You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@mesos.apache.org by ti...@apache.org on 2018/01/31 02:45:26 UTC
[4/5] mesos git commit: Added authentication to some example
frameworks.
Added authentication to some example frameworks.
All example frameworks now support authenticating when registering
to the master.
Review: https://reviews.apache.org/r/64849/
Project: http://git-wip-us.apache.org/repos/asf/mesos/repo
Commit: http://git-wip-us.apache.org/repos/asf/mesos/commit/7e4e9ce9
Tree: http://git-wip-us.apache.org/repos/asf/mesos/tree/7e4e9ce9
Diff: http://git-wip-us.apache.org/repos/asf/mesos/diff/7e4e9ce9
Branch: refs/heads/master
Commit: 7e4e9ce93fd7408c75b7809ce4c3f666ce96f43c
Parents: 2d2806a
Author: Till Toenshoff <to...@me.com>
Authored: Wed Jan 31 03:41:02 2018 +0100
Committer: Till Toenshoff <to...@me.com>
Committed: Wed Jan 31 03:41:02 2018 +0100
----------------------------------------------------------------------
src/examples/dynamic_reservation_framework.cpp | 60 ++++++++++---------
src/examples/persistent_volume_framework.cpp | 58 ++++++++++--------
src/examples/test_http_framework.cpp | 65 +++++++--------------
src/tests/persistent_volume_framework_test.sh | 2 +-
4 files changed, 89 insertions(+), 96 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/mesos/blob/7e4e9ce9/src/examples/dynamic_reservation_framework.cpp
----------------------------------------------------------------------
diff --git a/src/examples/dynamic_reservation_framework.cpp b/src/examples/dynamic_reservation_framework.cpp
index 15f3ec5..a9dabc0 100644
--- a/src/examples/dynamic_reservation_framework.cpp
+++ b/src/examples/dynamic_reservation_framework.cpp
@@ -32,15 +32,12 @@
#include <stout/stringify.hpp>
#include <stout/try.hpp>
-#include "logging/logging.hpp"
-
#include "examples/flags.hpp"
+#include "logging/logging.hpp"
+
using namespace mesos;
-using std::cerr;
-using std::cout;
-using std::endl;
using std::string;
using std::vector;
@@ -334,20 +331,12 @@ class Flags : public virtual mesos::internal::examples::Flags
public:
Flags()
{
- // Using non unified role flag as this framework needs a non "*"
- // default role.
- add(&Flags::role,
- "role",
- "Role to use when registering.",
- "test");
-
add(&Flags::command,
"command",
"The command to run for each task.",
"echo hello");
}
- string role;
string command;
};
@@ -358,19 +347,12 @@ int main(int argc, char** argv)
Try<flags::Warnings> load = flags.load("MESOS_EXAMPLE_", argc, argv);
if (flags.help) {
- cout << flags.usage() << endl;
+ std::cout << flags.usage() << std::endl;
return EXIT_SUCCESS;
}
if (load.isError()) {
- cerr << flags.usage(load.error()) << endl;
- return EXIT_FAILURE;
- }
-
- if (flags.role == "*") {
- cerr << flags.usage(
- "Role is incorrect; the default '*' role cannot be used")
- << endl;
+ std::cerr << flags.usage(load.error()) << std::endl;
return EXIT_FAILURE;
}
@@ -381,10 +363,16 @@ int main(int argc, char** argv)
LOG(WARNING) << warning.message;
}
+ if (flags.role == "*") {
+ EXIT(EXIT_FAILURE) << flags.usage(
+ "Role is incorrect; the default '*' role cannot be used");
+ }
+
FrameworkInfo framework;
framework.set_user(""); // Mesos'll fill in the current user.
framework.set_principal(flags.principal);
framework.set_name(FRAMEWORK_NAME);
+ framework.set_checkpoint(flags.checkpoint);
framework.add_roles(flags.role);
framework.add_capabilities()->set_type(
FrameworkInfo::Capability::MULTI_ROLE);
@@ -398,7 +386,7 @@ int main(int argc, char** argv)
if (flags.master == "local") {
// Configure master.
