hook

package

v0.0.0-...-28e5ed5 Latest Latest Go to latest Published: Dec 20, 2017 License: MIT Imports: 14 Imported by: 2

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/Devatoria/go-mesos-executor

Links

Open Source Insights

Documentation ¶

Index ¶

Variables
type Hook
type Manager
- func NewManager(hooks []string) *Manager

Constants ¶

This section is empty.

Variables ¶

View Source

var ACLHook = Hook{
	Name:     "acl",
	Priority: 0,
	RunPostRun: func(c container.Containerizer, taskInfo *mesos.TaskInfo, frameworkInfo *mesos.FrameworkInfo, containerID string) error {

		network := taskInfo.GetContainer().GetDocker().GetNetwork()
		if network != mesos.ContainerInfo_DockerInfo_BRIDGE && network != mesos.ContainerInfo_DockerInfo_USER {
			logger.GetInstance().Warn("ACL hook can't inject iptables rules if network mode is not bridge or user")

			return nil
		}

		driver, err := iptables.New()
		if err != nil {
			return err
		}

		chain, err := checkChain(driver)
		if err != nil {
			return err
		}

		return generateACL(taskInfo, chain, driver.Append, true)

	},
	RunPreStop: func(c container.Containerizer, taskInfo *mesos.TaskInfo, frameworkInfo *mesos.FrameworkInfo, containerID string) error {

		network := taskInfo.GetContainer().GetDocker().GetNetwork()
		if network != mesos.ContainerInfo_DockerInfo_BRIDGE && network != mesos.ContainerInfo_DockerInfo_USER {
			logger.GetInstance().Warn("ACL hook does not need to remove iptables rules if network mode is not bridge or user")

			return nil
		}

		driver, err := iptables.New()
		if err != nil {
			return err
		}

		chain, err := checkChain(driver)
		if err != nil {
			return err
		}

		return generateACL(taskInfo, chain, driver.Delete, false)

	},
}

ACLHook injects iptables rules into container namespace on post-run to allow only some IP to access the container. This hook needs to access to host procs (to mount network namespace).

View Source

var IptablesHook = Hook{
	Name:     "iptables",
	Priority: 0,
	RunPostRun: func(c container.Containerizer, taskInfo *mesos.TaskInfo, frameworkInfo *mesos.FrameworkInfo, containerID string) error {

		network := taskInfo.GetContainer().GetDocker().GetNetwork()
		if network != mesos.ContainerInfo_DockerInfo_BRIDGE && network != mesos.ContainerInfo_DockerInfo_USER {
			logger.GetInstance().Warn("Iptables hook can't inject iptables rules if network mode is not bridge or user")

			return nil
		}

		logger.GetInstance().Debug(fmt.Sprintf("Inserting iptables on host namespace for container %s", containerID))

		driver, err := iptables.New()
		if err != nil {
			return err
		}

		portMappings := taskInfo.GetContainer().GetDocker().GetPortMappings()

		containerInterface := viper.GetString("iptables.container_bridge_interface")
		if containerInterface == "" {
			return fmt.Errorf("could not retrieve container brigde interface")
		}

		containerIPs, err := c.ContainerGetIPsByInterface(containerID, containerInterface)
		if err != nil {
			return err
		}
		iptablesHookContainerIPCache.Store(containerID, containerIPs)

		return generateIptables(containerIPs, portMappings, containerInterface, driver, driver.Append, true)
	},
	RunPreStop: func(c container.Containerizer, taskInfo *mesos.TaskInfo, frameworkInfo *mesos.FrameworkInfo, containerID string) error {

		network := taskInfo.GetContainer().GetDocker().GetNetwork()
		if network == mesos.ContainerInfo_DockerInfo_NONE || network == mesos.ContainerInfo_DockerInfo_HOST {
			logger.GetInstance().Warn("Iptables hook does not need to remove iptables rules if network mode is not bridged")

			return nil
		}

		logger.GetInstance().Debug(fmt.Sprintf("Removing iptables on host namespace for container %s", containerID))

		driver, err := iptables.New()
		if err != nil {
			return err
		}

		portMappings := taskInfo.GetContainer().GetDocker().GetPortMappings()

		ipsCacheValue, ok := iptablesHookContainerIPCache.Load(containerID)
		if !ok {
			return fmt.Errorf(
				"could not find ip in cache for container %s",
				containerID,
			)
		}

		containerIPs, ok := ipsCacheValue.([]net.IP)
		if !ok {
			return fmt.Errorf(
				"could not load ip from cache for container %s",
				containerID,
			)
		}

		containerInterface := viper.GetString("iptables.container_bridge_interface")
		if containerInterface == "" {
			return fmt.Errorf("could not retrieve container brigde interface")
		}

		return generateIptables(containerIPs, portMappings, containerInterface, driver, driver.Delete, false)
	},
}

IptablesHook injects iptables rules on host. This iptables allow container masquerading and network forwarding to container.

