mount so that changes in the container will not be propagated to
|
||||
// the host.
|
||||
- script << "mount --make-rslave " << bindMountRoot << "\n";
|
||||
+ script << "@mount@ --make-rslave " << bindMountRoot << "\n";
|
||||
|
||||
// Disable IPv6 when IPv6 module is loaded as IPv6 packets won't be
|
||||
// forwarded anyway.
|
||||
@@ -3945,7 +3947,7 @@ string PortMappingIsolatorProcess::scripts(Info* info)
|
||||
<< " echo 1 > /proc/sys/net/ipv6/conf/all/disable_ipv6\n";
|
||||
|
||||
// Configure lo and eth0.
|
||||
- script << "ip link set " << lo << " address " << hostMAC
|
||||
+ script << "@ip@ link set " << lo << " address " << hostMAC
|
||||
<< " mtu " << hostEth0MTU << " up\n";
|
||||
|
||||
// NOTE: This is mostly a kernel issue: in veth_xmit() the kernel
|
||||
@@ -3954,12 +3956,12 @@ string PortMappingIsolatorProcess::scripts(Info* info)
|
||||
// when we receive a packet with a bad checksum. Disabling rx
|
||||
// checksum offloading ensures the TCP layer will checksum and drop
|
||||
// it.
|
||||
- script << "ethtool -K " << eth0 << " rx off\n";
|
||||
- script << "ip link set " << eth0 << " address " << hostMAC << " up\n";
|
||||
- script << "ip addr add " << hostIPNetwork << " dev " << eth0 << "\n";
|
||||
+ script << "@ethtool@ -K " << eth0 << " rx off\n";
|
||||
+ script << "@ip@ link set " << eth0 << " address " << hostMAC << " up\n";
|
||||
+ script << "@ip@ addr add " << hostIPNetwork << " dev " << eth0 << "\n";
|
||||
|
||||
// Set up the default gateway to match that of eth0.
|
||||
- script << "ip route add default via " << hostDefaultGateway << "\n";
|
||||
+ script << "@ip@ route add default via " << hostDefaultGateway << "\n";
|
||||
|
||||
// Restrict the ephemeral ports that can be used by the container.
|
||||
script << "echo " << info->ephemeralPorts.lower() << " "
|
||||
@@ -3988,19 +3990,19 @@ string PortMappingIsolatorProcess::scripts(Info* info)
|
||||
}
|
||||
|
||||
// Set up filters on lo and eth0.
|
||||
- script << "tc qdisc add dev " << lo << " ingress\n";
|
||||
- script << "tc qdisc add dev " << eth0 << " ingress\n";
|
||||
+ script << "@tc@ qdisc add dev " << lo << " ingress\n";
|
||||
+ script << "@tc@ qdisc add dev " << eth0 << " ingress\n";
|
||||
|
||||
// Allow talking between containers and from container to host.
|
||||
// TODO(chzhcn): Consider merging the following two filters.
|
||||
- script << "tc filter add dev " << lo << " parent " << ingress::HANDLE
|
||||
+ script << "@tc@ filter add dev " << lo << " parent " << ingress::HANDLE
|
||||
<< " protocol ip"
|
||||
<< " prio " << Priority(IP_FILTER_PRIORITY, NORMAL).get() << " u32"
|
||||
<< " flowid ffff:0"
|
||||
<< " match ip dst " << hostIPNetwork.address()
|
||||
<< " action mirred egress redirect dev " << eth0 << "\n";
|
||||
|
||||
- script << "tc filter add dev " << lo << " parent " << ingress::HANDLE
|
||||
+ script << "@tc@ filter add dev " << lo << " parent " << ingress::HANDLE
|
||||
<< " protocol ip"
|
||||
<< " prio " << Priority(IP_FILTER_PRIORITY, NORMAL).get() << " u32"
|
||||
<< " flowid ffff:0"
|
||||
@@ -4011,7 +4013,7 @@ string PortMappingIsolatorProcess::scripts(Info* info)
|
||||
foreach (const PortRange& range,
|
||||
getPortRanges(info->nonEphemeralPorts + info->ephemeralPorts)) {
|
||||
// Local traffic inside a container will not be redirected to eth0.
