void print_proto(mesos& m, const std::string& fname) { draiosproto::metrics met; mesos_proto(met).get_proto(m.get_state()); //FileOutputStream fos("/home/alex/sysdig/agent/experiments/mesos/" + fname + ".protodump"); //fos << met.DebugString(); std::cout << met.DebugString() << std::endl; //std::cout << "++++" << std::endl; //print_groups(met.mesos().groups()); //std::cout << "----" << std::endl; }
Flags() { add(&Flags::ip, "ip", "IP address to listen on. This cannot be used in conjunction\n" "with `--ip_discovery_command`."); add(&Flags::port, "port", "Port to listen on.", SlaveInfo().port()); add(&Flags::advertise_ip, "advertise_ip", "IP address advertised to reach this Mesos slave.\n" "The slave does not bind to this IP address.\n" "However, this IP address may be used to access this slave."); add(&Flags::advertise_port, "advertise_port", "Port advertised to reach this Mesos slave (along with\n" "`advertise_ip`). The slave does not bind to this port.\n" "However, this port (along with `advertise_ip`) may be used to\n" "access this slave."); add(&Flags::master, "master", "May be one of:\n" " `host:port`\n" " `zk://host1:port1,host2:port2,.../path`\n" " `zk://username:password@host1:port1,host2:port2,.../path`\n" " `file:///path/to/file` (where file contains one of the above)"); add(&Flags::ip_discovery_command, "ip_discovery_command", "Optional IP discovery binary: if set, it is expected to emit\n" "the IP address which the slave will try to bind to.\n" "Cannot be used in conjunction with `--ip`."); }
int main(int argc, char** argv) { GOOGLE_PROTOBUF_VERIFY_VERSION; master::Flags flags; // The following flags are executable specific (e.g., since we only // have one instance of libprocess per execution, we only want to // advertise the IP and port option once, here). Option<string> ip; flags.add(&ip, "ip", "IP address to listen on"); uint16_t port; flags.add(&port, "port", "Port to listen on", MasterInfo().port()); Option<string> zk; flags.add(&zk, "zk", "ZooKeeper URL (used for leader election amongst masters)\n" "May be one of:\n" " zk://host1:port1,host2:port2,.../path\n" " zk://username:password@host1:port1,host2:port2,.../path\n" " file:///path/to/file (where file contains one of the above)"); Try<Nothing> load = flags.load("MESOS_", argc, argv); if (load.isError()) { cerr << flags.usage(load.error()) << endl; return EXIT_FAILURE; } if (flags.version) { version(); return EXIT_SUCCESS; } if (flags.help) { cout << flags.usage() << endl; return EXIT_SUCCESS; } // Initialize modules. Note that since other subsystems may depend // upon modules, we should initialize modules before anything else. if (flags.modules.isSome()) { Try<Nothing> result = ModuleManager::load(flags.modules.get()); if (result.isError()) { EXIT(EXIT_FAILURE) << "Error loading modules: " << result.error(); } } // Initialize hooks. if (flags.hooks.isSome()) { Try<Nothing> result = HookManager::initialize(flags.hooks.get()); if (result.isError()) { EXIT(EXIT_FAILURE) << "Error installing hooks: " << result.error(); } } // Initialize libprocess. if (ip.isSome()) { os::setenv("LIBPROCESS_IP", ip.get()); } os::setenv("LIBPROCESS_PORT", stringify(port)); process::initialize("master"); logging::initialize(argv[0], flags, true); // Catch signals. LOG(INFO) << "Build: " << build::DATE << " by " << build::USER; LOG(INFO) << "Version: " << MESOS_VERSION; if (build::GIT_TAG.isSome()) { LOG(INFO) << "Git tag: " << build::GIT_TAG.get(); } if (build::GIT_SHA.isSome()) { LOG(INFO) << "Git SHA: " << build::GIT_SHA.get(); } // Create an instance of allocator. const std::string allocatorName = flags.allocator; Try<Allocator*> allocator = Allocator::create(allocatorName); if (allocator.isError()) { EXIT(EXIT_FAILURE) << "Failed to create '" << allocatorName << "' allocator: " << allocator.error(); } CHECK_NOTNULL(allocator.get()); LOG(INFO) << "Using '" << allocatorName << "' allocator"; state::Storage* storage = NULL; Log* log = NULL; if (flags.registry == "in_memory") { if (flags.registry_strict) { EXIT(EXIT_FAILURE) << "Cannot use '--registry_strict' when using in-memory storage" << " based registry"; } storage = new state::InMemoryStorage(); } else if (flags.registry == "replicated_log" || flags.registry == "log_storage") { // TODO(bmahler): "log_storage" is present for backwards // compatibility, can be removed before 0.19.0. if (flags.work_dir.isNone()) { EXIT(EXIT_FAILURE) << "--work_dir needed for replicated log based registry"; } Try<Nothing> mkdir = os::mkdir(flags.work_dir.get()); if (mkdir.isError()) { EXIT(EXIT_FAILURE) << "Failed to create work directory '" << flags.work_dir.get() << "': " << mkdir.error(); } if (zk.isSome()) { // Use replicated log with ZooKeeper. if (flags.quorum.isNone()) { EXIT(EXIT_FAILURE) << "Need to specify --quorum for replicated log based" << " registry when using ZooKeeper"; } Try<zookeeper::URL> url = zookeeper::URL::parse(zk.get()); if (url.isError()) { EXIT(EXIT_FAILURE) << "Error parsing ZooKeeper URL: " << url.error(); } log = new Log( flags.quorum.get(), path::join(flags.work_dir.get(), "replicated_log"), url.get().servers, flags.zk_session_timeout, path::join(url.get().path, "log_replicas"), url.get().authentication, flags.log_auto_initialize); } else { // Use replicated log without ZooKeeper. log = new Log( 1, path::join(flags.work_dir.get(), "replicated_log"), set<UPID>(), flags.log_auto_initialize); } storage = new state::LogStorage(log); } else { EXIT(EXIT_FAILURE) << "'" << flags.registry << "' is not a supported" << " option for registry persistence"; } CHECK_NOTNULL(storage); state::protobuf::State* state = new state::protobuf::State(storage); Registrar* registrar = new Registrar(flags, state); Repairer* repairer = new Repairer(); Files files; MasterContender* contender; MasterDetector* detector; // TODO(vinod): 'MasterContender::create()' should take // Option<string>. Try<MasterContender*> contender_ = MasterContender::create(zk.get("")); if (contender_.isError()) { EXIT(EXIT_FAILURE) << "Failed to create a master contender: " << contender_.error(); } contender = contender_.get(); // TODO(vinod): 'MasterDetector::create()' should take // Option<string>. Try<MasterDetector*> detector_ = MasterDetector::create(zk.get("")); if (detector_.isError()) { EXIT(EXIT_FAILURE) << "Failed to create a master detector: " << detector_.error(); } detector = detector_.get(); Option<Authorizer*> authorizer = None(); if (flags.acls.isSome()) { Try<Owned<Authorizer>> create = Authorizer::create(flags.acls.get()); if (create.isError()) { EXIT(EXIT_FAILURE) << "Failed to initialize the authorizer: " << create.error() << " (see --acls flag)"; } // Now pull out the authorizer but need to make a copy since we // get a 'const &' from 'Try::get'. authorizer = Owned<Authorizer>(create.get()).release(); } Option<shared_ptr<RateLimiter>> slaveRemovalLimiter = None(); if (flags.slave_removal_rate_limit.isSome()) { // Parse the flag value. // TODO(vinod): Move this parsing logic to flags once we have a // 'Rate' abstraction in stout. vector<string> tokens = strings::tokenize(flags.slave_removal_rate_limit.get(), "/"); if (tokens.size() != 2) { EXIT(EXIT_FAILURE) << "Invalid slave_removal_rate_limit: " << flags.slave_removal_rate_limit.get() << ". Format is <Number of slaves>/<Duration>"; } Try<int> permits = numify<int>(tokens[0]); if (permits.isError()) { EXIT(EXIT_FAILURE) << "Invalid slave_removal_rate_limit: " << flags.slave_removal_rate_limit.get() << ". Format is <Number of slaves>/<Duration>" << ": " << permits.error(); } Try<Duration> duration = Duration::parse(tokens[1]); if (duration.isError()) { EXIT(EXIT_FAILURE) << "Invalid slave_removal_rate_limit: " << flags.slave_removal_rate_limit.get() << ". Format is <Number of slaves>/<Duration>" << ": " << duration.error(); } slaveRemovalLimiter = new RateLimiter(permits.get(), duration.get()); } if (flags.firewall_rules.isSome()) { vector<Owned<FirewallRule>> rules; const Firewall firewall = flags.firewall_rules.get(); if (firewall.has_disabled_endpoints()) { hashset<string> paths; foreach (const string& path, firewall.disabled_endpoints().paths()) { paths.insert(path); } rules.emplace_back(new DisabledEndpointsFirewallRule(paths)); }
int main(int argc, char** argv) { GOOGLE_PROTOBUF_VERIFY_VERSION; master::Flags flags; // The following flags are executable specific (e.g., since we only // have one instance of libprocess per execution, we only want to // advertise the IP and port option once, here). Option<string> ip; flags.add(&ip, "ip", "IP address to listen on"); uint16_t port; flags.add(&port, "port", "Port to listen on", MasterInfo().port()); Option<string> advertise_ip; flags.add(&advertise_ip, "advertise_ip", "IP address advertised to reach mesos master.\n" "Mesos master does not bind using this IP address.\n" "However, this IP address may be used to access Mesos master."); Option<string> advertise_port; flags.add(&advertise_port, "advertise_port", "Port advertised to reach mesos master (alongwith advertise_ip).\n" "Mesos master does not bind using this port.\n" "However, this port (alongwith advertise_ip) may be used to\n" "access Mesos master."); Option<string> zk; flags.add(&zk, "zk", "ZooKeeper URL (used for leader election amongst masters)\n" "May be one of:\n" " zk://host1:port1,host2:port2,.../path\n" " zk://username:password@host1:port1,host2:port2,.../path\n" " file:///path/to/file (where file contains one of the above)"); // Optional IP discover script that will set the Master IP. // If set, its output is expected to be a valid parseable IP string. Option<string> ip_discovery_command; flags.add(&ip_discovery_command, "ip_discovery_command", "Optional IP discovery binary: if set, it is expected to emit\n" "the IP address which Master will try to bind to.\n" "Cannot be used in conjunction with --ip."); Try<Nothing> load = flags.load("MESOS_", argc, argv); if (load.isError()) { cerr << flags.usage(load.error()) << endl; return EXIT_FAILURE; } if (flags.version) { version(); return EXIT_SUCCESS; } if (flags.help) { cout << flags.usage() << endl; return EXIT_SUCCESS; } // Initialize modules. Note that since other subsystems may depend // upon modules, we should initialize modules before anything else. if (flags.modules.isSome()) { Try<Nothing> result = ModuleManager::load(flags.modules.get()); if (result.isError()) { EXIT(EXIT_FAILURE) << "Error loading modules: " << result.error(); } } // Initialize hooks. if (flags.hooks.isSome()) { Try<Nothing> result = HookManager::initialize(flags.hooks.get()); if (result.isError()) { EXIT(EXIT_FAILURE) << "Error installing hooks: " << result.error(); } } if (ip_discovery_command.isSome() && ip.isSome()) { EXIT(EXIT_FAILURE) << flags.usage( "Only one of --ip or --ip_discovery_command should be specified"); } if (ip_discovery_command.isSome()) { Try<string> ipAddress = os::shell(ip_discovery_command.get()); if (ipAddress.isError()) { EXIT(EXIT_FAILURE) << ipAddress.error(); } os::setenv("LIBPROCESS_IP", strings::trim(ipAddress.get())); } else if (ip.isSome()) { os::setenv("LIBPROCESS_IP", ip.get()); } os::setenv("LIBPROCESS_PORT", stringify(port)); if (advertise_ip.isSome()) { os::setenv("LIBPROCESS_ADVERTISE_IP", advertise_ip.get()); } if (advertise_port.isSome()) { os::setenv("LIBPROCESS_ADVERTISE_PORT", advertise_port.get()); } // Initialize libprocess. process::initialize("master"); logging::initialize(argv[0], flags, true); // Catch signals. LOG(INFO) << "Build: " << build::DATE << " by " << build::USER; LOG(INFO) << "Version: " << MESOS_VERSION; if (build::GIT_TAG.isSome()) { LOG(INFO) << "Git tag: " << build::GIT_TAG.get(); } if (build::GIT_SHA.isSome()) { LOG(INFO) << "Git SHA: " << build::GIT_SHA.get(); } // Create an instance of allocator. const std::string allocatorName = flags.allocator; Try<Allocator*> allocator = Allocator::create(allocatorName); if (allocator.isError()) { EXIT(EXIT_FAILURE) << "Failed to create '" << allocatorName << "' allocator: " << allocator.error(); } CHECK_NOTNULL(allocator.get()); LOG(INFO) << "Using '" << allocatorName << "' allocator"; state::Storage* storage = NULL; Log* log = NULL; if (flags.registry == "in_memory") { if (flags.registry_strict) { EXIT(EXIT_FAILURE) << "Cannot use '--registry_strict' when using in-memory storage" << " based registry"; } storage = new state::InMemoryStorage(); } else