You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@mesos.apache.org by ka...@apache.org on 2017/05/22 21:28:05 UTC
[3/5] mesos git commit: Added --secret_resolver flag to agent.
Added --secret_resolver flag to agent.
Updated Containerizer to accept SecretResolver.
Review: https://reviews.apache.org/r/58999
Project: http://git-wip-us.apache.org/repos/asf/mesos/repo
Commit: http://git-wip-us.apache.org/repos/asf/mesos/commit/5a630d82
Tree: http://git-wip-us.apache.org/repos/asf/mesos/tree/5a630d82
Diff: http://git-wip-us.apache.org/repos/asf/mesos/diff/5a630d82
Branch: refs/heads/master
Commit: 5a630d82c1f59fc0156ffbe5356c3f1b3ac87489
Parents: d284a9e
Author: Kapil Arya <ka...@mesosphere.io>
Authored: Mon May 1 18:23:51 2017 -0400
Committer: Kapil Arya <ka...@mesosphere.io>
Committed: Mon May 22 15:36:36 2017 -0400
----------------------------------------------------------------------
src/local/local.cpp | 19 +++++++++++++++++--
src/slave/containerizer/containerizer.cpp | 9 ++++++---
src/slave/containerizer/containerizer.hpp | 5 ++++-
src/slave/containerizer/mesos/containerizer.cpp | 3 +++
src/slave/containerizer/mesos/containerizer.hpp | 7 +++++--
src/slave/flags.cpp | 7 +++++++
src/slave/flags.hpp | 1 +
src/slave/main.cpp | 17 +++++++++++++++--
8 files changed, 58 insertions(+), 10 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/mesos/blob/5a630d82/src/local/local.cpp
----------------------------------------------------------------------
diff --git a/src/local/local.cpp b/src/local/local.cpp
index e479809..3f4150b 100644
--- a/src/local/local.cpp
+++ b/src/local/local.cpp
@@ -29,6 +29,9 @@
#include <mesos/module/authorizer.hpp>
#include <mesos/module/contender.hpp>
#include <mesos/module/detector.hpp>
+#include <mesos/module/secret_resolver.hpp>
+
+#include <mesos/secret/resolver.hpp>
#include <mesos/slave/resource_estimator.hpp>
@@ -438,8 +441,20 @@ PID<Master> launch(const Flags& flags, Allocator* _allocator)
slaveFlags.launcher = "posix";
}
- Try<Containerizer*> containerizer =
- Containerizer::create(slaveFlags, true, fetchers->back());
+ // Initialize SecretResolver.
+ Try<SecretResolver*> secretResolver =
+ mesos::SecretResolver::create(slaveFlags.secret_resolver);
+
+ if (secretResolver.isError()) {
+ EXIT(EXIT_FAILURE)
+ << "Failed to initialize secret resolver: " << secretResolver.error();
+ }
+
+ Try<Containerizer*> containerizer = Containerizer::create(
+ slaveFlags,
+ true,
+ fetchers->back(),
+ secretResolver.get());
if (containerizer.isError()) {
EXIT(EXIT_FAILURE)
http://git-wip-us.apache.org/repos/asf/mesos/blob/5a630d82/src/slave/containerizer/containerizer.cpp
----------------------------------------------------------------------
diff --git a/src/slave/containerizer/containerizer.cpp b/src/slave/containerizer/containerizer.cpp
index 9024371..15ae0b3 100644
--- a/src/slave/containerizer/containerizer.cpp
+++ b/src/slave/containerizer/containerizer.cpp
@@ -18,6 +18,8 @@
#include <set>
#include <vector>
+#include <mesos/secret/resolver.hpp>
+
#include <process/dispatch.hpp>
#include <process/owned.hpp>
@@ -208,7 +210,8 @@ Try<Resources> Containerizer::resources(const Flags& flags)
Try<Containerizer*> Containerizer::create(
const Flags& flags,
bool local,
- Fetcher* fetcher)
+ Fetcher* fetcher,
+ SecretResolver* secretResolver)
{
// Get the set of containerizer types.
const vector<string> _types = strings::split(flags.containerizers, ",");
@@ -277,8 +280,8 @@ Try<Containerizer*> Containerizer::create(
foreach (const string& type, containerizerTypes) {
if (type == "mesos") {
- Try<MesosContainerizer*> containerizer =
- MesosContainerizer::create(flags, local, fetcher, nvidia);
+ Try<MesosContainerizer*> containerizer = MesosContainerizer::create(
+ flags, local, fetcher, secretResolver, nvidia);
if (containerizer.isError()) {
return Error("Could not create MesosContainerizer: " +
containerizer.error());
http://git-wip-us.apache.org/repos/asf/mesos/blob/5a630d82/src/slave/containerizer/containerizer.hpp
----------------------------------------------------------------------
diff --git a/src/slave/containerizer/containerizer.hpp b/src/slave/containerizer/containerizer.hpp
index 4c31a1f..f17e424 100644
--- a/src/slave/containerizer/containerizer.hpp
+++ b/src/slave/containerizer/containerizer.hpp
@@ -22,6 +22,8 @@
#include <mesos/mesos.hpp>
#include <mesos/resources.hpp>
+#include <mesos/secret/resolver.hpp>
+
#include <mesos/slave/containerizer.hpp>
#include <process/future.hpp>
@@ -60,7 +62,8 @@ public:
static Try<Containerizer*> create(
const Flags& flags,
bool local,
- Fetcher* fetcher);
+ Fetcher* fetcher,
+ SecretResolver* secretResolver = nullptr);
// Determine slave resources from flags, probing the system or
// querying a delegate.
