----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/51617/#review152796 -----------------------------------------------------------
Patch looks great! Reviews applied: [52671, 52771, 52772, 52773, 51617] Passed command: export OS='ubuntu:14.04' BUILDTOOL='autotools' COMPILER='gcc' CONFIGURATION='--verbose' ENVIRONMENT='GLOG_v=1 MESOS_VERBOSE=1'; ./support/docker_build.sh - Mesos ReviewBot On Oct. 16, 2016, 2:06 a.m., Avinash sridharan wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/51617/ > ----------------------------------------------------------- > > (Updated Oct. 16, 2016, 2:06 a.m.) > > > Review request for mesos, Jie Yu and Qian Zhang. > > > Bugs: MESOS-6023 > https://issues.apache.org/jira/browse/MESOS-6023 > > > Repository: mesos > > > Description > ------- > > Added the logic for installing and removing DNAT rules. > > > Diffs > ----- > > > src/slave/containerizer/mesos/isolators/network/cni/plugins/port_mapper/port_mapper.hpp > 7fad707a240234e35828917aea1bc79f42fe130e > > src/slave/containerizer/mesos/isolators/network/cni/plugins/port_mapper/port_mapper.cpp > 2ff8b0e76a11b6f6c98b839d3ac91a81e41285f5 > > Diff: https://reviews.apache.org/r/51617/diff/ > > > Testing > ------- > > Ran the CNI plugin against a network namespace with the following JSON input: > ``` > { > "name": "mynet", > "type": "port-mapper", > "chain": "MESOS-TEST", > "excludeDevices": ["mesos-cni0"], > "delegate": { > "type" : "bridge", > "bridge": "cni0", > "isGateway": true, > "ipMasq": true, > "ipam": { > "type": "host-local", > "subnet": "192.168.37.0/24", > "routes": [ > { "dst": "0.0.0.0/0" } > ] > } > }, > "args" : { > "org.apache.mesos" : { > "network_info" : { > "port_mappings": { > "host_port" : 8080, > "container_port" : 9000 > } > } > } > } > } > ``` > > Used the ADD command to test that the CNI plugin correctly invokes the > delegate plugin (a CNI bridge plugin in this case) and also inserts the > correct iptable entries for the given port mapping. After running this > plugin, this was the output of the `iptables -t nat -S MESOS-TEST` command: > ``` > sudo iptables -t nat -S MESOS-TEST > -N MESOS-TEST > -A MESOS-TEST ! -i mesos-cni0 -p tcp -m tcp --dport 8080 -j DNAT > --to-destination 192.168.37.21:9000 > ``` > > Ran a python HTTP server in this network namespace and verified that DNAT > works from outside the box. Was able to connect to port 9000 of this server, > by connecting to port 8080 on the host. > > Used the DEL command to test the CNI plugin correctly deletes the DNAT rule > and chain, if there are no DNAT rules exist in the chain. After running the > DEL command (by injecting `NetworkInfo` into the above JSON schema) verified > the chain and the DNAT rule is deleted from iptables. > > > Apart from these tests ran a single node cluster and did an end-to-end test > with a modified `mesos-execute` binary that can setup port-mapping. > > > Thanks, > > Avinash sridharan > >