if (flags.registry == "replicated_log" || flags.registry == "log_storage") { // TODO(bmahler): "log_storage" is present for backwards // compatibility, can be removed before 0.19.0. if (flags.work_dir.isNone()) { EXIT(EXIT_FAILURE) << "--work_dir needed for replicated log based registry"; } Try<Nothing> mkdir = os::mkdir(flags.work_dir.get()); if (mkdir.isError()) { EXIT(EXIT_FAILURE) << "Failed to create work directory '" << flags.work_dir.get() << "': " << mkdir.error(); } if (zk.isSome()) { // Use replicated log with ZooKeeper. if (flags.quorum.isNone()) { EXIT(EXIT_FAILURE) << "Need to specify --quorum for replicated log based" << " registry when using ZooKeeper"; } Try<zookeeper::URL> url = zookeeper::URL::parse(zk.get()); if (url.isError()) { EXIT(EXIT_FAILURE) << "Error parsing ZooKeeper URL: " << url.error(); } log = new Log( flags.quorum.get(), path::join(flags.work_dir.get(), "replicated_log"), url.get().servers, flags.zk_session_timeout, path::join(url.get().path, "log_replicas"), url.get().authentication, flags.log_auto_initialize); } else { // Use replicated log without ZooKeeper. log = new Log( 1, path::join(flags.work_dir.get(), "replicated_log"), set<UPID>(), flags.log_auto_initialize); } storage = new state::LogStorage(log); } else { EXIT(EXIT_FAILURE) << "'" << flags.registry << "' is not a supported" << " option for registry persistence"; } CHECK_NOTNULL(storage); state::protobuf::State* state = new state::protobuf::State(storage); Registrar* registrar = new Registrar(flags, state); Repairer* repairer = new Repairer(); Files files; MasterContender* contender; MasterDetector* detector; // TODO(vinod): 'MasterContender::create()' should take // Option<string>. Try<MasterContender*> contender_ = MasterContender::create(zk.getOrElse("")); if (contender_.isError()) { EXIT(EXIT_FAILURE) << "Failed to create a master contender: " << contender_.error(); } contender = contender_.get(); // TODO(vinod): 'MasterDetector::create()' should take // Option<string>. Try<MasterDetector*> detector_ = MasterDetector::create(zk.getOrElse("")); if (detector_.isError()) { EXIT(EXIT_FAILURE) << "Failed to create a master detector: " << detector_.error(); } detector = detector_.get(); Option<Authorizer*> authorizer = None(); auto authorizerNames = strings::split(flags.authorizers, ","); if (authorizerNames.empty()) { EXIT(EXIT_FAILURE) << "No authorizer specified"; } if (authorizerNames.size() > 1) { EXIT(EXIT_FAILURE) << "Multiple authorizers not supported"; } std::string authorizerName = authorizerNames[0]; // NOTE: The flag --authorizers overrides the flag --acls, i.e. if // a non default authorizer is requested, it will be used and // the contents of --acls will be ignored. // TODO(arojas): Add support for multiple authorizers. if (authorizerName != master::DEFAULT_AUTHORIZER || flags.acls.isSome()) { Try<Authorizer*> create = Authorizer::create(authorizerName); if (create.isError()) { EXIT(EXIT_FAILURE) << "Could not create '" << authorizerName << "' authorizer: " << create.error(); } authorizer = create.get(); LOG(INFO) << "Using '" << authorizerName << "' authorizer"; if (authorizerName == master::DEFAULT_AUTHORIZER) { Try<Nothing> initialize = authorizer.get()->initialize(flags.acls.get()); if (initialize.isError()) { // Failing to initialize the authorizer leads to undefined // behavior, therefore we default to skip authorization // altogether. LOG(WARNING) << "Authorization disabled: Failed to initialize '" << authorizerName << "' authorizer: " << initialize.error(); delete authorizer.get(); authorizer = None(); } } else if (flags.acls.isSome()) { LOG(WARNING) << "Ignoring contents of --acls flag, because '" << authorizerName << "' authorizer will be used instead " << " of the default."; } } Option<shared_ptr<RateLimiter>> slaveRemovalLimiter = None(); if (flags.slave_removal_rate_limit.isSome()) { // Parse the flag value. // TODO(vinod): Move this parsing logic to flags once we have a // 'Rate' abstraction in stout. vector<string> tokens = strings::tokenize(flags.slave_removal_rate_limit.get(), "/"); if (tokens.size() != 2) { EXIT(EXIT_FAILURE) << "Invalid slave_removal_rate_limit: " << flags.slave_removal_rate_limit.get() << ". Format is <Number of slaves>/<Duration>"; } Try<int> permits = numify<int>(tokens[0]); if (permits.isError()) { EXIT(EXIT_FAILURE) << "Invalid slave_removal_rate_limit: " << flags.slave_removal_rate_limit.get() << ". Format is <Number of slaves>/<Duration>" << ": " << permits.error(); } Try<Duration> duration = Duration::parse(tokens[1]); if (duration.isError()) { EXIT(EXIT_FAILURE) << "Invalid slave_removal_rate_limit: " << flags.slave_removal_rate_limit.get() << ". Format is <Number of slaves>/<Duration>" << ": " << duration.error(); } slaveRemovalLimiter = new RateLimiter(permits.get(), duration.get()); } if (flags.firewall_rules.isSome()) { vector<Owned<FirewallRule>> rules; const Firewall firewall = flags.firewall_rules.get(); if (firewall.has_disabled_endpoints()) { hashset<string> paths; foreach (const string& path, firewall.disabled_endpoints().paths()) { paths.insert(path); } rules.emplace_back(new DisabledEndpointsFirewallRule(paths)); }
int main(int argc, char** argv) { // The order of initialization is as follows: // * Windows socket stack. // * Validate flags. // * Log build information. // * Libprocess // * Logging // * Version process // * Firewall rules: should be initialized before initializing HTTP endpoints. // * Modules: Load module libraries and manifests before they // can be instantiated. // * Anonymous modules: Later components such as Allocators, and master // contender/detector might depend upon anonymous modules. // * Hooks. // * Systemd support (if it exists). // * Fetcher and Containerizer. // * Master detector. // * Authorizer. // * Garbage collector. // * Status update manager. // * Resource estimator. // * QoS controller. // * `Agent` process. // // TODO(avinash): Add more comments discussing the rationale behind for this // particular component ordering. #ifdef __WINDOWS__ // Initialize the Windows socket stack. process::Winsock winsock; #endif GOOGLE_PROTOBUF_VERIFY_VERSION; slave::Flags flags; // The following flags are executable specific (e.g., since we only // have one instance of libprocess per execution, we only want to // advertise the IP and port option once, here). Option<string> ip; flags.add(&ip, "ip", "IP address to listen on. This cannot be used in conjunction\n" "with `--ip_discovery_command`."); uint16_t port; flags.add(&port, "port", "Port to listen on.", SlaveInfo().port()); Option<string> advertise_ip; flags.add(&advertise_ip, "advertise_ip", "IP address advertised to reach this Mesos agent.