http://git-wip-us.apache.org/repos/asf/mesos/blob/5a630d82/src/slave/containerizer/mesos/containerizer.cpp
----------------------------------------------------------------------
diff --git a/src/slave/containerizer/mesos/containerizer.cpp b/src/slave/containerizer/mesos/containerizer.cpp
index 50a63b5..2c9cf38 100644
--- a/src/slave/containerizer/mesos/containerizer.cpp
+++ b/src/slave/containerizer/mesos/containerizer.cpp
@@ -18,6 +18,8 @@
#include <mesos/module/isolator.hpp>
+#include <mesos/secret/resolver.hpp>
+
#include <mesos/slave/isolator.hpp>
#include <process/collect.hpp>
@@ -145,6 +147,7 @@ Try<MesosContainerizer*> MesosContainerizer::create(
const Flags& flags,
bool local,
Fetcher* fetcher,
+ SecretResolver* secretResolver,
const Option<NvidiaComponents>& nvidia)
{
// Modify `flags` based on the deprecated `isolation` flag (and then
http://git-wip-us.apache.org/repos/asf/mesos/blob/5a630d82/src/slave/containerizer/mesos/containerizer.hpp
----------------------------------------------------------------------
diff --git a/src/slave/containerizer/mesos/containerizer.hpp b/src/slave/containerizer/mesos/containerizer.hpp
index 04ab997..d767031 100644
--- a/src/slave/containerizer/mesos/containerizer.hpp
+++ b/src/slave/containerizer/mesos/containerizer.hpp
@@ -20,6 +20,10 @@
#include <list>
#include <vector>
+#include <mesos/secret/resolver.hpp>
+
+#include <mesos/slave/isolator.hpp>
+
#include <process/id.hpp>
#include <process/http.hpp>
#include <process/sequence.hpp>
@@ -31,8 +35,6 @@
#include <stout/multihashmap.hpp>
#include <stout/os/int_fd.hpp>
-#include <mesos/slave/isolator.hpp>
-
#include "slave/state.hpp"
#include "slave/containerizer/containerizer.hpp"
@@ -60,6 +62,7 @@ public:
const Flags& flags,
bool local,
Fetcher* fetcher,
+ SecretResolver* secretResolver = nullptr,
const Option<NvidiaComponents>& nvidia = None());
static Try<MesosContainerizer*> create(
http://git-wip-us.apache.org/repos/asf/mesos/blob/5a630d82/src/slave/flags.cpp
----------------------------------------------------------------------
diff --git a/src/slave/flags.cpp b/src/slave/flags.cpp
index e172aa5..c1e9568 100644
--- a/src/slave/flags.cpp
+++ b/src/slave/flags.cpp
@@ -958,6 +958,13 @@ mesos::internal::slave::Flags::Flags()
"A comma-separated list of hook modules to be\n"
"installed inside the agent.");
+ add(&Flags::secret_resolver,
+ "secret_resolver",
+ "The name of the secret resolver module to use for resolving\n"
+ "environment and file-based secrets. If this flag is not specified,\n"
+ "the default behavior is to resolve value-based secrets and error on\n"
+ "reference-based secrets.");
+
add(&Flags::resource_estimator,
"resource_estimator",
"The name of the resource estimator to use for oversubscription.");
http://git-wip-us.apache.org/repos/asf/mesos/blob/5a630d82/src/slave/flags.hpp
----------------------------------------------------------------------
diff --git a/src/slave/flags.hpp b/src/slave/flags.hpp
index 28f6482..b5dd841 100644
--- a/src/slave/flags.hpp
+++ b/src/slave/flags.hpp
@@ -154,6 +154,7 @@ public:
#endif // USE_SSL_SOCKET
Option<Path> http_credentials;
Option<std::string> hooks;
+ Option<std::string> secret_resolver;
Option<std::string> resource_estimator;
Option<std::string> qos_controller;
Duration qos_correction_interval_min;
http://git-wip-us.apache.org/repos/asf/mesos/blob/5a630d82/src/slave/main.cpp
----------------------------------------------------------------------
diff --git a/src/slave/main.cpp b/src/slave/main.cpp
index cc83327..47b5576 100644
--- a/src/slave/main.cpp
+++ b/src/slave/main.cpp
@@ -27,6 +27,9 @@
#include <mesos/mesos.hpp>
#include <mesos/module/anonymous.hpp>
+#include <mesos/module/secret_resolver.hpp>
+
+#include <mesos/secret/resolver.hpp>
#include <mesos/slave/resource_estimator.hpp>
@@ -84,6 +87,7 @@ using mesos::slave::QoSController;
using mesos::slave::ResourceEstimator;
using mesos::Authorizer;
+using mesos::SecretResolver;
using mesos::SlaveInfo;
using process::Owned;
@@ -233,7 +237,7 @@ int main(int argc, char** argv)
// contender/detector might depend upon anonymous modules.
// * Hooks.
// * Systemd support (if it exists).
- // * Fetcher and Containerizer.
+ // * Fetcher, SecretResolver, and Containerizer.
// * Master detector.
// * Authorizer.
// * Garbage collector.
@@ -446,8 +450,17 @@ int main(int argc, char** argv)
Fetcher* fetcher = new Fetcher();
+ // Initialize SecretResolver.
+ Try<SecretResolver*> secretResolver =
+ mesos::SecretResolver::create(flags.secret_resolver);
+
+ if (secretResolver.isError()) {
+ EXIT(EXIT_FAILURE)
+ << "Failed to initialize secret resolver: " << secretResolver.error();
+ }
+
Try<Containerizer*> containerizer =
- Containerizer::create(flags, false, fetcher);
+ Containerizer::create(flags, false, fetcher, secretResolver.get());
if (containerizer.isError()) {
EXIT(EXIT_FAILURE)