mesos-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alexander Rojas <alexan...@mesosphere.io>
Subject Review Request 65227: Added specific flag loader for zookeeper urls preventing password leaks.
Date Fri, 19 Jan 2018 01:04:03 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/65227/
-----------------------------------------------------------

Review request for mesos.


Repository: mesos


Description
-------

Adds the struct `zookeeper::SafeUrlLoader` which is used to load
zookeeper url's from flags.

This new struct will not shown the contents of a file in logs or the
`/flags` endpoint if the urls are given using a file (with the
`file://` prefix). If the url's are given in the command line, not
changes are noticed.


Testing
-------

```sh
make -j12 check

# We don't seem to test flags in unit tests anywhere,
# so additionally I ran:

docker pull zookeeper

cat <<EOF > /tmp/$USER/zk-stack.yml
version: '3.1'
services:
  zoo1:
    image: zookeeper
    restart: always
    hostname: zoo1
    ports:
      - 2181:2181
    environment:
      ZOO_MY_ID: 1
      ZOO_SERVERS: server.1=0.0.0.0:2888:3888 server.2=zoo2:2888:3888 server.3=zoo3:2888:3888
  zoo2:
    image: zookeeper
    restart: always
    hostname: zoo2
    ports:
      - 2182:2181
    environment:
      ZOO_MY_ID: 2
      ZOO_SERVERS: server.1=zoo1:2888:3888 server.2=0.0.0.0:2888:3888 server.3=zoo3:2888:3888
  zoo3:
    image: zookeeper
    restart: always
    hostname: zoo3
    ports:
      - 2183:2181
    environment:
      ZOO_MY_ID: 2
      ZOO_SERVERS: server.1=zoo1:2888:3888 server.2=zoo2:2888:3888 server.3=0.0.0.0:2888:3888
EOF

docker-compose -f /tmp/$USER/zk-stack.yml up

cd ${MESOS_BUILD_DIR}

# This command should fail to launch because there is no file zk.conf
./bin/mesos-master.sh \
    --work_dir=/tmp/$USER/mesos/master \
    --log_dir=/tmp/$USER/mesos/master/log \
    --ip=$PUBLIC_IP \
    --quorum=1 \
    --zk=file:///tmp/$USER/zk/zk.conf
    
cat <<EOF > /tmp/$USER/zk/zk.conf
zk://$PUBLIC_IP:2181,$PUBLIC_IP:2182,$PUBLIC_IP:2183/mesos
EOF

./bin/mesos-master.sh \
    --work_dir=/tmp/$USER/mesos/master \
    --log_dir=/tmp/$USER/mesos/master/log \
    --ip=$PUBLIC_IP \
    --quorum=1 \
    --zk=`cat /tmp/$USER/zk/zk.conf`  &
    
[[ $(http -b $PUBLIC_IP:5050/flags | jq -r '.flags.zk') == `cat /tmp/$USER/zk/zk.conf` ]]

kill %1


./bin/mesos-master.sh \
    --work_dir=/tmp/$USER/mesos/master \
    --log_dir=/tmp/$USER/mesos/master/log \
    --ip=$PUBLIC_IP \
    --quorum=1 \
    --zk=file:///tmp/$USER/zk/zk.conf &
    
[[ $(http -b $PUBLIC_IP:5050/flags | jq -r '.flags.zk') == "/tmp/$USER/zk/zk.conf" ]]

./bin/mesos-agent.sh \
    --work_dir=/tmp/$USER/mesos/agent \
    --log_dir=/tmp/$USER/mesos/agent/log \
    --master=file:///tmp/$USER/zk/zk.conf &
    
[[ $(http -b $PUBLIC_IP:5051/flags | jq -r '.flags.master') == "/tmp/$USER/zk/zk.conf" ]]

kill %2

./bin/mesos-agent.sh \
    --work_dir=/tmp/$USER/mesos/agent \
    --log_dir=/tmp/$USER/mesos/agent/log \
    --zk=`cat /tmp/$USER/zk/zk.conf`  &
    
[[ $(http -b $PUBLIC_IP:5051/flags | jq -r '.flags.master') == `cat /tmp/$USER/zk/zk.conf`
]]

kill %2
kill %1
```


Thanks,

Alexander Rojas


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message