\n" "The agent does not bind to this IP address.\n" "However, this IP address may be used to access this agent."); Option<string> advertise_port; flags.add(&advertise_port, "advertise_port", "Port advertised to reach this Mesos agent (along with\n" "`advertise_ip`). The agent does not bind to this port.\n" "However, this port (along with `advertise_ip`) may be used to\n" "access this agent."); Option<string> master; flags.add(&master, "master", "May be one of:\n" " `host:port`\n" " `zk://host1:port1,host2:port2,.../path`\n" " `zk://username:password@host1:port1,host2:port2,.../path`\n" " `file:///path/to/file` (where file contains one of the above)"); // Optional IP discover script that will set the slave's IP. // If set, its output is expected to be a valid parseable IP string. Option<string> ip_discovery_command; flags.add(&ip_discovery_command, "ip_discovery_command", "Optional IP discovery binary: if set, it is expected to emit\n" "the IP address which the agent will try to bind to.\n" "Cannot be used in conjunction with `--ip`."); Try<flags::Warnings> load = flags.load("MESOS_", argc, argv); // TODO(marco): this pattern too should be abstracted away // in FlagsBase; I have seen it at least 15 times. if (load.isError()) { cerr << flags.usage(load.error()) << endl; return EXIT_FAILURE; } if (flags.help) { cout << flags.usage() << endl; return EXIT_SUCCESS; } if (flags.version) { cout << "mesos" << " " << MESOS_VERSION << endl; return EXIT_SUCCESS; } if (master.isNone() && flags.master_detector.isNone()) { cerr << flags.usage("Missing required option `--master` or " "`--master_detector`.") << endl; return EXIT_FAILURE; } if (master.isSome() && flags.master_detector.isSome()) { cerr << flags.usage("Only one of --master or --master_detector options " "should be specified."); return EXIT_FAILURE; } // Initialize libprocess. if (ip_discovery_command.isSome() && ip.isSome()) { EXIT(EXIT_FAILURE) << flags.usage( "Only one of `--ip` or `--ip_discovery_command` should be specified"); } if (ip_discovery_command.isSome()) { Try<string> ipAddress = os::shell(ip_discovery_command.get()); if (ipAddress.isError()) { EXIT(EXIT_FAILURE) << ipAddress.error(); } os::setenv("LIBPROCESS_IP", strings::trim(ipAddress.get())); } else if (ip.isSome()) { os::setenv("LIBPROCESS_IP", ip.get()); } os::setenv("LIBPROCESS_PORT", stringify(port)); if (advertise_ip.isSome()) { os::setenv("LIBPROCESS_ADVERTISE_IP", advertise_ip.get()); } if (advertise_port.isSome()) { os::setenv("LIBPROCESS_ADVERTISE_PORT", advertise_port.get()); } // Log build information. LOG(INFO) << "Build: " << build::DATE << " by " << build::USER; LOG(INFO) << "Version: " << MESOS_VERSION; if (build::GIT_TAG.isSome()) { LOG(INFO) << "Git tag: " << build::GIT_TAG.get(); } if (build::GIT_SHA.isSome()) { LOG(INFO) << "Git SHA: " << build::GIT_SHA.get(); } const string id = process::ID::generate("slave"); // Process ID. // If `process::initialize()` returns `false`, then it was called before this // invocation, meaning the authentication realm for libprocess-level HTTP // endpoints was set incorrectly. This should be the first invocation. if (!process::initialize(id, DEFAULT_HTTP_AUTHENTICATION_REALM)) { EXIT(EXIT_FAILURE) << "The call to `process::initialize()` in the agent's " << "`main()` was not the function's first invocation"; } logging::initialize(argv[0], flags, true); // Catch signals. // Log any flag warnings (after logging is initialized). foreach (const flags::Warning& warning, load->warnings) { LOG(WARNING) << warning.message; } spawn(new VersionProcess(), true); if (flags.firewall_rules.isSome()) { vector<Owned<FirewallRule>> rules; const Firewall firewall = flags.firewall_rules.get(); if (firewall.has_disabled_endpoints()) { hashset<string> paths; foreach (const string& path, firewall.disabled_endpoints().paths()) { paths.insert(path); } rules.emplace_back(new DisabledEndpointsFirewallRule(paths)); }
int main(int argc, char** argv) { GOOGLE_PROTOBUF_VERIFY_VERSION; master::Flags flags; // The following flags are executable specific (e.g., since we only // have one instance of libprocess per execution, we only want to // advertise the IP and port option once, here). Option<string> ip; flags.add(&ip, "ip", "IP address to listen on"); uint16_t port; flags.add(&port, "port", "Port to listen on", MasterInfo().port()); Option<string> zk; flags.add(&zk, "zk", "ZooKeeper URL (used for leader election amongst masters)\n" "May be one of:\n" " zk://host1:port1,host2:port2,.../path\n" " zk://username:password@host1:port1,host2:port2,.../path\n" " file://path/to/file (where file contains one of the above)"); bool help; flags.add(&help, "help", "Prints this help message", false); Try<Nothing> load = flags.load("MESOS_", argc, argv); if (load.isError()) { cerr << load.error() << endl; usage(argv[0], flags); exit(1); } if (flags.version) { version(); exit(0); } if (help) { usage(argv[0], flags); exit(1); } // Initialize libprocess. if (ip.isSome()) { os::setenv("LIBPROCESS_IP", ip.get()); } os::setenv("LIBPROCESS_PORT", stringify(port)); process::initialize("master"); logging::initialize(argv[0], flags, true); // Catch signals. LOG(INFO) << "Build: " << build::DATE << " by " << build::USER; LOG(INFO) << "Version: " << MESOS_VERSION; if (build::GIT_TAG.isSome()) { LOG(INFO) << "Git tag: " << build::GIT_TAG.get(); } if (build::GIT_SHA.isSome()) { LOG(INFO) << "Git SHA: " << build::GIT_SHA.get(); } allocator::AllocatorProcess* allocatorProcess = new allocator::HierarchicalDRFAllocatorProcess(); allocator::Allocator* allocator = new allocator::Allocator(allocatorProcess); state::Storage* storage = NULL; Log* log = NULL; if (flags.registry == "in_memory") { if (flags.registry_strict) { EXIT(1) << "Cannot use '--registry_strict' when using in-memory storage" << " based registry"; } storage = new state::InMemoryStorage(); } else if (flags.registry == "replicated_log" || flags.registry == "log_storage") { // TODO(bmahler): "log_storage" is present for backwards // compatibility, can be removed before 0.19.0. if (flags.work_dir.isNone()) { EXIT(1) << "--work_dir needed for replicated log based registry"; } if (zk.isSome()) { // Use replicated log with ZooKeeper. if (flags.quorum.isNone()) { EXIT(1) << "Need to specify --quorum for replicated log based registry" << " when using ZooKeeper"; } // TODO(vinod): Add support for "--zk=file://". Try<URL> url = URL::parse(zk.get()); if (url.isError()) { EXIT(1) << "Error parsing ZooKeeper URL: " << url.error(); } log = new Log( flags.quorum.get(), path::join(flags.work_dir.get(), "replicated_log"), url.get().servers, flags.zk_session_timeout, path::join(url.get().path, "log_replicas"), url.get().authentication, flags.log_auto_initialize); } else { // Use replicated log without ZooKeeper. log = new Log( 1, path::join(flags.work_dir.get(), "replicated_log"), set<UPID>(), flags.log_auto_initialize); } storage = new state::LogStorage(log); } else { EXIT(1) << "'" << flags.registry << "' is not a supported" << " option for registry persistence"; } CHECK_NOTNULL(storage); state::protobuf::State* state = new state::protobuf::State(storage); Registrar* registrar = new Registrar(flags, state); Repairer* repairer = new Repairer(); Files files; MasterContender* contender; MasterDetector* detector; // TODO(vinod): 'MasterContender::create()' should take // Option<string>. Try<MasterContender*> contender_ = MasterContender::create(zk.get("")); if (contender_.isError()) { EXIT(1) << "Failed to create a master contender: " << contender_.error(); } contender = contender_.get(); // TODO(vinod): 'MasterDetector::create()' should take // Option<string>. Try<MasterDetector*> detector_ = MasterDetector::create(zk.get("")); if (detector_.isError()) { EXIT(1) << "Failed to create a master detector: " << detector_.error(); } detector = detector_.get(); LOG(INFO) << "Starting Mesos master"; Master* master = new Master( allocator, registrar, repairer, &files, contender, detector, flags); if (zk.isNone()) { // It means we are using the standalone detector so we need to // appoint this Master as the leader. dynamic_cast<StandaloneMasterDetector*>(detector)->appoint(master->info()); } process::spawn(master); process::wait(master->self()); delete master; delete allocator; delete allocatorProcess; delete registrar; delete repairer; delete state; delete storage; delete log; delete contender; delete detector; return 0; }
int main(int argc, char** argv) { GOOGLE_PROTOBUF_VERIFY_VERSION; slave::Flags flags; // The following flags are executable specific (e.g., since we only // have one instance of libprocess per execution, we only want to // advertise the IP and port option once, here). Option<string> ip; flags.add(&ip, "ip", "IP address to listen on"); uint16_t port; flags.add(&port, "port", "Port to listen on", SlaveInfo().port()); string isolation; flags.add(&isolation, "isolation", "Isolation mechanism, may be one of: process, cgroups", "process"); Option<string> master; flags.add(&master, "master", "May be one of:\n" " zk://host1:port1,host2:port2,.../path\n" " zk://username:password@host1:port1,host2:port2,.../path\n" " file://path/to/file (where file contains one of the above)"); bool help; flags.add(&help, "help", "Prints this help message", false); Try<Nothing> load = flags.load("MESOS_", argc, argv); if (load.isError()) { cerr << load.error() << endl; usage(argv[0], flags); exit(1); } if (help) { usage(argv[0], flags); exit(1); } if (master.isNone()) { cerr << "Missing required option --master" << endl; exit(1); } // Initialize libprocess. if (ip.isSome()) { os::setenv("LIBPROCESS_IP", ip.get()); } os::setenv("LIBPROCESS_PORT", stringify(port)); process::initialize(); logging::initialize(argv[0], flags, true); // Catch signals. LOG(INFO) << "Creating \"" << isolation << "\" isolator"; Isolator* isolator = Isolator::create(isolation); if (isolator == NULL) { cerr << "Unrecognized isolation type: " << isolation << endl; exit(1); } LOG(INFO) << "Build: " << build::DATE << " by " << build::USER; LOG(INFO) << "Starting Mesos slave"; Try<MasterDetector*> detector = MasterDetector::create(master.get()); CHECK_SOME(detector) << "Failed to create a master detector"; Files files; Slave* slave = new Slave(flags, false, detector.get(), isolator, &files); process::spawn(slave); process::wait(slave->self()); delete slave; delete detector.get(); Isolator::destroy(isolator); return 0; }
int main(int argc, char** argv) { // The order of initialization of various master components is as follows: // * Validate flags. // * Log build information. // * Libprocess. // * Logging. // * Version process. // * Firewall rules: should be initialized before initializing HTTP endpoints. // * Modules: Load module libraries and manifests before they // can be instantiated. // * Anonymous modules: Later components such as Allocators, and master // contender/detector might depend upon anonymous modules. // * Hooks. // * Allocator. // * Registry storage. // * State. // * Master contendor. // * Master detector. // * Authorizer. // * Slave removal rate limiter. // * `Master` process. // // TODO(avinash): Add more comments discussing the rationale behind for this // particular component ordering. GOOGLE_PROTOBUF_VERIFY_VERSION; master::Flags flags; // The following flags are executable specific (e.g., since we only // have one instance of libprocess per execution, we only want to // advertise the IP and port option once, here). Option<string> ip; flags.add(&ip, "ip", "IP address to listen on. This cannot be used in conjunction\n" "with `--ip_discovery_command`."); uint16_t port; flags.add(&port, "port", "Port to listen on.", MasterInfo().port()); Option<string> advertise_ip; flags.add(&advertise_ip, "advertise_ip", "IP address advertised to reach this Mesos master.