You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@mesos.apache.org by gi...@apache.org on 2017/05/24 17:05:45 UTC
[07/10] mesos git commit: Implemented passing the secret resolver to
registry puller.
Implemented passing the secret resolver to registry puller.
Review: https://reviews.apache.org/r/59012
Project: http://git-wip-us.apache.org/repos/asf/mesos/repo
Commit: http://git-wip-us.apache.org/repos/asf/mesos/commit/6b835417
Tree: http://git-wip-us.apache.org/repos/asf/mesos/tree/6b835417
Diff: http://git-wip-us.apache.org/repos/asf/mesos/diff/6b835417
Branch: refs/heads/master
Commit: 6b83541735deda4356bd4cb2773b2557495d8813
Parents: 32dc11a
Author: Gilbert Song <so...@gmail.com>
Authored: Mon May 1 16:37:55 2017 -0700
Committer: Gilbert Song <so...@gmail.com>
Committed: Thu May 25 01:04:30 2017 +0800
----------------------------------------------------------------------
src/slave/containerizer/mesos/containerizer.cpp | 4 +++-
.../mesos/provisioner/appc/store.cpp | 10 +++++++---
.../mesos/provisioner/appc/store.hpp | 6 +++++-
.../mesos/provisioner/docker/puller.cpp | 9 +++++++--
.../mesos/provisioner/docker/puller.hpp | 5 ++++-
.../mesos/provisioner/docker/registry_puller.cpp | 18 +++++++++++++-----
.../mesos/provisioner/docker/registry_puller.hpp | 5 ++++-
.../mesos/provisioner/docker/store.cpp | 14 ++++++++++----
.../mesos/provisioner/docker/store.hpp | 6 +++++-
.../mesos/provisioner/provisioner.cpp | 10 ++++++++--
.../mesos/provisioner/provisioner.hpp | 6 +++++-
.../containerizer/mesos/provisioner/store.cpp | 12 +++++++++---
.../containerizer/mesos/provisioner/store.hpp | 5 ++++-
13 files changed, 84 insertions(+), 26 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/mesos/blob/6b835417/src/slave/containerizer/mesos/containerizer.cpp
----------------------------------------------------------------------
diff --git a/src/slave/containerizer/mesos/containerizer.cpp b/src/slave/containerizer/mesos/containerizer.cpp
index 403faa3..199202a 100644
--- a/src/slave/containerizer/mesos/containerizer.cpp
+++ b/src/slave/containerizer/mesos/containerizer.cpp
@@ -258,7 +258,9 @@ Try<MesosContainerizer*> MesosContainerizer::create(
return Error("Failed to create launcher: " + launcher.error());
}
- Try<Owned<Provisioner>> _provisioner = Provisioner::create(flags_);
+ Try<Owned<Provisioner>> _provisioner =
+ Provisioner::create(flags_, secretResolver);
+
if (_provisioner.isError()) {
return Error("Failed to create provisioner: " + _provisioner.error());
}
http://git-wip-us.apache.org/repos/asf/mesos/blob/6b835417/src/slave/containerizer/mesos/provisioner/appc/store.cpp
----------------------------------------------------------------------
diff --git a/src/slave/containerizer/mesos/provisioner/appc/store.cpp b/src/slave/containerizer/mesos/provisioner/appc/store.cpp
index dc547dd..9e65990 100644
--- a/src/slave/containerizer/mesos/provisioner/appc/store.cpp
+++ b/src/slave/containerizer/mesos/provisioner/appc/store.cpp
@@ -18,6 +18,10 @@
#include <glog/logging.h>
+#include <mesos/appc/spec.hpp>
+
+#include <mesos/secret/resolver.hpp>
+
#include <process/collect.hpp>
#include <process/defer.hpp>
#include <process/dispatch.hpp>
@@ -28,8 +32,6 @@
#include <stout/os.hpp>
#include <stout/path.hpp>
-#include <mesos/appc/spec.hpp>
-
#include "slave/containerizer/mesos/provisioner/appc/cache.hpp"
#include "slave/containerizer/mesos/provisioner/appc/fetcher.hpp"
#include "slave/containerizer/mesos/provisioner/appc/paths.hpp"
@@ -96,7 +98,9 @@ private:
};
-Try<Owned<slave::Store>> Store::create(const Flags& flags)
+Try<Owned<slave::Store>> Store::create(
+ const Flags& flags,
+ SecretResolver* secretResolver)
{
Try<Nothing> mkdir = os::mkdir(paths::getImagesDir(flags.appc_store_dir));
if (mkdir.isError()) {