- os::setenv("MESOS_AUTHENTICATE_FRAMEWORKS", "false");
+ os::setenv("MESOS_AUTHENTICATE_FRAMEWORKS", stringify(flags.authenticate));
ACLs acls;
ACL::RegisterFramework* acl = acls.add_register_frameworks();
@@ -407,10 +395,28 @@ int main(int argc, char** argv)
os::setenv("MESOS_ACLS", stringify(JSON::protobuf(acls)));
}
- MesosSchedulerDriver* driver = new MesosSchedulerDriver(
- &scheduler,
- framework,
- flags.master);
+ MesosSchedulerDriver* driver;
+
+ if (flags.authenticate) {
+ LOG(INFO) << "Enabling authentication for the framework";
+
+ Credential credential;
+ credential.set_principal(flags.principal);
+ if (flags.secret.isSome()) {
+ credential.set_secret(flags.secret.get());
+ }
+
+ driver = new MesosSchedulerDriver(
+ &scheduler,
+ framework,
+ flags.master,
+ credential);
+ } else {
+ driver = new MesosSchedulerDriver(
+ &scheduler,
+ framework,
+ flags.master);
+ }
int status = driver->run() == DRIVER_STOPPED ? 0 : 1;
http://git-wip-us.apache.org/repos/asf/mesos/blob/7e4e9ce9/src/examples/persistent_volume_framework.cpp
----------------------------------------------------------------------
diff --git a/src/examples/persistent_volume_framework.cpp b/src/examples/persistent_volume_framework.cpp
index 0339af9..4337550 100644
--- a/src/examples/persistent_volume_framework.cpp
+++ b/src/examples/persistent_volume_framework.cpp
@@ -39,17 +39,13 @@
#include "common/status_utils.hpp"
-#include "logging/flags.hpp"
-#include "logging/logging.hpp"
-
#include "examples/flags.hpp"
+#include "logging/logging.hpp"
+
using namespace mesos;
using namespace mesos::internal;
-using std::cerr;
-using std::cout;
-using std::endl;
using std::ostringstream;
using std::string;
using std::vector;
@@ -492,19 +488,11 @@ private:
};
-class Flags : public virtual mesos::internal::examples::Flags,
- public virtual logging::Flags
+class Flags : public virtual mesos::internal::examples::Flags
{
public:
Flags()
{
- // Using non unified role flag as this framework needs a non "*"
- // default role.
- add(&Flags::role,
- "role",
- "Role to use when registering",
- "test");
-
add(&Flags::num_shards,
"num_shards",
"The number of shards the framework will run using regular volume.",
@@ -521,7 +509,6 @@ public:
2);
}
- string role;
size_t num_shards;
size_t num_shared_shards;
size_t tasks_per_shard;
@@ -534,12 +521,12 @@ int main(int argc, char** argv)
Try<flags::Warnings> load = flags.load("MESOS_EXAMPLE_", argc, argv);
if (flags.help) {
- cout << flags.usage() << endl;
+ std::cout << flags.usage() << std::endl;
return EXIT_SUCCESS;
}
if (load.isError()) {
- cerr << flags.usage(load.error()) << endl;
+ std::cerr << flags.usage(load.error()) << std::endl;
return EXIT_FAILURE;
}
@@ -550,14 +537,19 @@ int main(int argc, char** argv)
LOG(WARNING) << warning.message;
}
+ if (flags.role == "*") {
+ EXIT(EXIT_FAILURE)
+ << "Role is incorrect; the default '*' role cannot be used";
+ }
+
FrameworkInfo framework;
framework.set_user(""); // Have Mesos fill in the current user.
framework.set_principal(flags.principal);
framework.set_name(FRAMEWORK_NAME);
- framework.add_roles(flags.role);
framework.add_capabilities()->set_type(
FrameworkInfo::Capability::MULTI_ROLE);
- framework.set_checkpoint(true);
+ framework.set_checkpoint(flags.checkpoint);
+ framework.add_roles(flags.role);
framework.add_capabilities()->set_type(
FrameworkInfo::Capability::SHARED_RESOURCES);
framework.add_capabilities()->set_type(
@@ -578,16 +570,34 @@ int main(int argc, char** argv)
os::setenv("MESOS_DEFAULT_ROLE", flags.role);
}
+ MesosSchedulerDriver* driver;
+
PersistentVolumeScheduler scheduler(
framework,
flags.num_shards,
flags.num_shared_shards,
flags.tasks_per_shard);
- MesosSchedulerDriver* driver = new MesosSchedulerDriver(
- &scheduler,
- framework,
- flags.master);
+ if (flags.authenticate) {
+ LOG(INFO) << "Enabling authentication for the framework";
+
+ Credential credential;
+ credential.set_principal(flags.principal);
+ if (flags.secret.isSome()) {
+ credential.set_secret(flags.secret.get());
+ }
+
+ driver = new MesosSchedulerDriver(
+ &scheduler,
+ framework,
+ flags.master,
+ credential);
+ } else {
+ driver = new MesosSchedulerDriver(
+ &scheduler,
+ framework,
+ flags.master);
+ }
int status = driver->run() == DRIVER_STOPPED ? EXIT_SUCCESS : EXIT_FAILURE;
http://git-wip-us.apache.org/repos/asf/mesos/blob/7e4e9ce9/src/examples/test_http_framework.cpp
----------------------------------------------------------------------
