You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@mesos.apache.org by jp...@apache.org on 2017/10/19 23:34:27 UTC

[06/11] mesos git commit: Added network ports isolator socket utilities tests.

Added network ports isolator socket utilities tests.

Added some basic tests for the network ports isolator socket
utilities. We test that we can enumerate our own sockets and
use that to figure out what ports we are listening on.

Review: https://reviews.apache.org/r/61536/


Project: http://git-wip-us.apache.org/repos/asf/mesos/repo
Commit: http://git-wip-us.apache.org/repos/asf/mesos/commit/91d9a61e
Tree: http://git-wip-us.apache.org/repos/asf/mesos/tree/91d9a61e
Diff: http://git-wip-us.apache.org/repos/asf/mesos/diff/91d9a61e

Branch: refs/heads/master
Commit: 91d9a61e97672f0841389cee9730a4e76605224a
Parents: d5cf6e8
Author: James Peach <jp...@apache.org>
Authored: Thu Oct 19 15:35:43 2017 -0700
Committer: James Peach <jp...@apache.org>
Committed: Thu Oct 19 16:33:35 2017 -0700

----------------------------------------------------------------------
 src/Makefile.am                                 |   5 +
 .../containerizer/ports_isolator_tests.cpp      | 105 +++++++++++++++++++
 2 files changed, 110 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/mesos/blob/91d9a61e/src/Makefile.am
----------------------------------------------------------------------
diff --git a/src/Makefile.am b/src/Makefile.am
index b45f5a7..b60a54a 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -2567,6 +2567,11 @@ mesos_tests_SOURCES +=						\
   tests/containerizer/port_mapping_tests.cpp
 endif
 
+if ENABLE_NETWORK_PORTS_ISOLATOR
+mesos_tests_SOURCES +=						\
+  tests/containerizer/ports_isolator_tests.cpp
+endif
+
 if ENABLE_GRPC
 mesos_tests_SOURCES +=						\
   tests/csi_client_tests.cpp					\

http://git-wip-us.apache.org/repos/asf/mesos/blob/91d9a61e/src/tests/containerizer/ports_isolator_tests.cpp
----------------------------------------------------------------------
diff --git a/src/tests/containerizer/ports_isolator_tests.cpp b/src/tests/containerizer/ports_isolator_tests.cpp
new file mode 100644
index 0000000..016f9cc
--- /dev/null
+++ b/src/tests/containerizer/ports_isolator_tests.cpp
@@ -0,0 +1,105 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#include <string>
+
+#include <process/future.hpp>
+#include <process/gtest.hpp>
+#include <process/process.hpp>
+
+#include <stout/gtest.hpp>
+
+#include "slave/containerizer/mesos/isolators/network/ports.hpp"
+
+#include "tests/mesos.hpp"
+
+using process::Future;
+using process::Owned;
+
+using mesos::internal::slave::NetworkPortsIsolatorProcess;
+
+using std::string;
+using std::vector;
+
+using namespace routing::diagnosis;
+
+namespace mesos {
+namespace internal {
+namespace tests {
+
+class NetworkPortsIsolatorTest : public MesosTest {};
+
+
+// This test verifies that we can correctly detect sockets that
+// a process is listening on. We take advantage of the fact that
+// libprocess always implicitly listens on a socket, so we can
+// query our current PID for listening sockets and verify that
+// result against the libprocess address.
+TEST(NetworkPortsIsolatorUtilityTest, QueryProcessSockets)
+{
+  Try<hashmap<uint32_t, socket::Info>> listeners =
+    NetworkPortsIsolatorProcess::getListeningSockets();
+
+  ASSERT_SOME(listeners);
+  EXPECT_GT(listeners->size(), 0u);
+
+  foreachvalue (const socket::Info& info, listeners.get()) {
+    EXPECT_SOME(info.sourceIP);
+    EXPECT_SOME(info.sourcePort);
+  }
+
+  Try<std::vector<uint32_t>> socketInodes =
+    NetworkPortsIsolatorProcess::getProcessSockets(getpid());
+
+  ASSERT_SOME(socketInodes);
+  EXPECT_GT(socketInodes->size(), 0u);
+
+  vector<socket::Info> socketInfos;
+
+  // Collect the Info for our own listening sockets.
+  foreach (uint32_t inode, socketInodes.get()) {
+    if (listeners->contains(inode)) {
+        socketInfos.push_back(listeners->at(inode));
+    }
+  }
+
+  // libprocess always listens on a socket, so the fact that we
+  // are running implies that we should at least find out about
+  // the libprocess socket.
+  EXPECT_GT(socketInfos.size(), 0u);
+
+  bool matched = false;
+  process::network::inet::Address processAddress = process::address();
+
+  foreach (const auto& info, socketInfos) {
+    // We can only match on the port, since libprocess will typically
+    // indicate that it is listening on the ANY address (i.e. 0.0.0.0)
+    // but the socket diagnostics will publish the actual address of a
+    // network interface.
+    if (ntohs(info.sourcePort.get()) == processAddress.port) {
+      matched = true;
+    }
+  }
+
+  // Verify that we matched the libprocess address in the set of
+  // listening sockets for this process.
+  EXPECT_TRUE(matched) << "Unmatched libprocess address "
+                       << processAddress;
+}
+
+} // namespace tests {
+} // namespace internal {
+} // namespace mesos {