http://git-wip-us.apache.org/repos/asf/mesos/blob/6b835417/src/slave/containerizer/mesos/provisioner/appc/store.hpp
----------------------------------------------------------------------
diff --git a/src/slave/containerizer/mesos/provisioner/appc/store.hpp b/src/slave/containerizer/mesos/provisioner/appc/store.hpp
index 15c79e9..37ef779 100644
--- a/src/slave/containerizer/mesos/provisioner/appc/store.hpp
+++ b/src/slave/containerizer/mesos/provisioner/appc/store.hpp
@@ -17,6 +17,8 @@
#ifndef __PROVISIONER_APPC_STORE_HPP__
#define __PROVISIONER_APPC_STORE_HPP__
+#include <mesos/secret/resolver.hpp>
+
#include "slave/containerizer/mesos/provisioner/store.hpp"
namespace mesos {
@@ -31,7 +33,9 @@ class StoreProcess;
class Store : public slave::Store
{
public:
- static Try<process::Owned<slave::Store>> create(const Flags& flags);
+ static Try<process::Owned<slave::Store>> create(
+ const Flags& flags,
+ SecretResolver* secretResolver = nullptr);
~Store();
http://git-wip-us.apache.org/repos/asf/mesos/blob/6b835417/src/slave/containerizer/mesos/provisioner/docker/puller.cpp
----------------------------------------------------------------------
diff --git a/src/slave/containerizer/mesos/provisioner/docker/puller.cpp b/src/slave/containerizer/mesos/provisioner/docker/puller.cpp
index ac9dae8..d7d8987 100644
--- a/src/slave/containerizer/mesos/provisioner/docker/puller.cpp
+++ b/src/slave/containerizer/mesos/provisioner/docker/puller.cpp
@@ -14,6 +14,8 @@
// See the License for the specific language governing permissions and
// limitations under the License.
+#include <mesos/secret/resolver.hpp>
+
#include <stout/strings.hpp>
#include <stout/try.hpp>
@@ -31,7 +33,8 @@ namespace docker {
Try<Owned<Puller>> Puller::create(
const Flags& flags,
- const Shared<uri::Fetcher>& fetcher)
+ const Shared<uri::Fetcher>& fetcher,
+ SecretResolver* secretResolver)
{
// TODO(tnachen): Support multiple registries in the puller.
if (strings::startsWith(flags.docker_registry, "/")) {
@@ -43,7 +46,9 @@ Try<Owned<Puller>> Puller::create(
return puller.get();
}
- Try<Owned<Puller>> puller = RegistryPuller::create(flags, fetcher);
+ Try<Owned<Puller>> puller =
+ RegistryPuller::create(flags, fetcher, secretResolver);
+
if (puller.isError()) {
return Error("Failed to create registry puller: " + puller.error());
}
http://git-wip-us.apache.org/repos/asf/mesos/blob/6b835417/src/slave/containerizer/mesos/provisioner/docker/puller.hpp
----------------------------------------------------------------------
diff --git a/src/slave/containerizer/mesos/provisioner/docker/puller.hpp b/src/slave/containerizer/mesos/provisioner/docker/puller.hpp
index 6dacdb1..5ff1846 100644
--- a/src/slave/containerizer/mesos/provisioner/docker/puller.hpp
+++ b/src/slave/containerizer/mesos/provisioner/docker/puller.hpp
@@ -30,6 +30,8 @@
#include <mesos/uri/fetcher.hpp>
+#include <mesos/secret/resolver.hpp>
+
#include "slave/flags.hpp"
namespace mesos {
@@ -42,7 +44,8 @@ class Puller
public:
static Try<process::Owned<Puller>> create(
const Flags& flags,
- const process::Shared<uri::Fetcher>& fetcher);
+ const process::Shared<uri::Fetcher>& fetcher,
+ SecretResolver* secretResolver = nullptr);
virtual ~Puller() {}
http://git-wip-us.apache.org/repos/asf/mesos/blob/6b835417/src/slave/containerizer/mesos/provisioner/docker/registry_puller.cpp
----------------------------------------------------------------------
diff --git a/src/slave/containerizer/mesos/provisioner/docker/registry_puller.cpp b/src/slave/containerizer/mesos/provisioner/docker/registry_puller.cpp
index 6db788d..f8c31ae 100644
--- a/src/slave/containerizer/mesos/provisioner/docker/registry_puller.cpp
+++ b/src/slave/containerizer/mesos/provisioner/docker/registry_puller.cpp
@@ -16,6 +16,8 @@
#include <glog/logging.h>
+#include <mesos/secret/resolver.hpp>
