mesos-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Qian Zhang <zhq527...@gmail.com>
Subject Re: Review Request 60496: Added socket checking to the network ports isolator.
Date Thu, 24 Aug 2017 07:28:17 GMT


> On Aug. 18, 2017, 10:39 a.m., Qian Zhang wrote:
> > src/slave/containerizer/mesos/isolators/network/ports.cpp
> > Lines 66-67 (patched)
> > <https://reviews.apache.org/r/60496/diff/11/?file=1799820#file1799820line66>
> >
> >     Usually when we define a `xxxProcess` class, we want it to do some works asynchronously,
and we need an actor class (e.g., `NetworkPortsCollector`) for it. But in your case, it seems
the only thing that `NetworkPortsCollectorProcess` does is to provide a helper method `collect()`.
So I think we may not need this class, instead we could move the code of its `collect()` method
to `NetworkPortsIsolatorProcess::check()`.
> 
> James Peach wrote:
>     The purpose of `NetworkPortsCollectorProcess` is to move the expensive socket collection
off the isolator process so that it doesn't block container creation. Since we know that scanning
all the sockets is expensive, we do it asynchronously.

Why will it block container creation? `NetworkPortsIsolatorProcess::check()` is run in a `process::loop()`
which is outside the isolator process.


- Qian


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/60496/#review183190
-----------------------------------------------------------


On Aug. 24, 2017, 4:29 a.m., James Peach wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/60496/
> -----------------------------------------------------------
> 
> (Updated Aug. 24, 2017, 4:29 a.m.)
> 
> 
> Review request for mesos, Qian Zhang and Jiang Yan Xu.
> 
> 
> Bugs: MESOS-7675
>     https://issues.apache.org/jira/browse/MESOS-7675
> 
> 
> Repository: mesos
> 
> 
> Description
> -------
> 
> Implemented ports resource restrictions in the network ports isolator.
> Periodically, scan for listening sockets and match them up to all
> the open sockets in the containers we are tracking in the network.
> Check any sockets we find against the ports resource and trigger a
> resource limitation if the port has not been allocated.
> 
> 
> Diffs
> -----
> 
>   src/slave/containerizer/mesos/isolators/network/ports.hpp PRE-CREATION 
>   src/slave/containerizer/mesos/isolators/network/ports.cpp PRE-CREATION 
> 
> 
> Diff: https://reviews.apache.org/r/60496/diff/15/
> 
> 
> Testing
> -------
> 
> make check (Fedora 26)
> 
> 
> Thanks,
> 
> James Peach
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message