You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@mesos.apache.org by bm...@apache.org on 2019/05/16 13:25:08 UTC
[mesos] branch 1.6.x updated (8f78816 -> 6ebc673)
This is an automated email from the ASF dual-hosted git repository.
bmahler pushed a change to branch 1.6.x
in repository https://gitbox.apache.org/repos/asf/mesos.git.
from 8f78816 Enabled more constructors for master `RegistryOperation`.
new 2e0b848 Added logging of slow reverse DNS when accepting SSL connections.
new 6ebc673 Added MESOS-9787 to the 1.6.3 CHANGELOG.
The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
3rdparty/libprocess/src/libevent_ssl_socket.cpp | 13 +++++++++++++
CHANGELOG | 1 +
2 files changed, 14 insertions(+)
[mesos] 01/02: Added logging of slow reverse DNS when accepting SSL
connections.
Posted by bm...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
bmahler pushed a commit to branch 1.6.x
in repository https://gitbox.apache.org/repos/asf/mesos.git
commit 2e0b848f3cd7a2ed03b3da0754d8a6609f8f5880
Author: Benjamin Mahler <bm...@apache.org>
AuthorDate: Thu May 16 11:42:26 2019 +0200
Added logging of slow reverse DNS when accepting SSL connections.
Slow reverse DNS lookup is a serious issue since today it is done
synchronously from the event loop thread, see MESOS-9339 and
related tickets. Logging slow requests will substantially improve
debugging.
Review: https://reviews.apache.org/r/70653
---
3rdparty/libprocess/src/libevent_ssl_socket.cpp | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/3rdparty/libprocess/src/libevent_ssl_socket.cpp b/3rdparty/libprocess/src/libevent_ssl_socket.cpp
index 436b389..520ec41 100644
--- a/3rdparty/libprocess/src/libevent_ssl_socket.cpp
+++ b/3rdparty/libprocess/src/libevent_ssl_socket.cpp
@@ -26,6 +26,7 @@
#include <process/ssl/flags.hpp>
#include <stout/net.hpp>
+#include <stout/stopwatch.hpp>
#include <stout/synchronized.hpp>
#include <stout/os/close.hpp>
@@ -1152,7 +1153,19 @@ void LibeventSSLSocketImpl::accept_SSL_callback(AcceptRequest* request)
Option<string> peer_hostname = None();
if (request->ip.isSome()) {
+ Stopwatch watch;
+
+ watch.start();
Try<string> hostname = net::getHostname(request->ip.get());
+ watch.stop();
+
+ // Due to MESOS-9339, a slow reverse DNS lookup will cause
+ // serious issues as it blocks the event loop thread.
+ if (watch.elapsed() > Milliseconds(100)) {
+ LOG(WARNING) << "Reverse DNS lookup for '" << *request->ip << "'"
+ << " took " << watch.elapsed().ms() << "ms"
+ << ", slowness is problematic (see MESOS-9339)";
+ }
if (hostname.isError()) {
VLOG(2) << "Could not determine hostname of peer: "
[mesos] 02/02: Added MESOS-9787 to the 1.6.3 CHANGELOG.
Posted by bm...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
bmahler pushed a commit to branch 1.6.x
in repository https://gitbox.apache.org/repos/asf/mesos.git
commit 6ebc673763753549fd0294ba8917ce66eecbedc9
Author: Benjamin Mahler <bm...@apache.org>
AuthorDate: Thu May 16 15:22:56 2019 +0200
Added MESOS-9787 to the 1.6.3 CHANGELOG.
---
CHANGELOG | 1 +
1 file changed, 1 insertion(+)
diff --git a/CHANGELOG b/CHANGELOG
index d0862d4..9b83c8c 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -13,6 +13,7 @@ Release Notes - Mesos - Version 1.6.3 (WIP)
* [MESOS-9695] - Remove the duplicate pid check in Docker containerizer
* [MESOS-9707] - Calling link::lo() may cause runtime error
* [MESOS-9766] - /__processes__ endpoint can hang.
+ * [MESOS-9787] - Low slow SSL (TLS) peer reverse DNS lookup.
** Improvement
* [MESOS-8880] - Add minimum capabilities in the master.