You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@mesos.apache.org by vi...@apache.org on 2014/06/11 01:33:50 UTC
[5/7] git commit: Injected Authorizer into Master.
Injected Authorizer into Master.
Review: https://reviews.apache.org/r/22150
Project: http://git-wip-us.apache.org/repos/asf/mesos/repo
Commit: http://git-wip-us.apache.org/repos/asf/mesos/commit/b5085168
Tree: http://git-wip-us.apache.org/repos/asf/mesos/tree/b5085168
Diff: http://git-wip-us.apache.org/repos/asf/mesos/diff/b5085168
Branch: refs/heads/vinod/authorize_tasks
Commit: b5085168f2ada382df2eaf600a5349e21e2b38d3
Parents: 6267a0f
Author: Vinod Kone <vi...@twitter.com>
Authored: Sat May 31 19:04:02 2014 -0700
Committer: Vinod Kone <vi...@twitter.com>
Committed: Tue Jun 10 16:33:36 2014 -0700
----------------------------------------------------------------------
src/local/local.cpp | 29 +++++++++++++++++++++++++++--
src/master/main.cpp | 21 +++++++++++++++++++++
src/master/master.cpp | 14 ++++++--------
src/master/master.hpp | 5 +++--
src/tests/cluster.hpp | 22 +++++++++++++++++++++-
5 files changed, 78 insertions(+), 13 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/mesos/blob/b5085168/src/local/local.cpp
----------------------------------------------------------------------
diff --git a/src/local/local.cpp b/src/local/local.cpp
index 5d26aff..e05a225 100644
--- a/src/local/local.cpp
+++ b/src/local/local.cpp
@@ -21,13 +21,17 @@
#include <sstream>
#include <vector>
+#include <process/owned.hpp>
#include <process/pid.hpp>
#include <stout/exit.hpp>
#include <stout/foreach.hpp>
#include <stout/path.hpp>
+#include <stout/try.hpp>
#include <stout/strings.hpp>
+#include "authorizer/authorizer.hpp"
+
#include "common/protobuf_utils.hpp"
#include "local.hpp"
@@ -67,6 +71,7 @@ using mesos::internal::master::Repairer;
using mesos::internal::slave::Containerizer;
using mesos::internal::slave::Slave;
+using process::Owned;
using process::PID;
using process::UPID;
@@ -92,6 +97,7 @@ static Master* master = NULL;
static map<Containerizer*, Slave*> slaves;
static StandaloneMasterDetector* detector = NULL;
static MasterContender* contender = NULL;
+static Option<Authorizer*> authorizer = None();
static Files* files = NULL;
@@ -153,15 +159,29 @@ PID<Master> launch(const Flags& flags, Allocator* _allocator)
contender = new StandaloneMasterContender();
detector = new StandaloneMasterDetector();
- master =
- new Master(
+
+ if (flags.acls.isSome()) {
+ Try<Owned<Authorizer> > authorizer_ =
+ Authorizer::create(flags.acls.get());
+
+ if (authorizer_.isError()) {
+ EXIT(1) << "Failed to initialize the authorizer: "
+ << authorizer_.error() << " (see --acls flag)";
+ }
+ Owned<Authorizer> authorizer__ = authorizer_.get();
+ authorizer = authorizer__.release();
+ }
+
+ master = new Master(
_allocator,
registrar,
repairer,
files,
contender,
detector,
+ authorizer,
flags);
+
detector->appoint(master->info());
}
@@ -222,6 +242,11 @@ void shutdown()
slaves.clear();
+ if (authorizer.isSome()) {
+ delete authorizer.get();
+ authorizer = None();
+ }
+
delete detector;
detector = NULL;
http://git-wip-us.apache.org/repos/asf/mesos/blob/b5085168/src/master/main.cpp
----------------------------------------------------------------------
diff --git a/src/master/main.cpp b/src/master/main.cpp
index 8ceaae6..68cd56b 100644
--- a/src/master/main.cpp
+++ b/src/master/main.cpp
@@ -22,18 +22,22 @@
#include <mesos/mesos.hpp>
+#include <process/owned.hpp>
#include <process/pid.hpp>
#include <stout/check.hpp>
#include <stout/exit.hpp>
#include <stout/flags.hpp>
#include <stout/nothing.hpp>
+#include <stout/option.hpp>
#include <stout/os.hpp>
#include <stout/path.hpp>
#include <stout/stringify.hpp>
#include <stout/strings.hpp>
#include <stout/try.hpp>
+#include "authorizer/authorizer.hpp"
+
#include "common/build.hpp"
#include "common/protobuf_utils.hpp"
@@ -64,6 +68,7 @@ using namespace zookeeper;
using mesos::MasterInfo;
+using process::Owned;
using process::UPID;
using std::cerr;
@@ -243,6 +248,17 @@ int main(int argc, char** argv)
}
detector = detector_.get();
+ Option<Authorizer*> authorizer = None();
+ if (flags.acls.isSome()) {
+ Try<Owned<Authorizer> > authorizer_ = Authorizer::create(flags.acls.get());
+ if (authorizer_.isError()) {
+ EXIT(1) << "Failed to initialize the authorizer: "
+ << authorizer_.error() << " (see --acls flag)";
+ }
+ Owned<Authorizer> authorizer__ = authorizer_.get();
+ authorizer = authorizer__.release();
+ }
+
LOG(INFO) << "Starting Mesos master";
Master* master =
@@ -253,6 +269,7 @@ int main(int argc, char** argv)
&files,
contender,
detector,
+ authorizer,
flags);
if (zk.isNone()) {
@@ -277,5 +294,9 @@ int main(int argc, char** argv)