|
||||
- script << "tc filter add dev " << lo << " parent " << ingress::HANDLE
|
||||
+ script << "@tc@ filter add dev " << lo << " parent " << ingress::HANDLE
|
||||
<< " protocol ip"
|
||||
<< " prio " << Priority(IP_FILTER_PRIORITY, HIGH).get() << " u32"
|
||||
<< " flowid ffff:0"
|
||||
@@ -4020,7 +4022,7 @@ string PortMappingIsolatorProcess::scripts(Info* info)
|
||||
|
||||
// Traffic going to host loopback IP and ports assigned to this
|
||||
// container will be redirected to lo.
|
||||
- script << "tc filter add dev " << eth0 << " parent " << ingress::HANDLE
|
||||
+ script << "@tc@ filter add dev " << eth0 << " parent " << ingress::HANDLE
|
||||
<< " protocol ip"
|
||||
<< " prio " << Priority(IP_FILTER_PRIORITY, NORMAL).get() << " u32"
|
||||
<< " flowid ffff:0"
|
||||
@@ -4032,14 +4034,14 @@ string PortMappingIsolatorProcess::scripts(Info* info)
|
||||
}
|
||||
|
||||
// Do not forward the ICMP packet if the destination IP is self.
|
||||
- script << "tc filter add dev " << lo << " parent " << ingress::HANDLE
|
||||
+ script << "@tc@ filter add dev " << lo << " parent " << ingress::HANDLE
|
||||
<< " protocol ip"
|
||||
<< " prio " << Priority(ICMP_FILTER_PRIORITY, NORMAL).get() << " u32"
|
||||
<< " flowid ffff:0"
|
||||
<< " match ip protocol 1 0xff"
|
||||
<< " match ip dst " << hostIPNetwork.address() << "\n";
|
||||
|
||||
- script << "tc filter add dev " << lo << " parent " << ingress::HANDLE
|
||||
+ script << "@tc@ filter add dev " << lo << " parent " << ingress::HANDLE
|
||||
<< " protocol ip"
|
||||
<< " prio " << Priority(ICMP_FILTER_PRIORITY, NORMAL).get() << " u32"
|
||||
<< " flowid ffff:0"
|
||||
@@ -4048,9 +4050,9 @@ string PortMappingIsolatorProcess::scripts(Info* info)
|
||||
<< net::IP::Network::LOOPBACK_V4().address() << "\n";
|
||||
|
||||
// Display the filters created on eth0 and lo.
|
||||
- script << "tc filter show dev " << eth0
|
||||
+ script << "@tc@ filter show dev " << eth0
|
||||
<< " parent " << ingress::HANDLE << "\n";
|
||||
- script << "tc filter show dev " << lo
|
||||
+ script << "@tc@ filter show dev " << lo
|
||||
<< " parent " << ingress::HANDLE << "\n";
|
||||
|
||||
// If throughput limit for container egress traffic exists, use HTB
|
||||
@@ -4062,9 +4064,9 @@ string PortMappingIsolatorProcess::scripts(Info* info)
|
||||
// throughput. TBF requires other parameters such as 'burst' that
|
||||
// HTB already has default values for.
|
||||
if (egressRateLimitPerContainer.isSome()) {
|
||||
- script << "tc qdisc add dev " << eth0 << " root handle "
|
||||
+ script << "@tc@ qdisc add dev " << eth0 << " root handle "
|
||||
<< CONTAINER_TX_HTB_HANDLE << " htb default 1\n";
|
||||
- script << "tc class add dev " << eth0 << " parent "
|
||||
+ script << "@tc@ class add dev " << eth0 << " parent "
|
||||
<< CONTAINER_TX_HTB_HANDLE << " classid "
|
||||
<< CONTAINER_TX_HTB_CLASS_ID << " htb rate "
|
||||
<< egressRateLimitPerContainer.get().bytes() * 8 << "bit\n";
|
||||
@@ -4075,12 +4077,12 @@ string PortMappingIsolatorProcess::scripts(Info* info)
|
||||
// fq_codel, which has a larger buffer and better control on
|
||||
// buffer bloat.
|
||||
// TODO(cwang): Verity that fq_codel qdisc is available.
|
||||
- script << "tc qdisc add dev " << eth0
|
||||
+ script << "@tc@ qdisc add dev " << eth0
|
||||
<< " parent " << CONTAINER_TX_HTB_CLASS_ID << " fq_codel\n";
|
||||
|
||||
// Display the htb qdisc and class created on eth0.
