mesos-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Xudong Ni via Review Board <nore...@reviews.apache.org>
Subject Re: Review Request 68366: Added agent protected port range option in network isolator.
Date Wed, 22 Aug 2018 17:35:09 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/68366/
-----------------------------------------------------------

(Updated Aug. 22, 2018, 5:35 p.m.)


Review request for mesos and James Peach.


Bugs: MESOS-9133
    https://issues.apache.org/jira/browse/MESOS-9133


Repository: mesos


Description
-------

For a network isolator disabled environment, in practice, there could
be a lot of users already binding to ephemeral ports; It would take
a lot of efforts to find/notify/modify those apps; In order to take
advantage of network isolator and enable it in such system, it would
be useful to add mesos-agent configuration option to allow enforce
port isolation in only the specified certain port range


Diffs (updated)
-----

  docs/configuration/agent.md e98a9786aa2d1f5c87aec4db8b65457c3293156e 
  docs/isolators/network-ports.md 5d14fc2985e099783b09e2a19f99641b4ddbd768 
  src/slave/containerizer/mesos/isolators/network/ports.hpp 6944d01e0f8a11eda381ef1754f19ee0cf9359c8

  src/slave/containerizer/mesos/isolators/network/ports.cpp 2a7ff2530f898cf892739c715b07b3387b423ed9

  src/slave/flags.hpp bff194fef98f38a8b91d86ef4ec99889d0cfe31f 
  src/slave/flags.cpp e017f3921a0bccc03f6ef639a04163bf7fc4e79b 
  src/tests/containerizer/ports_isolator_tests.cpp db080c4e9c8b0c036294a8f7a42617ca1231f884



Diff: https://reviews.apache.org/r/68366/diff/6/

Changes: https://reviews.apache.org/r/68366/diff/5-6/


Testing
-------

New test added to test feature:

[       OK ] NetworkPortsIsolatorTest.ROOT_NC_PortEnforcementProtectedPort (1886 ms)
[----------] 1 test from NetworkPortsIsolatorTest (1887 ms total)

[----------] Global test environment tear-down
[==========] 1 test from 1 test case ran. (1900 ms total)
[  PASSED  ] 1 test.

Existing test updated to test the negative cases:

[       OK ] NetworkPortsIsolatorTest.ROOT_IsolatorFlags (58 ms)
[----------] 1 test from NetworkPortsIsolatorTest (58 ms total)

[----------] Global test environment tear-down
[==========] 1 test from 1 test case ran. (69 ms total)
[  PASSED  ] 1 test.

Existing test for isolator feature:

[       OK ] NetworkPortsIsolatorTest.ROOT_NC_AllocatedPorts (1992 ms)
[----------] 1 test from NetworkPortsIsolatorTest (1993 ms total)

[----------] Global test environment tear-down
[==========] 1 test from 1 test case ran. (2004 ms total)
[  PASSED  ] 1 test.


Thanks,

Xudong Ni


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message