mesos-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rad Gruchalski <ra...@gruchalski.com>
Subject Re: mess slave can't register to master via master ip:port
Date Tue, 10 Nov 2015 11:32:07 GMT
It sounds easy in theory but it is not, described for another purpose but the Dragons explained:
http://gruchalski.com/apache-zookeeper-authentication.html
I’d suggest a firewall. Opening ZK ports only to known IP addresses.










Kind regards,

Radek Gruchalski

radek@gruchalski.com (mailto:radek@gruchalski.com)
 (mailto:radek@gruchalski.com)
de.linkedin.com/in/radgruchalski/ (http://de.linkedin.com/in/radgruchalski/)

Confidentiality:
This communication is intended for the above-named person and may be confidential and/or legally
privileged.
If it has come to you in error you must take no action based on it, nor must you copy or show
it to anyone; please delete/destroy and inform the sender immediately.



On Tuesday, 10 November 2015 at 12:17, haosdent wrote:

> How about use zookeeper acl? https://zookeeper.apache.org/doc/r3.1.2/zookeeperProgrammers.html#sc_ZooKeeperAccessControl
>  
> On Tue, Nov 10, 2015 at 6:01 PM, Xiaodong Zhang <xdzhang@alauda.io (mailto:xdzhang@alauda.io)>
wrote:
> > What should I do in this scenarios:  
> >  
> > slave register to master with --master=masterip:masterport   
> >  
> > After that ,master nodes change their leader.  
> >  
> > I found mesos-slave can’t not register to master anymore. So it seems masterip:masterport
is not a PROD-READY choice.  
> >  
> > Does that mean slaves have to register to master via zk?  
> >  
> > If use zk. How should mesos make the communication security when my master and slave
communicate each other via public ip.  
> >  
> >  
> > 发件人: Guangya Liu <gyliu513@gmail.com (mailto:gyliu513@gmail.com)>
> > 答复: "user@mesos.apache.org (mailto:user@mesos.apache.org)" <user@mesos.apache.org
(mailto:user@mesos.apache.org)>
> > 日期: 2015年11月3日 星期二 下午2:10
> >  
> > 至: "user@mesos.apache.org (mailto:user@mesos.apache.org)" <user@mesos.apache.org
(mailto:user@mesos.apache.org)>
> > 主题: Re: mess slave can't register to master via master ip:port
> >  
> > I filed a jira ticket https://issues.apache.org/jira/browse/MESOS-3822 to trace
this. Thanks.
> >  
> > On Tue, Nov 3, 2015 at 2:02 PM, haosdent <haosdent@gmail.com (mailto:haosdent@gmail.com)>
wrote:
> > > I think it is not correct.  
> > >  
> > > On Tue, Nov 3, 2015 at 12:44 PM, Xiaodong Zhang <xdzhang@alauda.io (mailto:xdzhang@alauda.io)>
wrote:
> > > > If that so. I think this document should be modified.  
> > > >  
> > > > http://mesos.apache.org/documentation/latest/configuration/#SlaveOptions
 
> > > >  
> > > >  
> > > > Right?  
> > > >  
> > > >  
> > > > 发件人: Guangya Liu <gyliu513@gmail.com (mailto:gyliu513@gmail.com)>
> > > > 答复: "user@mesos.apache.org (mailto:user@mesos.apache.org)" <user@mesos.apache.org
(mailto:user@mesos.apache.org)>
> > > > 日期: 2015年11月3日 星期二 下午12:39
> > > > 至: "user@mesos.apache.org (mailto:user@mesos.apache.org)" <user@mesos.apache.org
(mailto:user@mesos.apache.org)>
> > > > 主题: Re: mess slave can't register to master via master ip:port
> > > >  
> > > > Seems mesos does not support such mode, please refer to https://github.com/apache/mesos/blob/master/src/slave/main.cpp#L105-L111
for the format of "--master". Thanks!
> > > >  
> > > > On Tue, Nov 3, 2015 at 12:28 PM, haosdent <haosdent@gmail.com (mailto:haosdent@gmail.com)>
wrote:
> > > > > After checking code, seems Mesos only support --master=IP1:5050 or
--master=zk://xx or --master=file:///.  
> > > > >  
> > > > > On Tue, Nov 3, 2015 at 12:15 PM, haosdent <haosdent@gmail.com
(mailto:haosdent@gmail.com)> wrote:
> > > > > > Do your masters have already managed by zookeeper? And what
is your master start command?  
> > > > > >  
> > > > > > On Tue, Nov 3, 2015 at 12:06 PM, Xiaodong Zhang <xdzhang@alauda.io
(mailto:xdzhang@alauda.io)> wrote:
> > > > > > > Hi all:  
> > > > > > >  
> > > > > > > My slave command like this:  
> > > > > > >  
> > > > > > > /usr/sbin/mesos-slave --master=IP1:5050,IP2:5050,IP3:5050
…. --credential …  
> > > > > > >  
> > > > > > > Only if IP1 is the leader, the slave can register to master
successfully, Or it will register fail.  
> > > > > > >  
> > > > > > > Slave log like this:  
> > > > > > >  
> > > > > > > Creating new client SASL connection  
> > > > > > > Authentication timed out
> > > > > > > Failed to authenticate with master master@172.31.43.77:5050
(http://master@172.31.43.77:5050): Authentication discarded
> > > > > > > Authenticating with master master@172.31.43.77:5050 (http://master@172.31.43.77:5050)
> > > > > > > Using default CRAM-MD5 authenticatee
> > > > > > >  
> > > > > > > Is this a bug?Or it is designed like this.  
> > > > > > >  
> > > > > > > BTW: --master:zk://xxxxxxx work well.  
> > > > > >  
> > > > > >  
> > > > > > --  
> > > > > > Best Regards,
> > > > > > Haosdent Huang  
> > > > >  
> > > > >  
> > > > > --  
> > > > > Best Regards,
> > > > > Haosdent Huang  
> > >  
> > >  
> > >  
> > > --  
> > > Best Regards,
> > > Haosdent Huang  
>  
>  
>  
> --  
> Best Regards,
> Haosdent Huang  


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message