|
||||
- script << "tc qdisc show dev " << eth0 << "\n";
|
||||
- script << "tc class show dev " << eth0 << "\n";
|
||||
+ script << "@tc@ qdisc show dev " << eth0 << "\n";
|
||||
+ script << "@tc@ class show dev " << eth0 << "\n";
|
||||
}
|
||||
|
||||
return script.str();
|
||||
diff --git i/src/slave/containerizer/mesos/isolators/posix/disk.cpp w/src/slave/containerizer/mesos/isolators/posix/disk.cpp
|
||||
index eb23025..db268ea 100644
|
||||
--- i/src/slave/containerizer/mesos/isolators/posix/disk.cpp
|
||||
+++ w/src/slave/containerizer/mesos/isolators/posix/disk.cpp
|
||||
@@ -572,7 +572,7 @@ private:
|
||||
// NOTE: The supervisor childhook will watch the parent process and kill
|
||||
// the 'du' process in case that the parent die.
|
||||
Try<Subprocess> s = subprocess(
|
||||
- "du",
|
||||
+ "@du@",
|
||||
command,
|
||||
Subprocess::PATH(os::DEV_NULL),
|
||||
Subprocess::PIPE(),
|
||||
diff --git i/src/slave/containerizer/mesos/isolators/volume/image.cpp w/src/slave/containerizer/mesos/isolators/volume/image.cpp
|
||||
index 35966aa..b62fc86 100644
|
||||
--- i/src/slave/containerizer/mesos/isolators/volume/image.cpp
|
||||
+++ w/src/slave/containerizer/mesos/isolators/volume/image.cpp
|
||||
@@ -231,7 +231,7 @@ Future<Option<ContainerLaunchInfo>> VolumeImageIsolatorProcess::_prepare(
|
||||
|
||||
CommandInfo* command = launchInfo.add_pre_exec_commands();
|
||||
command->set_shell(false);
|
||||
- command->set_value("mount");
|
||||
+ command->set_value("@mount@");
|
||||
command->add_arguments("mount");
|
||||
command->add_arguments("-n");
|
||||
command->add_arguments("--rbind");
|
||||
diff --git i/src/slave/containerizer/mesos/isolators/volume/sandbox_path.cpp w/src/slave/containerizer/mesos/isolators/volume/sandbox_path.cpp
|
||||
index b321b86..8ed3e78 100644
|
||||
--- i/src/slave/containerizer/mesos/isolators/volume/sandbox_path.cpp
|
||||
+++ w/src/slave/containerizer/mesos/isolators/volume/sandbox_path.cpp
|
||||
@@ -265,7 +265,7 @@ Future<Option<ContainerLaunchInfo>> VolumeSandboxPathIsolatorProcess::prepare(
|
||||
|
||||
CommandInfo* command = launchInfo.add_pre_exec_commands();
|
||||
command->set_shell(false);
|
||||
- command->set_value("mount");
|
||||
+ command->set_value("@mount@");
|
||||
command->add_arguments("mount");
|
||||
command->add_arguments("-n");
|
||||
command->add_arguments("--rbind");
|
||||
diff --git i/src/slave/containerizer/mesos/provisioner/backends/copy.cpp w/src/slave/containerizer/mesos/provisioner/backends/copy.cpp
|
||||
index 69faa03..01a3ed6 100644
|
||||
--- i/src/slave/containerizer/mesos/provisioner/backends/copy.cpp
|
||||
+++ w/src/slave/containerizer/mesos/provisioner/backends/copy.cpp
|
||||
@@ -266,7 +266,7 @@ Future<Nothing> CopyBackendProcess::_provision(
|
||||
#endif // __APPLE__ || __FreeBSD__
|
||||
|
||||
Try<Subprocess> s = subprocess(
|
||||
- "cp",
|
||||
+ "@cp@",
|
||||
args,
|
||||
Subprocess::PATH(os::DEV_NULL),
|
||||
Subprocess::PATH(os::DEV_NULL),
|
||||
@@ -313,7 +313,7 @@ Future<bool> CopyBackendProcess::destroy(const string& rootfs)
|
||||
vector<string> argv{"rm", "-rf", rootfs};
|
||||
|
||||
Try<Subprocess> s = subprocess(
|
||||
- "rm",
|
||||
+ "@rm@",
|
||||
argv,
|
||||
Subprocess::PATH(os::DEV_NULL),
|
||||
Subprocess::FD(STDOUT_FILENO),
|
||||
