mesos-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Joseph Wu (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (MESOS-7886) Add master hook for setting environment variables
Date Mon, 14 Aug 2017 17:37:00 GMT

    [ https://issues.apache.org/jira/browse/MESOS-7886?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16126050#comment-16126050
] 

Joseph Wu commented on MESOS-7886:
----------------------------------

>From a security perspective, putting secrets in environment variables is not ideal (but
it is admittedly pretty common).  There are a few places in the Mesos code (in older versions)
where environment variables are printed to logs or stderr.

>From a historical perspective, the master generally limits itself to coordinating frameworks
and agents, but stays out of the business logic needed to run tasks.  This is mostly because
heterogeneous clusters can have many different agent configurations; and having the master
keep track of how to handle each configuration may become onerous.

> Add master hook for setting environment variables
> -------------------------------------------------
>
>                 Key: MESOS-7886
>                 URL: https://issues.apache.org/jira/browse/MESOS-7886
>             Project: Mesos
>          Issue Type: Improvement
>          Components: modules
>            Reporter: Matthew Mead-Briggs
>
> At Yelp we're planning to integrate our secret store with our platform as a service which
runs on Mesos.
> I was hoping to write a module to "inject" environment variables on the master side but
the necessary hook doesn't currently exist. Such a hook already exists on the slave side.
However, for this integration that would require me to give all the agents access to the secret
store and I'd much prefer to limit this to the master side.
> There is already a hook for adding labels:
> https://github.com/apache/mesos/blob/72752fc6deb8ebcbfbd5448dc599ef3774339d31/include/mesos/hook.hpp#L44-L48
> So it seems it should be pretty easy to add one for setting environment variables too?
I had a crack the other day but although I got my code to compile something was not working
at runtime (note: I'm not a C++ dev). Is there any reason why we wouldn't want such a hook?
If anyone can confirm that it's a sane thing to add then I'd be happy to spend some time trying
to get it working (although I may need some help)!



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message