Apache Mesos
ports.hpp
Go to the documentation of this file.
1 // Licensed to the Apache Software Foundation (ASF) under one
2 // or more contributor license agreements. See the NOTICE file
3 // distributed with this work for additional information
4 // regarding copyright ownership. The ASF licenses this file
5 // to you under the Apache License, Version 2.0 (the
6 // "License"); you may not use this file except in compliance
7 // with the License. You may obtain a copy of the License at
8 //
9 // http://www.apache.org/licenses/LICENSE-2.0
10 //
11 // Unless required by applicable law or agreed to in writing, software
12 // distributed under the License is distributed on an "AS IS" BASIS,
13 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 // See the License for the specific language governing permissions and
15 // limitations under the License.
16 
17 #ifndef __NETWORK_PORTS_ISOLATOR_HPP__
18 #define __NETWORK_PORTS_ISOLATOR_HPP__
19 
20 #include <stdint.h>
21 
22 #include <string>
23 #include <vector>
24 
25 #include <process/owned.hpp>
26 
27 #include <stout/duration.hpp>
28 #include <stout/hashmap.hpp>
29 #include <stout/interval.hpp>
30 #include <stout/option.hpp>
31 
33 
34 #include "slave/flags.hpp"
35 
37 
38 namespace mesos {
39 namespace internal {
40 namespace slave {
41 
42 // The `network/ports` isolator provides isolation of TCP listener
43 // ports for tasks that share the host network namespace. It ensures
44 // that tasks listen only on ports for which they hold `ports` resources.
46 {
47 public:
50 
52 
54 
56 
57  bool supportsNesting() override;
58 
60  const std::vector<mesos::slave::ContainerState>& states,
61  const hashset<ContainerID>& orphans) override;
62 
64  const ContainerID& containerId,
65  const mesos::slave::ContainerConfig& containerConfig) override;
66 
68  const ContainerID& containerId) override;
69 
71  const ContainerID& containerId,
72  const Resources& resourceRequests,
73  const google::protobuf::Map<
74  std::string, Value::Scalar>& resourceLimits = {}) override;
75 
77  const ContainerID& containerId) override;
78 
79  // Public only for testing.
81  const hashmap<ContainerID, IntervalSet<uint16_t>>& listeners);
82 
83 protected:
84  void initialize() override;
85 
86 private:
88  bool _cniIsolatorEnabled,
89  const Duration& _watchInterval,
90  const bool& _enforcePortsEnabled,
91  const std::string& _cgroupsRoot,
92  const std::string& _freezerHierarchy,
93  const Option<IntervalSet<uint16_t>>& isolatedPorts);
94 
95  struct Info
96  {
97  Option<IntervalSet<uint16_t>> allocatedPorts;
98  Option<IntervalSet<uint16_t>> activePorts;
100  };
101 
102  const bool cniIsolatorEnabled;
103  const Duration watchInterval;
104  const bool enforceContainerPorts;
105  const std::string cgroupsRoot;
106  const std::string freezerHierarchy;
107  const Option<IntervalSet<uint16_t>> isolatedPorts;
108 
110 };
111 
112 } // namespace slave {
113 } // namespace internal {
114 } // namespace mesos {
115 
116 #endif // __NETWORK_PORTS_ISOLATOR_HPP__
Definition: option.hpp:29
Definition: check.hpp:33
~NetworkPortsIsolatorProcess() override
Definition: ports.hpp:55
process::Future< Option< mesos::slave::ContainerLaunchInfo > > prepare(const ContainerID &containerId, const mesos::slave::ContainerConfig &containerConfig) override
Definition: resources.hpp:83
static Try< std::vector< uint32_t > > getProcessSockets(pid_t pid)
process::Future< mesos::slave::ContainerLimitation > watch(const ContainerID &containerId) override
process::Future< Nothing > recover(const std::vector< mesos::slave::ContainerState > &states, const hashset< ContainerID > &orphans) override
Definition: flags.hpp:39
Definition: duration.hpp:32
Definition: hashmap.hpp:38
DWORD pid_t
Definition: windows.hpp:181
process::Future< Nothing > check(const hashmap< ContainerID, IntervalSet< uint16_t >> &listeners)
process::Future< Nothing > update(const ContainerID &containerId, const Resources &resourceRequests, const google::protobuf::Map< std::string, Value::Scalar > &resourceLimits={}) override
Definition: agent.hpp:25
static Try< mesos::slave::Isolator * > create(const Flags &flags)
Definition: attributes.hpp:24
void initialize() override
Invoked when a process gets spawned.
process::Future< Nothing > cleanup(const ContainerID &containerId) override
static Try< hashmap< uint32_t, routing::diagnosis::socket::Info > > getListeningSockets()
Definition: parse.hpp:33