You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@mesos.apache.org by bm...@apache.org on 2019/05/16 13:25:13 UTC
[mesos] branch 1.7.x updated (22d07ce -> 9135051)
This is an automated email from the ASF dual-hosted git repository.
bmahler pushed a change to branch 1.7.x
in repository https://gitbox.apache.org/repos/asf/mesos.git.
from 22d07ce Enabled more constructors for master `RegistryOperation`.
new ef484fe Added logging of slow reverse DNS when accepting SSL connections.
new 9135051 Added MESOS-9787 to the 1.7.3 CHANGELOG.
The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
.../libprocess/src/posix/libevent/libevent_ssl_socket.cpp | 13 +++++++++++++
CHANGELOG | 1 +
2 files changed, 14 insertions(+)
[mesos] 02/02: Added MESOS-9787 to the 1.7.3 CHANGELOG.
Posted by bm...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
bmahler pushed a commit to branch 1.7.x
in repository https://gitbox.apache.org/repos/asf/mesos.git
commit 9135051f19d9d7509a058a965ee20f20f1a1bc04
Author: Benjamin Mahler <bm...@apache.org>
AuthorDate: Thu May 16 15:22:46 2019 +0200
Added MESOS-9787 to the 1.7.3 CHANGELOG.
---
CHANGELOG | 1 +
1 file changed, 1 insertion(+)
diff --git a/CHANGELOG b/CHANGELOG
index 0b3cf75..bd0c092 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -19,6 +19,7 @@ Release Notes - Mesos - Version 1.7.3 (WIP)
* [MESOS-9695] - Remove the duplicate pid check in Docker containerizer
* [MESOS-9707] - Calling link::lo() may cause runtime error
* [MESOS-9766] - /__processes__ endpoint can hang.
+ * [MESOS-9787] - Low slow SSL (TLS) peer reverse DNS lookup.
** Improvements
* [MESOS-8880] - Add minimum capabilities in the master.
[mesos] 01/02: Added logging of slow reverse DNS when accepting SSL
connections.
Posted by bm...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
bmahler pushed a commit to branch 1.7.x
in repository https://gitbox.apache.org/repos/asf/mesos.git
commit ef484fec2fd07b90ea8711f7f807641b015c4f43
Author: Benjamin Mahler <bm...@apache.org>
AuthorDate: Thu May 16 11:42:26 2019 +0200
Added logging of slow reverse DNS when accepting SSL connections.
Slow reverse DNS lookup is a serious issue since today it is done
synchronously from the event loop thread, see MESOS-9339 and
related tickets. Logging slow requests will substantially improve
debugging.
Review: https://reviews.apache.org/r/70653
---
.../libprocess/src/posix/libevent/libevent_ssl_socket.cpp | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/3rdparty/libprocess/src/posix/libevent/libevent_ssl_socket.cpp b/3rdparty/libprocess/src/posix/libevent/libevent_ssl_socket.cpp
index 436b389..520ec41 100644
--- a/3rdparty/libprocess/src/posix/libevent/libevent_ssl_socket.cpp
+++ b/3rdparty/libprocess/src/posix/libevent/libevent_ssl_socket.cpp
@@ -26,6 +26,7 @@
#include <process/ssl/flags.hpp>
#include <stout/net.hpp>
+#include <stout/stopwatch.hpp>
#include <stout/synchronized.hpp>
#include <stout/os/close.hpp>
@@ -1152,7 +1153,19 @@ void LibeventSSLSocketImpl::accept_SSL_callback(AcceptRequest* request)
Option<string> peer_hostname = None();
if (request->ip.isSome()) {
+ Stopwatch watch;
+
+ watch.start();
Try<string> hostname = net::getHostname(request->ip.get());
+ watch.stop();
+
+ // Due to MESOS-9339, a slow reverse DNS lookup will cause
+ // serious issues as it blocks the event loop thread.
+ if (watch.elapsed() > Milliseconds(100)) {
+ LOG(WARNING) << "Reverse DNS lookup for '" << *request->ip << "'"
+ << " took " << watch.elapsed().ms() << "ms"
+ << ", slowness is problematic (see MESOS-9339)";
+ }
if (hostname.isError()) {
VLOG(2) << "Could not determine hostname of peer: "