mesos-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From James Peach <jpe...@apache.org>
Subject Re: Review Request 60496: Added socket checking to the network ports isolator.
Date Fri, 18 Aug 2017 02:53:49 GMT


> On Aug. 18, 2017, 2:39 a.m., Qian Zhang wrote:
> > src/slave/containerizer/mesos/isolators/network/ports.cpp
> > Lines 66-67 (patched)
> > <https://reviews.apache.org/r/60496/diff/11/?file=1799820#file1799820line66>
> >
> >     Usually when we define a `xxxProcess` class, we want it to do some works asynchronously,
and we need an actor class (e.g., `NetworkPortsCollector`) for it. But in your case, it seems
the only thing that `NetworkPortsCollectorProcess` does is to provide a helper method `collect()`.
So I think we may not need this class, instead we could move the code of its `collect()` method
to `NetworkPortsIsolatorProcess::check()`.

The purpose of `NetworkPortsCollectorProcess` is to move the expensive socket collection off
the isolator process so that it doesn't block container creation. Since we know that scanning
all the sockets is expensive, we do it asynchronously.


- James


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/60496/#review183190
-----------------------------------------------------------


On Aug. 17, 2017, 5:36 p.m., James Peach wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/60496/
> -----------------------------------------------------------
> 
> (Updated Aug. 17, 2017, 5:36 p.m.)
> 
> 
> Review request for mesos, Qian Zhang and Jiang Yan Xu.
> 
> 
> Bugs: MESOS-7675
>     https://issues.apache.org/jira/browse/MESOS-7675
> 
> 
> Repository: mesos
> 
> 
> Description
> -------
> 
> Implemented ports resource restrictions in the network ports isolator.
> Periodically, scan for listening sockets and match them up to all
> the open sockets in the containers we are tracking in the network.
> Check any sockets we find against the ports resource and trigger a
> resource limitation if the port has not been allocated.
> 
> 
> Diffs
> -----
> 
>   src/slave/containerizer/mesos/isolators/network/ports.hpp PRE-CREATION 
>   src/slave/containerizer/mesos/isolators/network/ports.cpp PRE-CREATION 
> 
> 
> Diff: https://reviews.apache.org/r/60496/diff/11/
> 
> 
> Testing
> -------
> 
> make check (Fedora 26)
> 
> 
> Thanks,
> 
> James Peach
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message