diff --git a/src/examples/test_http_framework.cpp b/src/examples/test_http_framework.cpp
index 5a706cc..9c8842f 100644
--- a/src/examples/test_http_framework.cpp
+++ b/src/examples/test_http_framework.cpp
@@ -46,7 +46,8 @@
#include "common/status_utils.hpp"
-#include "logging/flags.hpp"
+#include "examples/flags.hpp"
+
#include "logging/logging.hpp"
using namespace mesos::v1;
@@ -76,24 +77,13 @@ class HTTPScheduler : public process::Process<HTTPScheduler>
public:
HTTPScheduler(const FrameworkInfo& _framework,
const ExecutorInfo& _executor,
- const string& _master)
- : framework(_framework),
- role(_framework.roles(0)),
- executor(_executor),
- master(_master),
- state(INITIALIZING),
- tasksLaunched(0),
- tasksFinished(0),
- totalTasks(5) {}
-
- HTTPScheduler(const FrameworkInfo& _framework,
- const ExecutorInfo& _executor,
const string& _master,
- const Credential& credential)
+ const Option<Credential>& _credential)
: framework(_framework),
role(_framework.roles(0)),
executor(_executor),
master(_master),
+ credential(_credential),
state(INITIALIZING),
tasksLaunched(0),
tasksFinished(0),
@@ -224,7 +214,7 @@ protected:
process::defer(self(), &Self::connected),
process::defer(self(), &Self::disconnected),
process::defer(self(), &Self::received, lambda::_1),
- None()));
+ credential));
}
private:
@@ -372,6 +362,7 @@ private:
const string role;
const ExecutorInfo executor;
const string master;
+ const Option<Credential> credential;
process::Owned<scheduler::Mesos> mesos;
enum State
@@ -396,18 +387,7 @@ void usage(const char* argv0, const flags::FlagsBase& flags)
}
-class Flags : public virtual mesos::internal::logging::Flags
-{
-public:
- Flags()
- {
- add(&Flags::role, "role", "Role to use when registering", "*");
- add(&Flags::master, "master", "ip:port of master to connect");
- }
-
- string role;
- Option<string> master;
-};
+class Flags : public virtual mesos::internal::examples::Flags {};
int main(int argc, char** argv)
@@ -436,11 +416,6 @@ int main(int argc, char** argv)
return EXIT_FAILURE;
}
- if (flags.master.isNone()) {
- cerr << flags.usage("Missing --master") << endl;
- return EXIT_FAILURE;
- }
-
mesos::internal::logging::initialize(argv[0], true, flags); // Catch signals.
// Log any flag warnings.
@@ -449,7 +424,9 @@ int main(int argc, char** argv)
}
FrameworkInfo framework;
+ framework.set_principal(flags.principal);
framework.set_name(FRAMEWORK_NAME);
+ framework.set_checkpoint(flags.checkpoint);
framework.add_roles(flags.role);
framework.add_capabilities()->set_type(
FrameworkInfo::Capability::MULTI_ROLE);
@@ -461,26 +438,26 @@ int main(int argc, char** argv)
CHECK_SOME(user);
framework.set_user(user.get());
- value = os::getenv("MESOS_CHECKPOINT");
- if (value.isSome()) {
- framework.set_checkpoint(numify<bool>(value.get()).get());
- }
-
ExecutorInfo executor;
executor.mutable_executor_id()->set_value("default");
executor.mutable_command()->set_value(uri);
executor.set_name(EXECUTOR_NAME);
- value = os::getenv("DEFAULT_PRINCIPAL");
- if (value.isNone()) {
- EXIT(EXIT_FAILURE)
- << "Expecting authentication principal in the environment";
- }
+ Option<Credential> credential = None();
- framework.set_principal(value.get());
+ if (flags.authenticate) {
+ LOG(INFO) << "Enabling authentication for the framework";
+
+ Credential credential_;
+ credential_.set_principal(flags.principal);
+ if (flags.secret.isSome()) {
+ credential_.set_secret(flags.secret.get());
+ }
+ credential = credential_;
+ }
process::Owned<HTTPScheduler> scheduler(
- new HTTPScheduler(framework, executor, flags.master.get()));
+ new HTTPScheduler(framework, executor, flags.master, credential));
process::spawn(scheduler.get());
process::wait(scheduler.get());
http://git-wip-us.apache.org/repos/asf/mesos/blob/7e4e9ce9/src/tests/persistent_volume_framework_test.sh
----------------------------------------------------------------------
diff --git a/src/tests/persistent_volume_framework_test.sh b/src/tests/persistent_volume_framework_test.sh
index 2ab22c0..6488656 100755
--- a/src/tests/persistent_volume_framework_test.sh
+++ b/src/tests/persistent_volume_framework_test.sh
@@ -44,4 +44,4 @@ export MESOS_ISOLATION="filesystem/posix,posix/cpu,posix/mem"
export MESOS_LAUNCHER="posix"
# Check that the framework executes without crashing (returns 0).
-exec ${MESOS_HELPER_DIR}/persistent-volume-framework --master=local
+exec ${MESOS_HELPER_DIR}/persistent-volume-framework --master=local --role=test