You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@mesos.apache.org by ji...@apache.org on 2016/10/12 18:01:54 UTC
[3/5] mesos git commit: Added fields `chain` and `excludeDevices` to
`PortMapper`.
Added fields `chain` and `excludeDevices` to `PortMapper`.
Review: https://reviews.apache.org/r/51736/
Project: http://git-wip-us.apache.org/repos/asf/mesos/repo
Commit: http://git-wip-us.apache.org/repos/asf/mesos/commit/fba4c1e8
Tree: http://git-wip-us.apache.org/repos/asf/mesos/tree/fba4c1e8
Diff: http://git-wip-us.apache.org/repos/asf/mesos/diff/fba4c1e8
Branch: refs/heads/master
Commit: fba4c1e85c4417c79764dd5858192851b2e0eabd
Parents: 06d2e23
Author: Avinash sridharan <av...@mesosphere.io>
Authored: Wed Oct 12 09:11:30 2016 -0700
Committer: Jie Yu <yu...@gmail.com>
Committed: Wed Oct 12 10:59:45 2016 -0700
----------------------------------------------------------------------
.../cni/plugins/port_mapper/port_mapper.cpp | 28 +++++++++++++++++++-
.../cni/plugins/port_mapper/port_mapper.hpp | 22 +++++++++++++--
2 files changed, 47 insertions(+), 3 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/mesos/blob/fba4c1e8/src/slave/containerizer/mesos/isolators/network/cni/plugins/port_mapper/port_mapper.cpp
----------------------------------------------------------------------
diff --git a/src/slave/containerizer/mesos/isolators/network/cni/plugins/port_mapper/port_mapper.cpp b/src/slave/containerizer/mesos/isolators/network/cni/plugins/port_mapper/port_mapper.cpp
index 0ecf64f..836fed5 100644
--- a/src/slave/containerizer/mesos/isolators/network/cni/plugins/port_mapper/port_mapper.cpp
+++ b/src/slave/containerizer/mesos/isolators/network/cni/plugins/port_mapper/port_mapper.cpp
@@ -20,6 +20,7 @@
#include "slave/containerizer/mesos/isolators/network/cni/plugins/port_mapper/port_mapper.hpp"
using std::string;
+using std::vector;
using process::Future;
using process::Owned;
@@ -91,6 +92,29 @@ Try<Owned<PortMapper>> PortMapper::create(const string& _cniConfig)
ERROR_BAD_ARGS));
}
+ vector<string> excludeDevices;
+
+ Result<JSON::Array> _excludeDevices =
+ cniConfig->find<JSON::Array>("excludeDevices");
+
+ if (_excludeDevices.isError()) {
+ return Error(spec::error(
+ "Failed to parse field 'excludeDevices': " +
+ _excludeDevices.error(),
+ ERROR_BAD_ARGS));
+ } else if (_excludeDevices.isSome()) {
+ foreach (const JSON::Value& value, _excludeDevices->values) {
+ if (!value.is<JSON::String>()) {
+ return Error(spec::error(
+ "Failed to parse 'excludeDevices' list. "
+ "The excluded device needs to be a string",
+ ERROR_BAD_ARGS));
+ }
+
+ excludeDevices.push_back(value.as<JSON::String>().value);
+ }
+ }
+
// While the 'args' field is optional in the CNI spec it is critical
// to the port-mapper plugin to learn of any port-mappings that the
// framework might have requested for this container.
@@ -175,7 +199,9 @@ Try<Owned<PortMapper>> PortMapper::create(const string& _cniConfig)
cniPath.get(),
networkInfo.get(),
delegatePlugin->value,
- delegateConfig.get()));
+ delegateConfig.get(),
+ chain->value,
+ excludeDevices));
}
http://git-wip-us.apache.org/repos/asf/mesos/blob/fba4c1e8/src/slave/containerizer/mesos/isolators/network/cni/plugins/port_mapper/port_mapper.hpp
----------------------------------------------------------------------
diff --git a/src/slave/containerizer/mesos/isolators/network/cni/plugins/port_mapper/port_mapper.hpp b/src/slave/containerizer/mesos/isolators/network/cni/plugins/port_mapper/port_mapper.hpp
index 8554753..b943254 100644
--- a/src/slave/containerizer/mesos/isolators/network/cni/plugins/port_mapper/port_mapper.hpp
+++ b/src/slave/containerizer/mesos/isolators/network/cni/plugins/port_mapper/port_mapper.hpp
@@ -97,7 +97,9 @@ private:
const std::string& _cniPath, // Paths to search for CNI plugins.
const mesos::NetworkInfo& _networkInfo,
const std::string& _delegatePlugin,
- const JSON::Object& _delegateConfig)
+ const JSON::Object& _delegateConfig,
+ const std::string& _chain,
+ const std::vector<std::string>& _excludeDevices)
: cniCommand(_cniCommand),
cniContainerId(_cniContainerId),
cniNetNs(_cniNetNs),
@@ -106,7 +108,9 @@ private:
cniPath(_cniPath),
networkInfo(_networkInfo),
delegatePlugin(_delegatePlugin),
- delegateConfig(_delegateConfig) {};
+ delegateConfig(_delegateConfig),
+ chain(_chain),
+ excludeDevices(_excludeDevices){};
const std::string cniCommand;
const Option<std::string> cniContainerId;
@@ -114,9 +118,23 @@ private:
const std::string cniIfName;
const Option<std::string> cniArgs;
const std::string cniPath;
+
const mesos::NetworkInfo networkInfo;
+
const std::string delegatePlugin;
const JSON::Object delegateConfig;
+
+ // The iptable chain to which the DNAT rules need to be added. We
+ // need a separate chain, so that we can group the DNAT rules
+ // specific to this CNI network under this chain. It makes it easier
+ // for the operator to analyze the ownership of these rules if they
+ // are grouped under a chain that the operator is aware is used by
+ // the CNI plugin.
+ const std::string chain;
+
+ // List of ingress devices that should be excluded from the DNAT
+ // rules.
+ const std::vector<std::string> excludeDevices;
};
} // namespace cni {