\n" "The master does not bind using this IP address.\n" "However, this IP address may be used to access this master."); Option<string> advertise_port; flags.add(&advertise_port, "advertise_port", "Port advertised to reach Mesos master (along with\n" "`advertise_ip`). The master does not bind to this port.\n" "However, this port (along with `advertise_ip`) may be used to\n" "access this master."); Option<string> zk; flags.add(&zk, "zk", "ZooKeeper URL (used for leader election amongst masters)\n" "May be one of:\n" " `zk://host1:port1,host2:port2,.../path`\n" " `zk://username:password@host1:port1,host2:port2,.../path`\n" " `file:///path/to/file` (where file contains one of the above)\n" "NOTE: Not required if master is run in standalone mode (non-HA)."); // Optional IP discover script that will set the Master IP. // If set, its output is expected to be a valid parseable IP string. Option<string> ip_discovery_command; flags.add(&ip_discovery_command, "ip_discovery_command", "Optional IP discovery binary: if set, it is expected to emit\n" "the IP address which the master will try to bind to.\n" "Cannot be used in conjunction with `--ip`."); Try<flags::Warnings> load = flags.load("MESOS_", argc, argv); if (load.isError()) { cerr << flags.usage(load.error()) << endl; return EXIT_FAILURE; } if (flags.version) { cout << "mesos" << " " << MESOS_VERSION << endl; return EXIT_SUCCESS; } if (flags.help) { cout << flags.usage() << endl; return EXIT_SUCCESS; } if (ip_discovery_command.isSome() && ip.isSome()) { EXIT(EXIT_FAILURE) << flags.usage( "Only one of `--ip` or `--ip_discovery_command` should be specified"); } if (ip_discovery_command.isSome()) { Try<string> ipAddress = os::shell(ip_discovery_command.get()); if (ipAddress.isError()) { EXIT(EXIT_FAILURE) << ipAddress.error(); } os::setenv("LIBPROCESS_IP", strings::trim(ipAddress.get())); } else if (ip.isSome()) { os::setenv("LIBPROCESS_IP", ip.get()); } os::setenv("LIBPROCESS_PORT", stringify(port)); if (advertise_ip.isSome()) { os::setenv("LIBPROCESS_ADVERTISE_IP", advertise_ip.get()); } if (advertise_port.isSome()) { os::setenv("LIBPROCESS_ADVERTISE_PORT", advertise_port.get()); } if (zk.isNone()) { if (flags.master_contender.isSome() ^ flags.master_detector.isSome()) { EXIT(EXIT_FAILURE) << flags.usage("Both --master_contender and --master_detector should " "be specified or omitted."); } } else { if (flags.master_contender.isSome() || flags.master_detector.isSome()) { EXIT(EXIT_FAILURE) << flags.usage("Only one of --zk or the " "--master_contender/--master_detector " "pair should be specified."); } } // Log build information. LOG(INFO) << "Build: " << build::DATE << " by " << build::USER; LOG(INFO) << "Version: " << MESOS_VERSION; if (build::GIT_TAG.isSome()) { LOG(INFO) << "Git tag: " << build::GIT_TAG.get(); } if (build::GIT_SHA.isSome()) { LOG(INFO) << "Git SHA: " << build::GIT_SHA.get(); } // This should be the first invocation of `process::initialize`. If it returns // `false`, then it has already been called, which means that the // authentication realm for libprocess-level HTTP endpoints was not set to the // correct value for the master. if (!process::initialize( "master", READWRITE_HTTP_AUTHENTICATION_REALM, READONLY_HTTP_AUTHENTICATION_REALM)) { EXIT(EXIT_FAILURE) << "The call to `process::initialize()` in the master's " << "`main()` was not the function's first invocation"; } logging::initialize(argv[0], flags, true); // Catch signals. // Log any flag warnings (after logging is initialized). foreach (const flags::Warning& warning, load->warnings) { LOG(WARNING) << warning.message; } spawn(new VersionProcess(), true); // Initialize firewall rules. if (flags.firewall_rules.isSome()) { vector<Owned<FirewallRule>> rules; const Firewall firewall = flags.firewall_rules.get(); if (firewall.has_disabled_endpoints()) { hashset<string> paths; foreach (const string& path, firewall.disabled_endpoints().paths()) { paths.insert(path); } rules.emplace_back(new DisabledEndpointsFirewallRule(paths)); }
int main(int argc, char** argv) { GOOGLE_PROTOBUF_VERIFY_VERSION; master::Flags flags; // The following flags are executable specific (e.g., since we only // have one instance of libprocess per execution, we only want to // advertise the IP and port option once, here). Option<string> ip; flags.add(&ip, "ip", "IP address to listen on"); uint16_t port; flags.add(&port, "port", "Port to listen on", MasterInfo().port()); string zk; flags.add(&zk, "zk", "ZooKeeper URL (used for leader election amongst masters)\n" "May be one of:\n" " zk://host1:port1,host2:port2,.../path\n" " zk://username:password@host1:port1,host2:port2,.../path\n" " file://path/to/file (where file contains one of the above)", ""); bool help; flags.add(&help, "help", "Prints this help message", false); Try<Nothing> load = flags.load("MESOS_", argc, argv); if (load.isError()) { cerr << load.error() << endl; usage(argv[0], flags); exit(1); } if (help) { usage(argv[0], flags); exit(1); } // Initialize libprocess. if (ip.isSome()) { os::setenv("LIBPROCESS_IP", ip.get()); } os::setenv("LIBPROCESS_PORT", stringify(port)); process::initialize("master"); logging::initialize(argv[0], flags, true); // Catch signals. LOG(INFO) << "Build: " << build::DATE << " by " << build::USER; LOG(INFO) << "Starting Mesos master"; allocator::AllocatorProcess* allocatorProcess = new allocator::HierarchicalDRFAllocatorProcess(); allocator::Allocator* allocator = new allocator::Allocator(allocatorProcess); state::Storage* storage = NULL; if (strings::startsWith(flags.registry, "zk://")) { // TODO(benh): EXIT(1) << "ZooKeeper based registry unimplemented"; } else if (flags.registry == "local") { storage = new state::LevelDBStorage(path::join(flags.work_dir, "registry")); } else { EXIT(1) << "'" << flags.registry << "' is not a supported" << " option for registry persistence"; } CHECK_NOTNULL(storage); state::protobuf::State* state = new state::protobuf::State(storage); Registrar* registrar = new Registrar(state); Files files; Master* master = new Master(allocator, registrar, &files, flags); process::spawn(master); Try<MasterDetector*> detector = MasterDetector::create(zk, master->self(), true, flags.quiet); CHECK_SOME(detector) << "Failed to create a master detector"; process::wait(master->self()); delete master; delete allocator; delete allocatorProcess; delete registrar; delete state; delete storage; MasterDetector::destroy(detector.get()); return 0; }