delete contender;
delete detector;
+ if (authorizer.isSome()) {
+ delete authorizer.get();
+ }
+
return 0;
}
http://git-wip-us.apache.org/repos/asf/mesos/blob/b5085168/src/master/master.cpp
----------------------------------------------------------------------
diff --git a/src/master/master.cpp b/src/master/master.cpp
index c18ccc4..7884aa4 100644
--- a/src/master/master.cpp
+++ b/src/master/master.cpp
@@ -28,6 +28,7 @@
#include <process/defer.hpp>
#include <process/delay.hpp>
#include <process/id.hpp>
+#include <process/owned.hpp>
#include <process/run.hpp>
#include <process/metrics/metrics.hpp>
@@ -38,6 +39,7 @@
#include <stout/multihashmap.hpp>
#include <stout/nothing.hpp>
#include <stout/numify.hpp>
+#include <stout/option.hpp>
#include <stout/os.hpp>
#include <stout/path.hpp>
#include <stout/stringify.hpp>
@@ -216,6 +218,7 @@ Master::Master(
Files* _files,
MasterContender* _contender,
MasterDetector* _detector,
+ const Option<Authorizer*>& _authorizer,
const Flags& _flags)
: ProcessBase("master"),
http(*this),
@@ -226,6 +229,7 @@ Master::Master(
files(_files),
contender(_contender),
detector(_detector),
+ authorizer(_authorizer),
metrics(*this),
electedTime(None())
{
@@ -336,14 +340,8 @@ void Master::initialize()
<< " (see --credentials flag)";
}
- if (flags.acls.isSome()) {
- LOG(INFO) << "Master enabling authorization";
- Try<Owned<Authorizer> > authorizer_ = Authorizer::create(flags.acls.get());
- if (authorizer_.isError()) {
- EXIT(1) << "Failed to initialize the Authorizer: "
- << authorizer_.error() << " (see --acls flag)";
- }
- authorizer = authorizer_.get();
+ if (authorizer.isSome()) {
+ LOG(INFO) << "Authorization enabled";
}
hashmap<string, RoleInfo> roleInfos;
http://git-wip-us.apache.org/repos/asf/mesos/blob/b5085168/src/master/master.hpp
----------------------------------------------------------------------
diff --git a/src/master/master.hpp b/src/master/master.hpp
index 26af113..75f0d49 100644
--- a/src/master/master.hpp
+++ b/src/master/master.hpp
@@ -100,6 +100,7 @@ public:
Files* files,
MasterContender* contender,
MasterDetector* detector,
+ const Option<Authorizer*>& authorizer,
const Flags& flags = Flags());
virtual ~Master();
@@ -401,6 +402,8 @@ private:
MasterContender* contender;
MasterDetector* detector;
+ const Option<Authorizer*> authorizer;
+
MasterInfo info_;
// Indicates when recovery is complete. Recovery begins once the
@@ -468,8 +471,6 @@ private:
// Principals of authenticated frameworks/slaves keyed by PID.
hashmap<process::UPID, std::string> authenticated;
- Option<process::Owned<Authorizer> > authorizer;
-
int64_t nextFrameworkId; // Used to give each framework a unique ID.
int64_t nextOfferId; // Used to give each slot offer a unique ID.
int64_t nextSlaveId; // Used to give each slave a unique ID.
http://git-wip-us.apache.org/repos/asf/mesos/blob/b5085168/src/tests/cluster.hpp
----------------------------------------------------------------------
diff --git a/src/tests/cluster.hpp b/src/tests/cluster.hpp
index f4cc9a6..449165c 100644
--- a/src/tests/cluster.hpp
+++ b/src/tests/cluster.hpp
@@ -45,6 +45,8 @@
#include "linux/cgroups.hpp"
#endif // __linux__
+#include "authorizer/authorizer.hpp"
+
#include "log/log.hpp"
#include "log/tool/initialize.hpp"
@@ -131,7 +133,8 @@ public:
registrar(NULL),
repairer(NULL),
contender(NULL),
- detector(NULL) {}
+ detector(NULL),
+ authorizer(None()) {}
master::Master* master;
master::allocator::Allocator* allocator;
@@ -143,6 +146,7 @@ public:
master::Repairer* repairer;
MasterContender* contender;
MasterDetector* detector;
+ Option<Authorizer*> authorizer;
};
std::map<process::PID<master::Master>, Master> masters;
@@ -350,6 +354,17 @@ inline Try<process::PID<master::Master> > Cluster::Masters::start(
master.detector = new StandaloneMasterDetector();
}
+ if (flags.acls.isSome()) {
+ Try<process::Owned<Authorizer> > authorizer_ =
+ Authorizer::create(flags.acls.get());
+ if (authorizer_.isError()) {
+ return Error("Failed to initialize the authorizer: " +
+ authorizer_.error() + " (see --acls flag)");
+ }
+ process::Owned<Authorizer> authorizer__ = authorizer_.get();
+ master.authorizer = authorizer__.release();
+ }
+
master.master = new master::Master(
master.allocator,
master.registrar,
@@ -357,6 +372,7 @@ inline Try<process::PID<master::Master> > Cluster::Masters::start(
&cluster->files,
master.contender,
master.detector,
+ master.authorizer,
flags);
if (url.isNone()) {
@@ -408,6 +424,10 @@ inline Try<Nothing> Cluster::Masters::stop(
delete master.contender;
delete master.detector;
+ if (master.authorizer.isSome()) {
+ delete master.authorizer.get();
+ }
+
masters.erase(pid);
return Nothing();