cluster up: use rslave propagation mode with nsenter mounter

[csrwng]

When choosing to use nsenter mounter, mount volumes dir with 'rslave' propagation mode

Fixes #10215

[csrwng]

@pmorie @ncdc @bparees

[csrwng]

I've tested this on RHEL (Docker 1.10) and ArchLinux (Docker 1.12)

[bparees]

@csrwng so what, if any, scenarios are broken with this? docker1.9?

[csrwng]

@bparees afaik none ... we simply continue using nsenter mounter in most linux distros.

[csrwng]

@bparees so the reason that RHEL and Fedora work with nsenter mounter right now is that by default they use 'rslave' propagation mode for all mounts when one is not specified. This is simply forcing other distros to do the same for the volume share.

[bparees]

@bparees afaik none ... we simply continue using nsenter mounter in most linux distros.

i feel like @pmorie indicate the slave mount was a new thing in docker1.10.

[bparees]

This is simply forcing other distros to do the same for the volume share.

ah, maybe it's that defaulting behavior he was explaining.

[pmorie]

i feel like @pmorie indicate the slave mount was a new thing in docker1.10.

The new thing was being able to control the propagation mode of a volume. In the RH distribution of docker prior to 1.9, we carried a patch that made the default propagation mode slave, whereas it was private in upstream.

[bparees]

The new thing was being able to control the propagation mode of a volume.

is that not what this PR is taking advantage of?

[pmorie]

@bparees to answer your question more clearly -- pre-1.10 non-RH dockers will not work with this.

[bparees]

@pmorie thanks. I think we can live w/ that, but i wanted to make sure we understood it.

[csrwng]

@bparees @pmorie hmm, actually it won't work on 1.9.x on any OS. I tried on Debian Jessie and Fedora 22, both with 1.9.1:

-- Starting OpenShift container ...
   Creating initial OpenShift configuration
FAIL
   Error: could not create OpenShift configuration
   Caused By:
     Error: cannot create container using image openshift/origin:v1.3.0-alpha.3
     Caused By:
       Error: API error (500): invalid mode for volumes-from: rslave

It seems that maybe we should outright tell you that we need 1.10

[csrwng]

Or if running with 1.9, inspect a container to see its mount propagation mode and if 'rslave' then allow you to run.

[pmorie]

@csrwng 1.9.x doesn't support the slave flag in any distribution, but in RH, the propagation mode of bind mounts is always slave

[csrwng]

nm, in 1.9.1 on fedora, inspecting a container doesn't tell you what the propagation mode is.

[csrwng]

@bparees @pmorie so we have 2 options:

1. Always fail if Docker version < 1.10 and tell you to upgrade
2. Only add the :rslave mode to the mount if Docker version 1.10 and let you try your luck with Docker version < 1.10 (If on Fedora/RHEL, things will work)

Preference?

[pmorie]

I wish there were a way to detect the distro of the docker engine.

[bparees]

(2) coupled w/ a warning when you're on docker 1.9 and possibly attempting to detect the distro (/etc/redhat-release) as part of the warning would be my preference i think.

[ncdc]

docker info and docker version should be able to get you that info. You
could look at the kernel version, package version, or operating system.

On Tue, Aug 23, 2016 at 11:02 AM, Paul Morie notifications@github.com
wrote:

I wish there were a way to detect the distro of the docker engine.

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
#10571 (comment),
or mute the thread
https://github.com/notifications/unsubscribe-auth/AAABYlJWHtVU6o1j_ER0bePvR0GXSKMXks5qiwtsgaJpZM4JqLKR
.

[csrwng]

Thanks, will take a look... it would definitely be a nicer experience if we tell you outright that we don't support your Docker version

[pmorie]

Caveat: what if you run upstream docker on a Red Hat system?

[csrwng]

I will try it, and see what's the difference in 'docker info'

[bparees]

Caveat: what if you run upstream docker on a Red Hat system?

then hopefully you're running something current :)

yes that's an understood limitation of my suggestion, though it sounds like @ncdc's suggestion would cover it.

[pmorie]

then hopefully you're running something current :)

If you're running something current, it doesn't really matter.

[bparees]

If you're running something current, it doesn't really matter.

that was my point. if we detect the version is 1.10+, then we don't need to determine the distribution.

So the detection logic would only fail if:

1. you are on a redhat OS distro
2. you've installed an upstream distro of docker
3. that docker version is older than 1.10

which seems unlikely.

[csrwng]

Updated the code to check the Docker version. If the Docker version is < 1.10 and not a Red Hat distro, then we fail. Tested on fedora, rhel, arch linux (newer and older docker versions).

[bparees]

centos?

[csrwng]

it also has .el7 (just like rhel):

[root@localhost ~]# docker version
Client:
 Version:         1.10.3
 API version:     1.22
 Package version: docker-common-1.10.3-46.el7.centos.10.x86_64
 Go version:      go1.6.3
 Git commit:      d381c64-unsupported
 Built:           Thu Aug  4 13:21:17 2016
 OS/Arch:         linux/amd64

Server:
 Version:         1.10.3
 API version:     1.22
 Package version: docker-common-1.10.3-46.el7.centos.10.x86_64
 Go version:      go1.6.3
 Git commit:      d381c64-unsupported
 Built:           Thu Aug  4 13:21:17 2016
 OS/Arch:         linux/amd64

[bparees]

cool

[bparees]

lgtm, will let @pmorie have the last word.

[csrwng]

removed artificial check for mac/windows OS ... we should determine the mount to use based on the docker daemon.

tested on os x and windows

[bparees]

@pmorie bump. happy?

[pmorie]

lgtm, [merge]

[bparees]

Flake #7706

[merge]

Ben Parees | OpenShift

On Aug 25, 2016 12:12 PM, "OpenShift Bot" notifications@github.com wrote:

continuous-integration/openshift-jenkins/merge FAILURE (
https://ci.openshift.redhat.com/jenkins/job/test_pr_origin/8432/)

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
#10571 (comment),
or mute the thread
https://github.com/notifications/unsubscribe-auth/AEvl3t5_-S9rk_26EuXyHfZE9IZuEWrKks5qjb7zgaJpZM4JqLKR
.

[csrwng]

Flake #7706
[merge]

[ncdc]

[merge]

On Thursday, August 25, 2016, OpenShift Bot notifications@github.com
wrote:

continuous-integration/openshift-jenkins/merge FAILURE (
https://ci.openshift.redhat.com/jenkins/job/test_pr_origin/8455/)

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
#10571 (comment),
or mute the thread
https://github.com/notifications/unsubscribe-auth/AAABYsbqlKefYpbYXjAHU8KGVIOhRumhks5qjht_gaJpZM4JqLKR
.

[openshift-bot]

continuous-integration/openshift-jenkins/merge SUCCESS (https://ci.openshift.redhat.com/jenkins/job/test_pr_origin/8464/) (Image: devenv-rhel7_4933)

[csrwng]

Flake #9929
[merge]

[openshift-bot]

Evaluated for origin merge up to 5630015