+
#include <process/collect.hpp>
#include <process/defer.hpp>
#include <process/dispatch.hpp>
@@ -62,7 +64,8 @@ public:
RegistryPullerProcess(
const string& _storeDir,
const http::URL& _defaultRegistryUrl,
- const Shared<uri::Fetcher>& _fetcher);
+ const Shared<uri::Fetcher>& _fetcher,
+ SecretResolver* _secretResolver);
Future<vector<string>> pull(
const spec::ImageReference& reference,
@@ -98,12 +101,14 @@ private:
const http::URL defaultRegistryUrl;
Shared<uri::Fetcher> fetcher;
+ SecretResolver* secretResolver;
};
Try<Owned<Puller>> RegistryPuller::create(
const Flags& flags,
- const Shared<uri::Fetcher>& fetcher)
+ const Shared<uri::Fetcher>& fetcher,
+ SecretResolver* secretResolver)
{
Try<http::URL> defaultRegistryUrl = http::URL::parse(flags.docker_registry);
if (defaultRegistryUrl.isError()) {
@@ -119,7 +124,8 @@ Try<Owned<Puller>> RegistryPuller::create(
new RegistryPullerProcess(
flags.docker_store_dir,
defaultRegistryUrl.get(),
- fetcher));
+ fetcher,
+ secretResolver));
return Owned<Puller>(new RegistryPuller(process));
}
@@ -156,11 +162,13 @@ Future<vector<string>> RegistryPuller::pull(
RegistryPullerProcess::RegistryPullerProcess(
const string& _storeDir,
const http::URL& _defaultRegistryUrl,
- const Shared<uri::Fetcher>& _fetcher)
+ const Shared<uri::Fetcher>& _fetcher,
+ SecretResolver* _secretResolver)
: ProcessBase(process::ID::generate("docker-provisioner-registry-puller")),
storeDir(_storeDir),
defaultRegistryUrl(_defaultRegistryUrl),
- fetcher(_fetcher) {}
+ fetcher(_fetcher),
+ secretResolver(_secretResolver) {}
static spec::ImageReference normalize(
http://git-wip-us.apache.org/repos/asf/mesos/blob/6b835417/src/slave/containerizer/mesos/provisioner/docker/registry_puller.hpp
----------------------------------------------------------------------
diff --git a/src/slave/containerizer/mesos/provisioner/docker/registry_puller.hpp b/src/slave/containerizer/mesos/provisioner/docker/registry_puller.hpp
index 62ddb7a..0805f3c 100644
--- a/src/slave/containerizer/mesos/provisioner/docker/registry_puller.hpp
+++ b/src/slave/containerizer/mesos/provisioner/docker/registry_puller.hpp
@@ -24,6 +24,8 @@
#include <mesos/uri/fetcher.hpp>
+#include <mesos/secret/resolver.hpp>
+
#include "slave/containerizer/mesos/provisioner/docker/puller.hpp"
#include "slave/flags.hpp"
@@ -44,7 +46,8 @@ class RegistryPuller : public Puller
public:
static Try<process::Owned<Puller>> create(
const Flags& flags,
- const process::Shared<uri::Fetcher>& fetcher);
+ const process::Shared<uri::Fetcher>& fetcher,
+ SecretResolver* secretResolver);
~RegistryPuller();
http://git-wip-us.apache.org/repos/asf/mesos/blob/6b835417/src/slave/containerizer/mesos/provisioner/docker/store.cpp
----------------------------------------------------------------------
diff --git a/src/slave/containerizer/mesos/provisioner/docker/store.cpp b/src/slave/containerizer/mesos/provisioner/docker/store.cpp
index 7529afd..b7883b8 100644
--- a/src/slave/containerizer/mesos/provisioner/docker/store.cpp
+++ b/src/slave/containerizer/mesos/provisioner/docker/store.cpp
@@ -19,6 +19,10 @@
#include <glog/logging.h>
+#include <mesos/docker/spec.hpp>
+
+#include <mesos/secret/resolver.hpp>
+
#include <stout/hashmap.hpp>
#include <stout/json.hpp>
#include <stout/os.hpp>
@@ -28,8 +32,6 @@
#include <process/dispatch.hpp>
#include <process/id.hpp>
-#include <mesos/docker/spec.hpp>
-
#include "slave/containerizer/mesos/provisioner/constants.hpp"
#include "slave/containerizer/mesos/provisioner/utils.hpp"
@@ -111,7 +113,9 @@ private:
};
-Try<Owned<slave::Store>> Store::create(const Flags& flags)
+Try<Owned<slave::Store>> Store::create(
+ const Flags& flags,
+ SecretResolver* secretResolver)
{
// TODO(jieyu): We should inject URI fetcher from top level, instead
// of creating it here.
@@ -127,7 +131,9 @@ Try<Owned<slave::Store>> Store::create(const Flags& flags)
return Error("Failed to create the URI fetcher: " + fetcher.error());
}
- Try<Owned<Puller>> puller = Puller::create(flags, fetcher->share());
+ Try<Owned<Puller>> puller =
+ Puller::create(flags, fetcher->share(), secretResolver);
+
if (puller.isError()) {
return Error("Failed to create Docker puller: " + puller.error());
}
http://git-wip-us.apache.org/repos/asf/mesos/blob/6b835417/src/slave/containerizer/mesos/provisioner/docker/store.hpp
----------------------------------------------------------------------
diff --git a/src/slave/containerizer/mesos/provisioner/docker/store.hpp b/src/slave/containerizer/mesos/provisioner/docker/store.hpp
index e1abff1..1cf6866 100644
--- a/src/slave/containerizer/mesos/provisioner/docker/store.hpp
+++ b/src/slave/containerizer/mesos/provisioner/docker/store.hpp
@@ -17,6 +17,8 @@
#ifndef __PROVISIONER_DOCKER_STORE_HPP__
#define __PROVISIONER_DOCKER_STORE_HPP__
+#include <mesos/secret/resolver.hpp>
+
#include <process/owned.hpp>
#include <stout/try.hpp>
@@ -39,7 +41,9 @@ class StoreProcess;
class Store : public slave::Store
{
public:
- static Try<process::Owned<slave::Store>> create(const Flags& flags);
+ static Try<process::Owned<slave::Store>> create(
+ const Flags& flags,
+ SecretResolver* secretResolver = nullptr);
// This allows the puller to be mocked for testing.
static Try<process::Owned<slave::Store>> create(
http://git-wip-us.apache.org/repos/asf/mesos/blob/6b835417/src/slave/containerizer/mesos/provisioner/provisioner.cpp
----------------------------------------------------------------------
diff --git a/src/slave/containerizer/mesos/provisioner/provisioner.cpp b/src/slave/containerizer/mesos/provisioner/provisioner.cpp
index 6509ee4..3d4da90 100644
--- a/src/slave/containerizer/mesos/provisioner/provisioner.cpp
+++ b/src/slave/containerizer/mesos/provisioner/provisioner.cpp
@@ -22,6 +22,8 @@
#include <mesos/docker/spec.hpp>
+#include <mesos/secret/resolver.hpp>
+
#include <process/collect.hpp>
#include <process/defer.hpp>
#include <process/dispatch.hpp>
@@ -146,7 +148,9 @@ static Try<Nothing> validateBackend(
}
-Try<Owned<Provisioner>> Provisioner::create(const Flags& flags)
+Try<Owned<Provisioner>> Provisioner::create(
+ const Flags& flags,
+ SecretResolver* secretResolver)
{
const string _rootDir = slave::paths::getProvisionerDir(flags.work_dir);
@@ -166,7 +170,9 @@ Try<Owned<Provisioner>> Provisioner::create(const Flags& flags)
CHECK_SOME(rootDir); // Can't be None since we just created it.
