mesos-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Greg Mann (JIRA)" <>
Subject [jira] [Assigned] (MESOS-6240) Allow executor/agent communication over non-TCP/IP stream socket.
Date Thu, 25 Oct 2018 16:31:00 GMT


Greg Mann reassigned MESOS-6240:

    Assignee:     (was: Benjamin Hindman)

> Allow executor/agent communication over non-TCP/IP stream socket.
> -----------------------------------------------------------------
>                 Key: MESOS-6240
>                 URL:
>             Project: Mesos
>          Issue Type: Improvement
>          Components: agent, executor
>         Environment: Linux and Windows
>            Reporter: Avinash Sridharan
>            Priority: Major
>              Labels: mesosphere
> Currently, the executor agent communication happens specifically over TCP sockets. This
works fine in most cases, but specifically for the `MesosContainerizer` when containers are
running on CNI networks, this mode of communication starts imposing constraints on the CNI
network. Since, now there has to connectivity between the CNI network  (on which the executor
is running) and the agent. Introducing paths from a CNI network to the underlying agent, at
best, creates headaches for operators and at worst introduces serious security holes in the
network, since it is breaking the isolation between the container CNI network and the host
network (on which the agent is running).
> In order to simplify/strengthen deployment of Mesos containers on CNI networks we therefore
need to move away from using TCP/IP sockets for executor/agent communication. Since, executor
and agent are guaranteed to run on the same host, the above problems can be resolved if, for
the `MesosContainerizer`, we use UNIX domain sockets or named pipes instead of TCP/IP sockets
for the executor/agent communication.

This message was sent by Atlassian JIRA

View raw message