int main(int argc, char** argv) { GOOGLE_PROTOBUF_VERIFY_VERSION; slave::Flags flags; // The following flags are executable specific (e.g., since we only // have one instance of libprocess per execution, we only want to // advertise the IP and port option once, here). Option<string> ip; flags.add(&ip, "ip", "IP address to listen on"); uint16_t port; flags.add(&port, "port", "Port to listen on", SlaveInfo().port()); Option<string> master; flags.add(&master, "master", "May be one of:\n" " zk://host1:port1,host2:port2,.../path\n" " zk://username:password@host1:port1,host2:port2,.../path\n" " file:///path/to/file (where file contains one of the above)"); bool help; flags.add(&help, "help", "Prints this help message", false); Try<Nothing> load = flags.load("MESOS_", argc, argv); if (load.isError()) { cerr << load.error() << endl; usage(argv[0], flags); EXIT(1); } if (help) { usage(argv[0], flags); EXIT(1); } if (flags.version) { version(); exit(0); } if (master.isNone()) { EXIT(1) << "Missing required option --master"; } // Initialize modules. Note that since other subsystems may depend // upon modules, we should initialize modules before anything else. if (flags.modules.isSome()) { Try<Nothing> result = ModuleManager::load(flags.modules.get()); if (result.isError()) { EXIT(1) << "Error loading modules: " << result.error(); } } // Initialize libprocess. if (ip.isSome()) { os::setenv("LIBPROCESS_IP", ip.get()); } os::setenv("LIBPROCESS_PORT", stringify(port)); process::initialize("slave(1)"); logging::initialize(argv[0], flags, true); // Catch signals. LOG(INFO) << "Build: " << build::DATE << " by " << build::USER; LOG(INFO) << "Version: " << MESOS_VERSION; if (build::GIT_TAG.isSome()) { LOG(INFO) << "Git tag: " << build::GIT_TAG.get(); } if (build::GIT_SHA.isSome()) { LOG(INFO) << "Git SHA: " << build::GIT_SHA.get(); } Try<Containerizer*> containerizer = Containerizer::create(flags, false); if (containerizer.isError()) { EXIT(1) << "Failed to create a containerizer: " << containerizer.error(); } Try<MasterDetector*> detector = MasterDetector::create(master.get()); if (detector.isError()) { EXIT(1) << "Failed to create a master detector: " << detector.error(); } LOG(INFO) << "Starting Mesos slave"; Files files; GarbageCollector gc; StatusUpdateManager statusUpdateManager(flags); Slave* slave = new Slave( flags, detector.get(), containerizer.get(), &files, &gc, &statusUpdateManager); process::spawn(slave); process::wait(slave->self()); delete slave; delete detector.get(); delete containerizer.get(); return 0; }
int main(int argc, char** argv) { GOOGLE_PROTOBUF_VERIFY_VERSION; slave::Flags flags; // The following flags are executable specific (e.g., since we only // have one instance of libprocess per execution, we only want to // advertise the IP and port option once, here). Option<string> ip; flags.add(&ip, "ip", "IP address to listen on"); uint16_t port; flags.add(&port, "port", "Port to listen on", SlaveInfo().port()); Option<string> master; flags.add(&master, "master", "May be one of:\n" " zk://host1:port1,host2:port2,.../path\n" " zk://username:password@host1:port1,host2:port2,.../path\n" " file:///path/to/file (where file contains one of the above)"); Try<Nothing> load = flags.load("MESOS_", argc, argv); // TODO(marco): this pattern too should be abstracted away // in FlagsBase; I have seen it at least 15 times. if (load.isError()) { cerr << flags.usage(load.error()) << endl; return EXIT_FAILURE; } if (flags.help) { cout << flags.usage() << endl; return EXIT_SUCCESS; } if (flags.version) { version(); return EXIT_SUCCESS; } if (master.isNone()) { cerr << flags.usage("Missing required option --master") << endl; return EXIT_FAILURE; } // Initialize modules. Note that since other subsystems may depend // upon modules, we should initialize modules before anything else. if (flags.modules.isSome()) { Try<Nothing> result = ModuleManager::load(flags.modules.get()); if (result.isError()) { EXIT(EXIT_FAILURE) << "Error loading modules: " << result.error(); } } // Initialize hooks. if (flags.hooks.isSome()) { Try<Nothing> result = HookManager::initialize(flags.hooks.get()); if (result.isError()) { EXIT(EXIT_FAILURE) << "Error installing hooks: " << result.error(); } } // Initialize libprocess. if (ip.isSome()) { os::setenv("LIBPROCESS_IP", ip.get()); } os::setenv("LIBPROCESS_PORT", stringify(port)); process::initialize("slave(1)"); logging::initialize(argv[0], flags, true); // Catch signals. LOG(INFO) << "Build: " << build::DATE << " by " << build::USER; LOG(INFO) << "Version: " << MESOS_VERSION; if (build::GIT_TAG.isSome()) { LOG(INFO) << "Git tag: " << build::GIT_TAG.get(); } if (build::GIT_SHA.isSome()) { LOG(INFO) << "Git SHA: " << build::GIT_SHA.get(); } Fetcher fetcher; Try<Containerizer*> containerizer = Containerizer::create(flags, false, &fetcher); if (containerizer.isError()) { EXIT(EXIT_FAILURE) << "Failed to create a containerizer: " << containerizer.error(); } Try<MasterDetector*> detector = MasterDetector::create(master.get()); if (detector.isError()) { EXIT(EXIT_FAILURE) << "Failed to create a master detector: " << detector.error(); } if (flags.firewall_rules.isSome()) { vector<Owned<FirewallRule>> rules; const Firewall firewall = flags.firewall_rules.get(); if (firewall.has_disabled_endpoints()) { hashset<string> paths; foreach (const string& path, firewall.disabled_endpoints().paths()) { paths.insert(path); } rules.emplace_back(new DisabledEndpointsFirewallRule(paths)); }