View Source

var NetnsHook = Hook{
	Name:     "netns",
	Priority: 0,
	RunPostRun: func(c container.Containerizer, taskInfo *mesos.TaskInfo, frameworkInfo *mesos.FrameworkInfo, containerID string) error {

		pid, err := c.ContainerGetPID(containerID)
		if err != nil {
			return err
		}
		netnsHookContainerPID = pid

		if err = os.Mkdir(viper.GetString("netns.path"), 0700); err != nil && !os.IsExist(err) {
			return err
		}

		nspath := fmt.Sprintf("%s/%d/ns/net", viper.GetString("proc_path"), netnsHookContainerPID)
		netnsHookSymlinkPath = fmt.Sprintf("%s/%s", viper.GetString("netns.path"), taskInfo.TaskID.GetValue())

		return os.Symlink(nspath, netnsHookSymlinkPath)
	},
	RunPostStop: func(c container.Containerizer, taskInfo *mesos.TaskInfo, frameworkInfo *mesos.FrameworkInfo, containerID string) error {
		return os.Remove(netnsHookSymlinkPath)
	},
}

NetnsHook creates and removes a symlink in /var/run/netns in order to allow the "ip netns" command to execute commands in associated container network namespace (for debug purpose)

View Source

var NetworkHook = Hook{
	Name:     "network",
	Priority: 0,
	RunPreCreate: func(c container.Containerizer, taskInfo *mesos.TaskInfo, frameworkInfo *mesos.FrameworkInfo) error {

		frameworkName := frameworkInfo.GetName()

		taskInfo.Container.Docker.Network = mesos.ContainerInfo_DockerInfo_USER.Enum()

		taskInfo.Container.NetworkInfos = []mesos.NetworkInfo{
			mesos.NetworkInfo{
				Name: &frameworkName,
			},
		}

		return nil
	},
}

NetworkHook ensure that containers are launched in a certain network.

View Source

var RemoveContainerHook = Hook{
	Name:     "removeContainer",
	Priority: 0,
	RunPostStop: func(c container.Containerizer, taskInfo *mesos.TaskInfo, frameworkInfo *mesos.FrameworkInfo, containerID string) error {
		logger.GetInstance().Info("Removing container",
			zap.String("containerID", containerID),
		)

		return c.ContainerRemove(containerID)
	},
}

RemoveContainerHook removes the stopped container on post-stop

Functions ¶

This section is empty.

Types ¶

type Hook ¶

type Hook struct {
	Name         string
	Priority     int64
	RunPreCreate func(container.Containerizer, *mesos.TaskInfo, *mesos.FrameworkInfo) error
	RunPreRun    func(container.Containerizer, *mesos.TaskInfo, *mesos.FrameworkInfo, string) error
	RunPostRun   func(container.Containerizer, *mesos.TaskInfo, *mesos.FrameworkInfo, string) error
	RunPreStop   func(container.Containerizer, *mesos.TaskInfo, *mesos.FrameworkInfo, string) error
	RunPostStop  func(container.Containerizer, *mesos.TaskInfo, *mesos.FrameworkInfo, string) error
}

Hook represents an executable hook (we don't care if it's a pre-create, post-stop or whatever)

type Manager ¶

type Manager struct {
	EnabledHooks map[string]struct{}
	Hooks        []*Hook
}

Manager is a hook manager with different kinds of hooks: - pre-create - pre-run - post-run - pre-stop - post-stop It also contains a list of enabled hooks names

func NewManager ¶

func NewManager(hooks []string) *Manager

NewManager returns an empty HookManager (with no hooks)

func (*Manager) RegisterHooks ¶

func (m *Manager) RegisterHooks(hooks ...*Hook)

RegisterHooks registers a list of hooks on the given "when" (pre-create, ...) It throws an error in case of the given "when" is incorrect

func (*Manager) RunPostRunHooks ¶

func (m *Manager) RunPostRunHooks(c container.Containerizer, taskInfo *mesos.TaskInfo, frameworkInfo *mesos.FrameworkInfo, containerID string) error

RunPostRunHooks runs all pre-create hooks of the given manager

func (*Manager) RunPostStopHooks ¶

func (m *Manager) RunPostStopHooks(c container.Containerizer, taskInfo *mesos.TaskInfo, frameworkInfo *mesos.FrameworkInfo, containerID string) error

RunPostStopHooks runs all pre-create hooks of the given manager

func (*Manager) RunPreCreateHooks ¶

func (m *Manager) RunPreCreateHooks(c container.Containerizer, taskInfo *mesos.TaskInfo, frameworkInfo *mesos.FrameworkInfo) error

RunPreCreateHooks runs all pre-create hooks of the given manager

func (*Manager) RunPreRunHooks ¶

func (m *Manager) RunPreRunHooks(c container.Containerizer, taskInfo *mesos.TaskInfo, frameworkInfo *mesos.FrameworkInfo, containerID string) error

RunPreRunHooks runs all pre-create hooks of the given manager

func (*Manager) RunPreStopHooks ¶

func (m *Manager) RunPreStopHooks(c container.Containerizer, taskInfo *mesos.TaskInfo, frameworkInfo *mesos.FrameworkInfo, containerID string) error

RunPreStopHooks runs all pre-create hooks of the given manager

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL