mesos-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Avinash sridharan <avin...@mesosphere.io>
Subject Review Request 51617: Added the `remove` and `insert` methods.
Date Thu, 29 Sep 2016 15:44:52 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/51617/
-----------------------------------------------------------

Review request for mesos, Jie Yu and Qian Zhang.


Bugs: MESOS-6023
    https://issues.apache.org/jira/browse/MESOS-6023


Repository: mesos


Description
-------

Added the `remove` and `insert` methods.


Diffs
-----

  src/slave/containerizer/mesos/isolators/network/cni/plugins/port_mapper/port_mapper.hpp
85547533b0b13011615b512ec8c71b7545f33324 
  src/slave/containerizer/mesos/isolators/network/cni/plugins/port_mapper/port_mapper.cpp
0ecf64f2de5fc27f208e9dd0e3608b9a6750e9a6 

Diff: https://reviews.apache.org/r/51617/diff/


Testing
-------

Ran the CNI plugin against a network namespace with the following JSON input:
```
{
    "name": "mynet",
    "type": "port-mapper",
    "chain": "MESOS-TEST",
    "excludeDevices": ["mesos-cni0"],
    "delegate": {
      "type" : "bridge",
      "bridge": "cni0",
      "isGateway": true,
      "ipMasq": true,
      "ipam": {
          "type": "host-local",
          "subnet": "192.168.37.0/24",
          "routes": [
            { "dst": "0.0.0.0/0" }
          ]
      }
    },
    "args" : {
      "org.apache.mesos" : {
        "network_info" : {
          "port_mappings": {
            "host_port" : 8080,
            "container_port" : 9000
          }
        }
      }
    }
}
```

Used the ADD command to test that the CNI plugin correctly invokes the delegate plugin (a
CNI bridge plugin in this case) and also inserts the correct iptable entries for the given
port mapping. After running this plugin, this was the output of the `iptables -t nat -S MESOS-TEST`
command:
```
sudo iptables -t nat -S MESOS-TEST
-N MESOS-TEST
-A MESOS-TEST ! -i mesos-cni0 -p tcp -m tcp --dport 8080 -j DNAT --to-destination 192.168.37.21:9000
```

Ran a python HTTP server in this network namespace and verified that DNAT works from outside
the box. Was able to connect to port 9000 of this server, by connecting to port 8080 on the
host.

Used the DEL command to test the CNI plugin correctly deletes the DNAT rule and chain, if
there are no DNAT rules exist in the chain. After running the DEL command (by injecting `NetworkInfo`
into the above JSON schema) verified the chain and the DNAT rule is deleted from iptables.


Thanks,

Avinash sridharan


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message