You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@mesos.apache.org by ji...@apache.org on 2016/10/12 18:01:54 UTC

[3/5] mesos git commit: Added fields `chain` and `excludeDevices` to `PortMapper`.

Added fields `chain` and `excludeDevices` to `PortMapper`.

Review: https://reviews.apache.org/r/51736/


Project: http://git-wip-us.apache.org/repos/asf/mesos/repo
Commit: http://git-wip-us.apache.org/repos/asf/mesos/commit/fba4c1e8
Tree: http://git-wip-us.apache.org/repos/asf/mesos/tree/fba4c1e8
Diff: http://git-wip-us.apache.org/repos/asf/mesos/diff/fba4c1e8

Branch: refs/heads/master
Commit: fba4c1e85c4417c79764dd5858192851b2e0eabd
Parents: 06d2e23
Author: Avinash sridharan <av...@mesosphere.io>
Authored: Wed Oct 12 09:11:30 2016 -0700
Committer: Jie Yu <yu...@gmail.com>
Committed: Wed Oct 12 10:59:45 2016 -0700

----------------------------------------------------------------------
 .../cni/plugins/port_mapper/port_mapper.cpp     | 28 +++++++++++++++++++-
 .../cni/plugins/port_mapper/port_mapper.hpp     | 22 +++++++++++++--
 2 files changed, 47 insertions(+), 3 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/mesos/blob/fba4c1e8/src/slave/containerizer/mesos/isolators/network/cni/plugins/port_mapper/port_mapper.cpp
----------------------------------------------------------------------
diff --git a/src/slave/containerizer/mesos/isolators/network/cni/plugins/port_mapper/port_mapper.cpp b/src/slave/containerizer/mesos/isolators/network/cni/plugins/port_mapper/port_mapper.cpp
index 0ecf64f..836fed5 100644
--- a/src/slave/containerizer/mesos/isolators/network/cni/plugins/port_mapper/port_mapper.cpp
+++ b/src/slave/containerizer/mesos/isolators/network/cni/plugins/port_mapper/port_mapper.cpp
@@ -20,6 +20,7 @@
 #include "slave/containerizer/mesos/isolators/network/cni/plugins/port_mapper/port_mapper.hpp"
 
 using std::string;
+using std::vector;
 
 using process::Future;
 using process::Owned;
@@ -91,6 +92,29 @@ Try<Owned<PortMapper>> PortMapper::create(const string& _cniConfig)
         ERROR_BAD_ARGS));
   }
 
+  vector<string> excludeDevices;
+
+  Result<JSON::Array> _excludeDevices =
+    cniConfig->find<JSON::Array>("excludeDevices");
+
+  if (_excludeDevices.isError()) {
+    return Error(spec::error(
+        "Failed to parse field 'excludeDevices': " +
+        _excludeDevices.error(),
+        ERROR_BAD_ARGS));
+  } else if (_excludeDevices.isSome()) {
+    foreach (const JSON::Value& value, _excludeDevices->values) {
+      if (!value.is<JSON::String>()) {
+        return Error(spec::error(
+            "Failed to parse 'excludeDevices' list. "
+            "The excluded device needs to be a string",
+            ERROR_BAD_ARGS));
+      }
+
+      excludeDevices.push_back(value.as<JSON::String>().value);
+    }
+  }
+
   // While the 'args' field is optional in the CNI spec it is critical
   // to the port-mapper plugin to learn of any port-mappings that the
   // framework might have requested for this container.
@@ -175,7 +199,9 @@ Try<Owned<PortMapper>> PortMapper::create(const string& _cniConfig)
           cniPath.get(),
           networkInfo.get(),
           delegatePlugin->value,
-          delegateConfig.get()));
+          delegateConfig.get(),
+          chain->value,
+          excludeDevices));
 }
 
 

http://git-wip-us.apache.org/repos/asf/mesos/blob/fba4c1e8/src/slave/containerizer/mesos/isolators/network/cni/plugins/port_mapper/port_mapper.hpp
----------------------------------------------------------------------
diff --git a/src/slave/containerizer/mesos/isolators/network/cni/plugins/port_mapper/port_mapper.hpp b/src/slave/containerizer/mesos/isolators/network/cni/plugins/port_mapper/port_mapper.hpp
index 8554753..b943254 100644
--- a/src/slave/containerizer/mesos/isolators/network/cni/plugins/port_mapper/port_mapper.hpp
+++ b/src/slave/containerizer/mesos/isolators/network/cni/plugins/port_mapper/port_mapper.hpp
@@ -97,7 +97,9 @@ private:
       const std::string& _cniPath,          // Paths to search for CNI plugins.
       const mesos::NetworkInfo& _networkInfo,
       const std::string& _delegatePlugin,
-      const JSON::Object& _delegateConfig)
+      const JSON::Object& _delegateConfig,
+      const std::string& _chain,
+      const std::vector<std::string>& _excludeDevices)
     : cniCommand(_cniCommand),
       cniContainerId(_cniContainerId),
       cniNetNs(_cniNetNs),
@@ -106,7 +108,9 @@ private:
       cniPath(_cniPath),
       networkInfo(_networkInfo),
       delegatePlugin(_delegatePlugin),
-      delegateConfig(_delegateConfig) {};
+      delegateConfig(_delegateConfig),
+      chain(_chain),
+      excludeDevices(_excludeDevices){};
 
   const std::string cniCommand;
   const Option<std::string> cniContainerId;
@@ -114,9 +118,23 @@ private:
   const std::string cniIfName;
   const Option<std::string> cniArgs;
   const std::string cniPath;
+
   const mesos::NetworkInfo networkInfo;
+
   const std::string delegatePlugin;
   const JSON::Object delegateConfig;
+
+  // The iptable chain to which the DNAT rules need to be added. We
+  // need a separate chain, so that we can group the DNAT rules
+  // specific to this CNI network under this chain. It makes it easier
+  // for the operator to analyze the ownership of these rules if they
+  // are grouped under a chain that the operator is aware is used by
+  // the CNI plugin.
+  const std::string chain;
+
+  // List of ingress devices that should be excluded from the DNAT
+  // rules.
+  const std::vector<std::string> excludeDevices;
 };
 
 } // namespace cni {