You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@mesos.apache.org by gr...@apache.org on 2018/08/03 21:17:41 UTC

[mesos] branch master updated (fc41758 -> 6177503)

This is an automated email from the ASF dual-hosted git repository.

grag pushed a change to branch master
in repository https://gitbox.apache.org/repos/asf/mesos.git.


    from fc41758  Update nested-container-and-task-group.md
     new e74a017  Added missing iptables argument in CNI port mapper.
     new 6177503  Avoided hostname lookups in the CNI port mapper.

The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


Summary of changes:
 .../mesos/isolators/network/cni/plugins/port_mapper/port_mapper.cpp   | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

[mesos] 02/02: Avoided hostname lookups in the CNI port mapper.

Posted by gr...@apache.org.

This is an automated email from the ASF dual-hosted git repository.

grag pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/mesos.git

commit 6177503f52e765885a78721b086de504346578ca
Author: Greg Mann <gr...@mesosphere.io>
AuthorDate: Fri Aug 3 13:42:30 2018 -0700

    Avoided hostname lookups in the CNI port mapper.
    
    Using the `-n` option with `iptables --list` prevents potentially
    costly reverse hostname lookups. This patch adds this option to the
    relevant invocation of `iptables` in the CNI port mapper.
    
    Review: https://reviews.apache.org/r/68167/
---
 .../mesos/isolators/network/cni/plugins/port_mapper/port_mapper.cpp     | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/slave/containerizer/mesos/isolators/network/cni/plugins/port_mapper/port_mapper.cpp b/src/slave/containerizer/mesos/isolators/network/cni/plugins/port_mapper/port_mapper.cpp
index b6a619f..f1a3d26 100644
--- a/src/slave/containerizer/mesos/isolators/network/cni/plugins/port_mapper/port_mapper.cpp
+++ b/src/slave/containerizer/mesos/isolators/network/cni/plugins/port_mapper/port_mapper.cpp
@@ -310,7 +310,7 @@ Try<Nothing> PortMapper::addPortMapping(
       # Check if the `chain` exists in the iptable. If it does not
       # exist go ahead and install the chain in the iptables NAT
       # table.
-      iptables -w -t nat --list %s
+      iptables -w -n -t nat --list %s
       if [ $? -ne 0 ]; then
         # NOTE: When we create the chain, there is a possibility of a
         # race due to which a container launch can fail. This can

[mesos] 01/02: Added missing iptables argument in CNI port mapper.

Posted by gr...@apache.org.

This is an automated email from the ASF dual-hosted git repository.

grag pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/mesos.git

commit e74a01718413657bf09afd9a3df39b85bb46ad92
Author: Greg Mann <gr...@mesosphere.io>
AuthorDate: Fri Aug 3 13:41:33 2018 -0700

    Added missing iptables argument in CNI port mapper.
    
    Previously, the CNI port mapper was using the `-w` option in all
    invocations of `iptables` except one. This option ensures that if
    an application is currently holding the xtables lock, then `iptables`
    will wait for the lock to be released and then continue execution.
    Without setting the `-w` option, `iptables` will fail immediately if
    the lock is currently held.
    
    This patch adds the missing `-w` option to the port mapper code.
    
    Review: https://reviews.apache.org/r/68152/
---
 .../mesos/isolators/network/cni/plugins/port_mapper/port_mapper.cpp     | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/slave/containerizer/mesos/isolators/network/cni/plugins/port_mapper/port_mapper.cpp b/src/slave/containerizer/mesos/isolators/network/cni/plugins/port_mapper/port_mapper.cpp
index c40b57f..b6a619f 100644
--- a/src/slave/containerizer/mesos/isolators/network/cni/plugins/port_mapper/port_mapper.cpp
+++ b/src/slave/containerizer/mesos/isolators/network/cni/plugins/port_mapper/port_mapper.cpp
@@ -342,7 +342,7 @@ Try<Nothing> PortMapper::addPortMapping(
 
       # Within the `chain` go ahead and install the DNAT rule, if it
       # does not exist.
-      (iptables -w -t nat -C %s || iptables -t nat -A %s))~",
+      (iptables -w -t nat -C %s || iptables -w -t nat -A %s))~",
       chain,
       chain,
       chain,