int main(int argc, char** argv) { GOOGLE_PROTOBUF_VERIFY_VERSION; slave::Flags flags; // The following flags are executable specific (e.g., since we only // have one instance of libprocess per execution, we only want to // advertise the IP and port option once, here). Option<string> ip; flags.add(&ip, "ip", "IP address to listen on. This cannot be used in conjunction\n" "with `--ip_discovery_command`."); uint16_t port; flags.add(&port, "port", "Port to listen on.", SlaveInfo().port()); Option<string> advertise_ip; flags.add(&advertise_ip, "advertise_ip", "IP address advertised to reach this Mesos agent.\n" "The agent does not bind to this IP address.\n" "However, this IP address may be used to access this agent."); Option<string> advertise_port; flags.add(&advertise_port, "advertise_port", "Port advertised to reach this Mesos agent (along with\n" "`advertise_ip`). The agent does not bind to this port.\n" "However, this port (along with `advertise_ip`) may be used to\n" "access this agent."); Option<string> master; flags.add(&master, "master", "May be one of:\n" " `host:port`\n" " `zk://host1:port1,host2:port2,.../path`\n" " `zk://username:password@host1:port1,host2:port2,.../path`\n" " `file:///path/to/file` (where file contains one of the above)"); // Optional IP discover script that will set the slave's IP. // If set, its output is expected to be a valid parseable IP string. Option<string> ip_discovery_command; flags.add(&ip_discovery_command, "ip_discovery_command", "Optional IP discovery binary: if set, it is expected to emit\n" "the IP address which the agent will try to bind to.\n" "Cannot be used in conjunction with `--ip`."); Try<Nothing> load = flags.load("MESOS_", argc, argv); // TODO(marco): this pattern too should be abstracted away // in FlagsBase; I have seen it at least 15 times. if (load.isError()) { cerr << flags.usage(load.error()) << endl; return EXIT_FAILURE; } if (flags.help) { cout << flags.usage() << endl; return EXIT_SUCCESS; } if (flags.version) { version(); return EXIT_SUCCESS; } if (master.isNone() && flags.master_detector.isNone()) { cerr << flags.usage("Missing required option `--master` or " "`--master_detector`.") << endl; return EXIT_FAILURE; } if (master.isSome() && flags.master_detector.isSome()) { cerr << flags.usage("Only one of --master or --master_detector options " "should be specified."); return EXIT_FAILURE; } // Initialize libprocess. if (ip_discovery_command.isSome() && ip.isSome()) { EXIT(EXIT_FAILURE) << flags.usage( "Only one of `--ip` or `--ip_discovery_command` should be specified"); } if (ip_discovery_command.isSome()) { Try<string> ipAddress = os::shell(ip_discovery_command.get()); if (ipAddress.isError()) { EXIT(EXIT_FAILURE) << ipAddress.error(); } os::setenv("LIBPROCESS_IP", strings::trim(ipAddress.get())); } else if (ip.isSome()) { os::setenv("LIBPROCESS_IP", ip.get()); } os::setenv("LIBPROCESS_PORT", stringify(port)); if (advertise_ip.isSome()) { os::setenv("LIBPROCESS_ADVERTISE_IP", advertise_ip.get()); } if (advertise_port.isSome()) { os::setenv("LIBPROCESS_ADVERTISE_PORT", advertise_port.get()); } const string id = process::ID::generate("slave"); // Process ID. // If `process::initialize()` returns `false`, then it was called before this // invocation, meaning the authentication realm for libprocess-level HTTP // endpoints was set incorrectly. This should be the first invocation. if (!process::initialize(id, DEFAULT_HTTP_AUTHENTICATION_REALM)) { EXIT(EXIT_FAILURE) << "The call to `process::initialize()` in the agent's " << "`main()` was not the function's first invocation"; } logging::initialize(argv[0], flags, true); // Catch signals. // Initialize modules. Note that since other subsystems may depend // upon modules, we should initialize modules before anything else. if (flags.modules.isSome()) { Try<Nothing> result = ModuleManager::load(flags.modules.get()); if (result.isError()) { EXIT(EXIT_FAILURE) << "Error loading modules: " << result.error(); } } // Initialize hooks. if (flags.hooks.isSome()) { Try<Nothing> result = HookManager::initialize(flags.hooks.get()); if (result.isError()) { EXIT(EXIT_FAILURE) << "Error installing hooks: " << result.error(); } } spawn(new VersionProcess(), true); LOG(INFO) << "Build: " << build::DATE << " by " << build::USER; LOG(INFO) << "Version: " << MESOS_VERSION; if (build::GIT_TAG.isSome()) { LOG(INFO) << "Git tag: " << build::GIT_TAG.get(); } if (build::GIT_SHA.isSome()) { LOG(INFO) << "Git SHA: " << build::GIT_SHA.get(); } Fetcher fetcher; #ifdef __linux__ // Initialize systemd if it exists. if (systemd::exists() && flags.systemd_enable_support) { LOG(INFO) << "Inializing systemd state"; systemd::Flags systemdFlags; systemdFlags.enabled = flags.systemd_enable_support; systemdFlags.runtime_directory = flags.systemd_runtime_directory; systemdFlags.cgroups_hierarchy = flags.cgroups_hierarchy; Try<Nothing> initialize = systemd::initialize(systemdFlags); if (initialize.isError()) { EXIT(EXIT_FAILURE) << "Failed to initialize systemd: " + initialize.error(); } } #endif // __linux__ Try<Containerizer*> containerizer = Containerizer::create(flags, false, &fetcher); if (containerizer.isError()) { EXIT(EXIT_FAILURE) << "Failed to create a containerizer: " << containerizer.error(); } Try<MasterDetector*> detector_ = MasterDetector::create( master, flags.master_detector); if (detector_.isError()) { EXIT(EXIT_FAILURE) << "Failed to create a master detector: " << detector_.error(); } MasterDetector* detector = detector_.get(); Option<Authorizer*> authorizer_ = None(); string authorizerName = flags.authorizer; Result<Authorizer*> authorizer((None())); if (authorizerName != slave::DEFAULT_AUTHORIZER) { LOG(INFO) << "Creating '" << authorizerName << "' authorizer"; // NOTE: The contents of --acls will be ignored. authorizer = Authorizer::create(authorizerName); } else { // `authorizerName` is `DEFAULT_AUTHORIZER` at this point. if (flags.acls.isSome()) { LOG(INFO) << "Creating default '" << authorizerName << "' authorizer"; authorizer = Authorizer::create(flags.acls.get()); } } if (authorizer.isError()) { EXIT(EXIT_FAILURE) << "Could not create '" << authorizerName << "' authorizer: " << authorizer.error(); } else if (authorizer.isSome()) { authorizer_ = authorizer.get(); } if (flags.firewall_rules.isSome()) { vector<Owned<FirewallRule>> rules; const Firewall firewall = flags.firewall_rules.get(); if (firewall.has_disabled_endpoints()) { hashset<string> paths; foreach (const string& path, firewall.disabled_endpoints().paths()) { paths.insert(path); } rules.emplace_back(new DisabledEndpointsFirewallRule(paths)); }