Mesos Principles and Code Analysis (3): Mesos Master Start-up II

2. Process::firewall::install (move rules); if there is a parameter--firewall_rules the rule is added

?

The corresponding code is as follows:

Initialize firewall rules. if (Flags.firewall_rules.isSome ()) { Vector<owned<firewallrule>> rules; ? Const Firewall Firewall = Flags.firewall_rules.get (); ? if (firewall.has_disabled_endpoints ()) { hashset<string> paths; ? foreach (const string& path, firewall.disabled_endpoints (). paths ()) { Paths.insert (path); } ? Rules.emplace_back (new Disabledendpointsfirewallrule (paths)); } ? Process::firewall::install (Move (rules)); }

?

The corresponding command line parameters are as follows:

?

The main function of this parameter is, not mesos every API to want to expose, disabled_endpoints inside is unreachable API.

?

The above install code will do the following things

?

?

It will eventually be put into the environment variable firewallrules.

?

So what do these firewall work for?

?

There's a function in 3rdparty/libprocess/src/process.cpp.

?

Synchronized (Firewall_mutex) { Don ' t use a const reference, since it cannot be guaranteed That the rules don ' t keep a internal state. foreach (owned<firewall::firewallrule>& rule, firewallrules) { option<response> rejection = rule->apply (socket, *request); if (Rejection.issome ()) { VLOG (1) << "returning" "<< rejection.get (). Status << ' for ' << request->url.path << "' (Firewall rule forbids request)"; ? TODO (arojas): Get rid of the duplicated code to return an Error. ? Get the Httpproxy PID for this socket. Pid ? Enqueue the response with the httpproxy so it respects The order of requests to account for http/1.1 pipelining. Dispatch Proxy &httpproxy::enqueue, Rejection.get (), *request); ? Cleanup request. Delete request; Return } } }

?

Mesos Principles and Code Analysis (3): Mesos Master Start-up II