diff --git i/src/uri/fetchers/copy.cpp w/src/uri/fetchers/copy.cpp
|
||||
index 17f69be..831b08a 100644
|
||||
--- i/src/uri/fetchers/copy.cpp
|
||||
+++ w/src/uri/fetchers/copy.cpp
|
||||
@@ -97,8 +97,8 @@ Future<Nothing> CopyFetcherPlugin::fetch(
|
||||
VLOG(1) << "Copying '" << uri.path() << "' to '" << directory << "'";
|
||||
|
||||
#ifndef __WINDOWS__
|
||||
- const char* copyCommand = "cp";
|
||||
- const vector<string> argv = {"cp", "-a", uri.path(), directory};
|
||||
+ const char* copyCommand = "@cp@";
|
||||
+ const vector<string> argv = {"@cp@", "-a", uri.path(), directory};
|
||||
#else // __WINDOWS__
|
||||
const char* copyCommand = os::Shell::name;
|
||||
const vector<string> argv =
|
||||
diff --git i/src/uri/fetchers/curl.cpp w/src/uri/fetchers/curl.cpp
|
||||
index f34daf2..6a50341 100644
|
||||
--- i/src/uri/fetchers/curl.cpp
|
||||
+++ w/src/uri/fetchers/curl.cpp
|
||||
@@ -109,7 +109,7 @@ Future<Nothing> CurlFetcherPlugin::fetch(
|
||||
};
|
||||
|
||||
Try<Subprocess> s = subprocess(
|
||||
- "curl",
|
||||
+ "@curl@",
|
||||
argv,
|
||||
Subprocess::PATH(os::DEV_NULL),
|
||||
Subprocess::PIPE(),
|
||||
diff --git i/src/uri/fetchers/docker.cpp w/src/uri/fetchers/docker.cpp
|
||||
index 91db13b..82a7fc4 100644
|
||||
--- i/src/uri/fetchers/docker.cpp
|
||||
+++ w/src/uri/fetchers/docker.cpp
|
||||
@@ -114,7 +114,7 @@ static Future<http::Response> curl(
|
||||
|
||||
// TODO(jieyu): Kill the process if discard is called.
|
||||
Try<Subprocess> s = subprocess(
|
||||
- "curl",
|
||||
+ "@curl@",
|
||||
argv,
|
||||
Subprocess::PATH(os::DEV_NULL),
|
||||
Subprocess::PIPE(),
|
||||
@@ -229,7 +229,7 @@ static Future<int> download(
|
||||
|
||||
// TODO(jieyu): Kill the process if discard is called.
|
||||
Try<Subprocess> s = subprocess(
|
||||
- "curl",
|
||||
+ "@curl@",
|
||||
argv,
|
||||
Subprocess::PATH(os::DEV_NULL),
|
||||
Subprocess::PIPE(),
|
@ -1,12 +0,0 @@
|
||||
diff --git a/src/linux/fs.cpp b/src/linux/fs.cpp
|
||||
index 913e233..c2917a6 100644
|
||||
--- a/src/linux/fs.cpp
|
||||
+++ b/src/linux/fs.cpp
|
||||
@@ -17,6 +17,7 @@
|
||||
#include <errno.h>
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
+#include <syscall.h>
|
||||
|
||||
#include <linux/limits.h>
|
||||
#include <linux/unistd.h>
|
@ -297,6 +297,7 @@ mapAliases ({
|
||||
# floating point textures patents are expired,
|
||||
# so package reduced to alias
|
||||
mesa_drivers = mesa.drivers;
|
||||
mesos = throw "mesos has been removed from nixpkgs, as it's unmaintained"; # added 2020-08-15
|
||||
midoriWrapper = midori; # added 2015-01
|
||||
mlt-qt5 = libsForQt5.mlt; # added 2015-12-19
|
||||
mobile_broadband_provider_info = mobile-broadband-provider-info; # added 2018-02-25
|
||||
|
@ -9821,13 +9821,6 @@ in
|
||||
|
||||
me_cleaner = pythonPackages.callPackage ../tools/misc/me_cleaner { };
|
||||
|
||||
mesos = callPackage ../applications/networking/cluster/mesos {
|
||||
sasl = cyrus_sasl;
|
||||
inherit (pythonPackages) python boto setuptools wrapPython;
|
||||
pythonProtobuf = pythonPackages.protobuf.override { protobuf = protobuf3_6; };
|
||||
perf = linuxPackages.perf;
|
||||
};
|
||||
|
||||
mesos-dns = callPackage ../servers/mesos-dns { };
|
||||
|
||||
metamath = callPackage ../development/interpreters/metamath { };
|
||||
|
Loading…
Reference in New Issue
Block a user