mesos-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Xudong Ni via Review Board <nore...@reviews.apache.org>
Subject Re: Review Request 68366: Added agent protected port range option in network isolator.
Date Thu, 23 Aug 2018 02:40:53 GMT


> On Aug. 22, 2018, 7:27 p.m., James Peach wrote:
> > Can you please update the commit comment to better describe the specific changes?
> > 
> > Maybe something along these lines:
> > 
> > ```
> > Added a custom port range option to the `network/ports` isolator.
> > 
> > Added the `--foo-bar` flag to the `network/ports` isolator. This allows
> > the operator to specify a custom port range to be protected by the isolator. If
a task
> > listens on a port that it isn't holding resources for, the isolator will
> > not raise a limitation unless the port is within this range. We can
> > represent the `--check_agent_port_range_only` as a special case of a
> > protected range.
> > 
> > etc ...
> > ```

commit comment is updated


- Xudong


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/68366/#review207762
-----------------------------------------------------------


On Aug. 22, 2018, 5:35 p.m., Xudong Ni wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/68366/
> -----------------------------------------------------------
> 
> (Updated Aug. 22, 2018, 5:35 p.m.)
> 
> 
> Review request for mesos and James Peach.
> 
> 
> Bugs: MESOS-9133
>     https://issues.apache.org/jira/browse/MESOS-9133
> 
> 
> Repository: mesos
> 
> 
> Description
> -------
> 
> For a network isolator disabled environment, in practice, there could
> be a lot of users already binding to ephemeral ports; It would take
> a lot of efforts to find/notify/modify those apps; In order to take
> advantage of network isolator and enable it in such system, it would
> be useful to add mesos-agent configuration option to allow enforce
> port isolation in only the specified certain port range
> 
> 
> Diffs
> -----
> 
>   docs/configuration/agent.md e98a9786aa2d1f5c87aec4db8b65457c3293156e 
>   docs/isolators/network-ports.md 5d14fc2985e099783b09e2a19f99641b4ddbd768 
>   src/slave/containerizer/mesos/isolators/network/ports.hpp 6944d01e0f8a11eda381ef1754f19ee0cf9359c8

>   src/slave/containerizer/mesos/isolators/network/ports.cpp 2a7ff2530f898cf892739c715b07b3387b423ed9

>   src/slave/flags.hpp bff194fef98f38a8b91d86ef4ec99889d0cfe31f 
>   src/slave/flags.cpp e017f3921a0bccc03f6ef639a04163bf7fc4e79b 
>   src/tests/containerizer/ports_isolator_tests.cpp db080c4e9c8b0c036294a8f7a42617ca1231f884

> 
> 
> Diff: https://reviews.apache.org/r/68366/diff/6/
> 
> 
> Testing
> -------
> 
> New test added to test feature:
> 
> [       OK ] NetworkPortsIsolatorTest.ROOT_NC_PortEnforcementProtectedPort (1886 ms)
> [----------] 1 test from NetworkPortsIsolatorTest (1887 ms total)
> 
> [----------] Global test environment tear-down
> [==========] 1 test from 1 test case ran. (1900 ms total)
> [  PASSED  ] 1 test.
> 
> Existing test updated to test the negative cases:
> 
> [       OK ] NetworkPortsIsolatorTest.ROOT_IsolatorFlags (58 ms)
> [----------] 1 test from NetworkPortsIsolatorTest (58 ms total)
> 
> [----------] Global test environment tear-down
> [==========] 1 test from 1 test case ran. (69 ms total)
> [  PASSED  ] 1 test.
> 
> Existing test for isolator feature:
> 
> [       OK ] NetworkPortsIsolatorTest.ROOT_NC_AllocatedPorts (1992 ms)
> [----------] 1 test from NetworkPortsIsolatorTest (1993 ms total)
> 
> [----------] Global test environment tear-down
> [==========] 1 test from 1 test case ran. (2004 ms total)
> [  PASSED  ] 1 test.
> 
> 
> Thanks,
> 
> Xudong Ni
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message