- Try<hashmap<Image::Type, Owned<Store>>> stores = Store::create(flags);
+ Try<hashmap<Image::Type, Owned<Store>>> stores =
+ Store::create(flags, secretResolver);
+
if (stores.isError()) {
return Error("Failed to create image stores: " + stores.error());
}
http://git-wip-us.apache.org/repos/asf/mesos/blob/6b835417/src/slave/containerizer/mesos/provisioner/provisioner.hpp
----------------------------------------------------------------------
diff --git a/src/slave/containerizer/mesos/provisioner/provisioner.hpp b/src/slave/containerizer/mesos/provisioner/provisioner.hpp
index 7d6c1b9..7cba54c 100644
--- a/src/slave/containerizer/mesos/provisioner/provisioner.hpp
+++ b/src/slave/containerizer/mesos/provisioner/provisioner.hpp
@@ -25,6 +25,8 @@
#include <mesos/docker/v1.hpp>
+#include <mesos/secret/resolver.hpp>
+
#include <mesos/slave/isolator.hpp> // For ContainerState.
#include <stout/nothing.hpp>
@@ -70,7 +72,9 @@ class Provisioner
{
public:
// Create the provisioner based on the specified flags.
- static Try<process::Owned<Provisioner>> create(const Flags& flags);
+ static Try<process::Owned<Provisioner>> create(
+ const Flags& flags,
+ SecretResolver* secretResolver = nullptr);
// Available only for testing.
explicit Provisioner(process::Owned<ProvisionerProcess> process);
http://git-wip-us.apache.org/repos/asf/mesos/blob/6b835417/src/slave/containerizer/mesos/provisioner/store.cpp
----------------------------------------------------------------------
diff --git a/src/slave/containerizer/mesos/provisioner/store.cpp b/src/slave/containerizer/mesos/provisioner/store.cpp
index 260a746..cc5cc81 100644
--- a/src/slave/containerizer/mesos/provisioner/store.cpp
+++ b/src/slave/containerizer/mesos/provisioner/store.cpp
@@ -18,6 +18,8 @@
#include <mesos/type_utils.hpp>
+#include <mesos/secret/resolver.hpp>
+
#include <stout/error.hpp>
#include <stout/foreach.hpp>
#include <stout/strings.hpp>
@@ -36,13 +38,17 @@ namespace mesos {
namespace internal {
namespace slave {
-Try<hashmap<Image::Type, Owned<Store>>> Store::create(const Flags& flags)
+Try<hashmap<Image::Type, Owned<Store>>> Store::create(
+ const Flags& flags,
+ SecretResolver* secretResolver)
{
if (flags.image_providers.isNone()) {
return hashmap<Image::Type, Owned<Store>>();
}
- hashmap<Image::Type, Try<Owned<Store>>(*)(const Flags&)> creators;
+ hashmap<Image::Type, Try<Owned<Store>>(*)(
+ const Flags&, SecretResolver*)> creators;
+
creators.put(Image::APPC, &appc::Store::create);
creators.put(Image::DOCKER, &docker::Store::create);
@@ -59,7 +65,7 @@ Try<hashmap<Image::Type, Owned<Store>>> Store::create(const Flags& flags)
return Error("Unsupported image type '" + type + "'");
}
- Try<Owned<Store>> store = creators[imageType](flags);
+ Try<Owned<Store>> store = creators[imageType](flags, secretResolver);
if (store.isError()) {
return Error(
"Failed to create store for image type '" +
http://git-wip-us.apache.org/repos/asf/mesos/blob/6b835417/src/slave/containerizer/mesos/provisioner/store.hpp
----------------------------------------------------------------------
diff --git a/src/slave/containerizer/mesos/provisioner/store.hpp b/src/slave/containerizer/mesos/provisioner/store.hpp
index 82a9be6..01ab83d 100644
--- a/src/slave/containerizer/mesos/provisioner/store.hpp
+++ b/src/slave/containerizer/mesos/provisioner/store.hpp
@@ -26,6 +26,8 @@
#include <mesos/docker/v1.hpp>
+#include <mesos/secret/resolver.hpp>
+
#include <process/future.hpp>
#include <process/owned.hpp>
@@ -58,7 +60,8 @@ class Store
{
public:
static Try<hashmap<Image::Type, process::Owned<Store>>> create(
- const Flags& flags);
+ const Flags& flags,
+ SecretResolver* secretResolver = nullptr);
virtual ~Store() {}