Mesos源码分析(3): Mesos Master的启动之二
2016-07-24 09:59
357 查看
2. process::firewall::install(move(rules));如果有参数--firewall_rules则会添加规则
对应的代码如下:
// Initialize firewall rules. if (flags.firewall_rules.isSome()) { vector<Owned<FirewallRule>> rules; const Firewall firewall = flags.firewall_rules.get(); if (firewall.has_disabled_endpoints()) { hashset<string> paths; foreach (const string& path, firewall.disabled_endpoints().paths()) { paths.insert(path); } rules.emplace_back(new DisabledEndpointsFirewallRule(paths)); } process::firewall::install(move(rules)); } |
对应的命令行参数如下:
这个参数的主要作用为,并不是Mesos的每一个API都想暴露出来,disabled_endpoints里面就是不能访问的API。
上面的install的代码会做下面的事情
最终会放到环境变量firewallRules里面。
那这些firewall是什么事情起作用的呢?
在3rdparty/libprocess/src/process.cpp里面有函数
synchronized (firewall_mutex) { // Don't use a const reference, since it cannot be guaranteed // that the rules don't keep an internal state. foreach (Owned<firewall::FirewallRule>& rule, firewallRules) { Option<Response> rejection = rule->apply(socket, *request); if (rejection.isSome()) { VLOG(1) << "Returning '"<< rejection.get().status << "' for '" << request->url.path << "' (firewall rule forbids request)"; // TODO(arojas): Get rid of the duplicated code to return an // error. // Get the HttpProxy pid for this socket. PID<HttpProxy> proxy = socket_manager->proxy(socket); // Enqueue the response with the HttpProxy so that it respects // the order of requests to account for HTTP/1.1 pipelining. dispatch( proxy, &HttpProxy::enqueue, rejection.get(), *request); // Cleanup request. delete request; return; } } } |
相关文章推荐
- [LEETCODE]52. N-Queens II
- 解决linux系统WIFI无法使用5GHz频率的问题
- 由CP函数认识文件的基本操作
- 【Java】面向对象(二)继承
- Excel Sheet Column Number
- 每天一篇linux教程-----Linux 文件基本属性
- lower_bound()
- 非结构化网格内等值线绘制
- Aaronson hdu5747 解题报告 深剖水题
- JavaScript提高网站性能优化的建议(二)
- C# 枚举尚未开始,或者已经结束
- HDU 5656 CA Loves GCD
- MVC初接触
- 剑指offer 38题 【知识迁移能力】数字在排序数组中出现的次数
- LAMP+Zabbix课程总结
- python运维服务器
- linux分区知识
- 云计算平台之网络性能1
- 图—并查集(解决朋友圈问题)
- MySQL的deocode,与not in的关联查询实现