mesos-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alexander Rukletsov (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (MESOS-1486) Introduce an optional master whitelist for slaves
Date Wed, 12 Nov 2014 16:38:34 GMT

    [ https://issues.apache.org/jira/browse/MESOS-1486?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14208225#comment-14208225
] 

Alexander Rukletsov commented on MESOS-1486:
--------------------------------------------

A follow-up on this issue. We would like to authorize (not authenticate) masters in slaves.
For example, if a new (rogue) master becomes a leader, a slave checks it against its list
of whitelisted masters and refuses to communicate with it if it is not authorized. As a short-term
solution, we can use a mechanism similar to slave whitelisting in master, which will be [deprecated
in favour of ACLs|https://issues.apache.org/jira/browse/MESOS-2089]. In a long run, this feature
should resemble [MESOS-1546|https://issues.apache.org/jira/browse/MESOS-1546]. 

> Introduce an optional master whitelist for slaves
> -------------------------------------------------
>
>                 Key: MESOS-1486
>                 URL: https://issues.apache.org/jira/browse/MESOS-1486
>             Project: Mesos
>          Issue Type: Improvement
>          Components: slave
>            Reporter: Niklas Quarfot Nielsen
>
> Like masters can whitelist slaves (and only announce available resources from slaves
whitelisted), slaves should be able to whitelist masters they are willing/allowed to connect
to. I have a proof-of-concept ready which ties into the slave::detected() method and prevents
non-whitelisted masters to register.
> If "*" is provided - whitelisting is not enforced (which would be the usual case).



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message