Apache Mesos
ports.hpp
Go to the documentation of this file.
1 // Licensed to the Apache Software Foundation (ASF) under one
2 // or more contributor license agreements. See the NOTICE file
3 // distributed with this work for additional information
4 // regarding copyright ownership. The ASF licenses this file
5 // to you under the Apache License, Version 2.0 (the
6 // "License"); you may not use this file except in compliance
7 // with the License. You may obtain a copy of the License at
8 //
9 // http://www.apache.org/licenses/LICENSE-2.0
10 //
11 // Unless required by applicable law or agreed to in writing, software
12 // distributed under the License is distributed on an "AS IS" BASIS,
13 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 // See the License for the specific language governing permissions and
15 // limitations under the License.
16 
17 #ifndef __NETWORK_PORTS_ISOLATOR_HPP__
18 #define __NETWORK_PORTS_ISOLATOR_HPP__
19 
20 #include <stdint.h>
21 
22 #include <string>
23 #include <vector>
24 
25 #include <process/owned.hpp>
26 
27 #include <stout/duration.hpp>
28 #include <stout/hashmap.hpp>
29 #include <stout/interval.hpp>
30 #include <stout/option.hpp>
31 
33 
34 #include "slave/flags.hpp"
35 
37 
38 namespace mesos {
39 namespace internal {
40 namespace slave {
41 
42 // The `network/ports` isolator provides isolation of TCP listener
43 // ports for tasks that share the host network namespace. It ensures
44 // that tasks listen only on ports for which they hold `ports` resources.
46 {
47 public:
50 
52 
54 
56 
57  bool supportsNesting() override;
58 
60  const std::vector<mesos::slave::ContainerState>& states,
61  const hashset<ContainerID>& orphans) override;
62 
64  const ContainerID& containerId,
65  const mesos::slave::ContainerConfig& containerConfig) override;
66 
68  const ContainerID& containerId) override;
69 
71  const ContainerID& containerId,
72  const Resources& resources) override;
73 
75  const ContainerID& containerId) override;
76 
77  // Public only for testing.
79  const hashmap<ContainerID, IntervalSet<uint16_t>>& listeners);
80 
81 protected:
82  void initialize() override;
83 
84 private:
86  bool _cniIsolatorEnabled,
87  const Duration& _watchInterval,
88  const bool& _enforcePortsEnabled,
89  const std::string& _cgroupsRoot,
90  const std::string& _freezerHierarchy,
91  const Option<IntervalSet<uint16_t>>& isolatedPorts);
92 
93  struct Info
94  {
95  Option<IntervalSet<uint16_t>> allocatedPorts;
96  Option<IntervalSet<uint16_t>> activePorts;
98  };
99 
100  const bool cniIsolatorEnabled;
101  const Duration watchInterval;
102  const bool enforceContainerPorts;
103  const std::string cgroupsRoot;
104  const std::string freezerHierarchy;
105  const Option<IntervalSet<uint16_t>> isolatedPorts;
106 
108 };
109 
110 } // namespace slave {
111 } // namespace internal {
112 } // namespace mesos {
113 
114 #endif // __NETWORK_PORTS_ISOLATOR_HPP__
Definition: option.hpp:28
Definition: check.hpp:33
~NetworkPortsIsolatorProcess() override
Definition: ports.hpp:55
process::Future< Option< mesos::slave::ContainerLaunchInfo > > prepare(const ContainerID &containerId, const mesos::slave::ContainerConfig &containerConfig) override
Definition: resources.hpp:81
process::Future< Nothing > update(const ContainerID &containerId, const Resources &resources) override
static Try< std::vector< uint32_t > > getProcessSockets(pid_t pid)
process::Future< mesos::slave::ContainerLimitation > watch(const ContainerID &containerId) override
process::Future< Nothing > recover(const std::vector< mesos::slave::ContainerState > &states, const hashset< ContainerID > &orphans) override
Definition: flags.hpp:39
Definition: duration.hpp:32
Definition: hashmap.hpp:38
DWORD pid_t
Definition: windows.hpp:181
process::Future< Nothing > check(const hashmap< ContainerID, IntervalSet< uint16_t >> &listeners)
Definition: spec.hpp:26
static Try< mesos::slave::Isolator * > create(const Flags &flags)
Definition: attributes.hpp:24
void initialize() override
Invoked when a process gets spawned.
process::Future< Nothing > cleanup(const ContainerID &containerId) override
static Try< hashmap< uint32_t, routing::diagnosis::socket::Info > > getListeningSockets()
Definition: parse.hpp:33