Mesos源码分析(3): Mesos Master的启动之二

时间: 2020-09-17｜23次围观｜0 条评论

2. process::firewall::install(move(rules));如果有参数--firewall_rules则会添加规则

对应的代码如下：

// Initialize firewall rules.
if (flags.firewall_rules.isSome()) {
vector<Owned<FirewallRule>> rules;
const Firewall firewall = flags.firewall_rules.get();
if (firewall.has_disabled_endpoints()) {
hashset<string> paths;
foreach (conststring& path, firewall.disabled_endpoints().paths()) {
paths.insert(path);
}
rules.emplace_back(new DisabledEndpointsFirewallRule(paths));
}
process::firewall::install(move(rules));
}

对应的命令行参数如下：

这个参数的主要作用为，并不是Mesos的每一个API都想暴露出来，disabled_endpoints里面就是不能访问的API。

上面的install的代码会做下面的事情

最终会放到环境变量firewallRules里面。

那这些firewall是什么事情起作用的呢？

在3rdparty/libprocess/src/process.cpp里面有函数

synchronized (firewall_mutex) {
// Don't use a const reference, since it cannot be guaranteed
// that the rules don't keep an internal state.
foreach (Owned<firewall::FirewallRule>& rule, firewallRules) {
Option<Response> rejection = rule->apply(socket, *request);
if (rejection.isSome()) {
VLOG(1) << "Returning '"<< rejection.get().status << "' for '"
<< request->url.path << "' (firewall rule forbids request)";
// TODO(arojas): Get rid of the duplicated code to return an
// error.
// Get the HttpProxy pid for this socket.
PID<HttpProxy> proxy = socket_manager->proxy(socket);
// Enqueue the response with the HttpProxy so that it respects
// the order of requests to account for HTTP/1.1 pipelining.
dispatch(
proxy,
&HttpProxy::enqueue,
rejection.get(),
*request);
// Cleanup request.
delete request;
return;
}
}
}

文章转载于:https://www.cnblogs.com/popsuper1982/p/5700147.html

原著是一个有趣的人,若有侵权,请通知删除

本博客所有文章如无特别注明均为原创。
复制或转载请以超链接形式注明转自起风了，原文地址《Mesos源码分析(3): Mesos Master的启动之二》

　 Mesos源码分析(4) Mesos Master的启动之三 Mesos源码分析(2): Mesos Master的启动之一　

还没有人抢沙发呢~