Return-Path: X-Original-To: apmail-mesos-user-archive@www.apache.org Delivered-To: apmail-mesos-user-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id BF15518246 for ; Mon, 7 Dec 2015 06:06:06 +0000 (UTC) Received: (qmail 33025 invoked by uid 500); 7 Dec 2015 06:06:06 -0000 Delivered-To: apmail-mesos-user-archive@mesos.apache.org Received: (qmail 32963 invoked by uid 500); 7 Dec 2015 06:06:06 -0000 Mailing-List: contact user-help@mesos.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: user@mesos.apache.org Delivered-To: mailing list user@mesos.apache.org Received: (qmail 32953 invoked by uid 99); 7 Dec 2015 06:06:06 -0000 Received: from Unknown (HELO spamd3-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 07 Dec 2015 06:06:06 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd3-us-west.apache.org (ASF Mail Server at spamd3-us-west.apache.org) with ESMTP id D336E180975 for ; Mon, 7 Dec 2015 06:06:05 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd3-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 2.999 X-Spam-Level: ** X-Spam-Status: No, score=2.999 tagged_above=-999 required=6.31 tests=[HTML_MESSAGE=3, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=disabled Received: from mx1-us-west.apache.org ([10.40.0.8]) by localhost (spamd3-us-west.apache.org [10.40.0.10]) (amavisd-new, port 10024) with ESMTP id 2pY0L-HUKOoB for ; Mon, 7 Dec 2015 06:05:56 +0000 (UTC) Received: from APC01-SG2-obe.outbound.protection.outlook.com (mail-sg2apc01on0122.outbound.protection.outlook.com [104.47.125.122]) by mx1-us-west.apache.org (ASF Mail Server at mx1-us-west.apache.org) with ESMTPS id 668E2238D1 for ; Mon, 7 Dec 2015 06:05:55 +0000 (UTC) Received: from SG2PR01MB0395.apcprd01.prod.exchangelabs.com (10.161.11.25) by SG2PR01MB0396.apcprd01.prod.exchangelabs.com (10.161.11.26) with Microsoft SMTP Server (TLS) id 15.1.355.11; Mon, 7 Dec 2015 06:05:44 +0000 Received: from SG2PR01MB0395.apcprd01.prod.exchangelabs.com ([10.161.11.25]) by SG2PR01MB0395.apcprd01.prod.exchangelabs.com ([10.161.11.25]) with mapi id 15.01.0355.000; Mon, 7 Dec 2015 06:05:44 +0000 From: Xiaodong Zhang To: "user@mesos.apache.org" CC: Developers Subject: Re: How to tell master which ip to connect. Thread-Topic: How to tell master which ip to connect. Thread-Index: AQHRESazxYFaNq1LxE2sdq6eKgMPwZ6CssEAgAB0GF6AA777AIA46JYA Date: Mon, 7 Dec 2015 06:05:44 +0000 Message-ID: References: <7B06D2AE-0AE4-4352-B7AC-4EBA9A7DA5DC@alauda.io> In-Reply-To: Accept-Language: zh-CN, en-US Content-Language: zh-CN X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/14.5.8.151023 authentication-results: spf=none (sender IP is ) smtp.mailfrom=xdzhang@alauda.io; x-ms-exchange-messagesentrepresentingtype: 1 x-originating-ip: [114.113.20.135] x-microsoft-exchange-diagnostics: 1;SG2PR01MB0396;5:ZsKsoFQ65+USmvQKDZ3t0IrSH6CLXLurlOAvlJVmsuFRJMUwCn9X47IFKh8I/jV2Oje1OrtopjHlMSm6vpC8+w4W2xUjrBbMc3HxHxydLsiKqMVCTgBD42YUVDHkJgUgoiAOGTM6YMsD4yZxswNS4g==;24:bCwmAq2aso+Qf2SHMLgZhDy5YbrmQXPTAsIteUEPf2N1kFkMnWpx4ivv0y9Dwh3xOUY7noXmBPihHZwOJ7Jh0U4Kh4JonDIxd/eE8hBz5iw= x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:SG2PR01MB0396; x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:(155857280688547); x-exchange-antispam-report-cfa-test: BCL:0;PCL:0;RULEID:(601004)(2401047)(5005006)(520078)(8121501046)(10201501046)(3002001);SRVR:SG2PR01MB0396;BCL:0;PCL:0;RULEID:;SRVR:SG2PR01MB0396; x-forefront-prvs: 078310077C x-forefront-antispam-report: SFV:NSPM;SFS:(10019020)(377424004)(189002)(24454002)(199003)(377454003)(3846002)(5004730100002)(122556002)(4001350100001)(10400500002)(1096002)(76176999)(11100500001)(2351001)(74482002)(86362001)(77096005)(54356999)(93886004)(66066001)(15975445007)(83506001)(81156007)(97736004)(107886002)(586003)(19617315012)(110136002)(87936001)(40100003)(102836003)(1220700001)(6116002)(5002640100001)(4001150100001)(92566002)(19580395003)(450100001)(50986999)(105586002)(16234385003)(5001960100002)(106116001)(2501003)(16601075003)(4001430100002)(5890100001)(36756003)(101416001)(19580405001)(189998001)(2900100001)(106356001)(2950100001)(16236675004)(5008740100001)(94096001);DIR:OUT;SFP:1102;SCL:1;SRVR:SG2PR01MB0396;H:SG2PR01MB0395.apcprd01.prod.exchangelabs.com;FPR:;SPF:None;PTR:InfoNoRecords;MX:3;A:1;LANG:en; received-spf: None (protection.outlook.com: alauda.io does not designate permitted sender hosts) spamdiagnosticoutput: 1:23 spamdiagnosticmetadata: NSPM Content-Type: multipart/alternative; boundary="_000_D28B42ABF0E9xdzhangmathildetechcom_" MIME-Version: 1.0 X-OriginatorOrg: alauda.io X-MS-Exchange-CrossTenant-originalarrivaltime: 07 Dec 2015 06:05:44.0690 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 7ec61fd3-4825-4cf3-931a-f67c1156f955 X-MS-Exchange-Transport-CrossTenantHeadersStamped: SG2PR01MB0396 --_000_D28B42ABF0E9xdzhangmathildetechcom_ Content-Type: text/plain; charset="gb2312" Content-Transfer-Encoding: base64 DQoNCreivP7IyzogaGFvc2RlbnQgPGhhb3NkZW50QGdtYWlsLmNvbTxtYWlsdG86aGFvc2RlbnRA Z21haWwuY29tPj4NCrTwuLQ6ICJ1c2VyQG1lc29zLmFwYWNoZS5vcmc8bWFpbHRvOnVzZXJAbWVz b3MuYXBhY2hlLm9yZz4iIDx1c2VyQG1lc29zLmFwYWNoZS5vcmc8bWFpbHRvOnVzZXJAbWVzb3Mu YXBhY2hlLm9yZz4+DQrI1cbaOiAyMDE1xOoxMdTCMcjVINDHxtrI1SDPws7nNTowMg0K1sE6IHVz ZXIgPHVzZXJAbWVzb3MuYXBhY2hlLm9yZzxtYWlsdG86dXNlckBtZXNvcy5hcGFjaGUub3JnPj4N Ctb3zOI6IFJlOiBIb3cgdG8gdGVsbCBtYXN0ZXIgd2hpY2ggaXAgdG8gY29ubmVjdC4NCg0KSGks IEBYaWFvZG9uZyBJIHRoaW5rIHNzbCArIHJlZ2lzdGVyIGF1dGggaXMgZW5vdWdoLCBJIGRvbid0 IHRoaW5rIHlvdSBuZWVkIHdvcnJpZWQgYWJvdXQgdGhhdC4gTGV0IG1lIGFsc28gYXR0YWNoIHNv bWUgb3RoZXIgbWVzb3MgZG9jdW1lbnRzIGV4Y2VwdCBzc2wgcmVsYXRlIHRvIHNlY3VyaXR5Lg0K DQphdXRoZW50aWNhdGlvbjogaHR0cHM6Ly9naXRodWIuY29tL2FwYWNoZS9tZXNvcy9ibG9iL21h c3Rlci9kb2NzL2F1dGhvcml6YXRpb24ubWQNCmF1dGhlbnRpY2F0aW9uOiAgaHR0cHM6Ly9naXRo dWIuY29tL2FwYWNoZS9tZXNvcy9ibG9iL21hc3Rlci9kb2NzL2F1dGhlbnRpY2F0aW9uLm1kDQpm aXJld2FsbF9ydWxlczogaHR0cHM6Ly9naXRodWIuY29tL2FwYWNoZS9tZXNvcy9ibG9iL21hc3Rl ci9kb2NzL2NvbmZpZ3VyYXRpb24ubWQjbWFzdGVyLWFuZC1zbGF2ZS1vcHRpb25zDQoNCkFuZCBp ZiB5b3Ugd2FudCB0byB1c2UgZXh0ZXJuYWwgZmlyZXdhbGwgb2YgaXB0YWJsZXMgdG8gbGltaXQg YWNjZXNzLCBpdCBpcyBhbHNvIE9LIHdoZW4geW91IHVzaW5nIG1lc29zLg0KDQpPbiBGcmksIE9j dCAzMCwgMjAxNSBhdCA3OjUwIEFNLCBYaWFvZG9uZyBaaGFuZyA8eGR6aGFuZ0BhbGF1ZGEuaW88 bWFpbHRvOnhkemhhbmdAYWxhdWRhLmlvPj4gd3JvdGU6DQpvaKOhY29ubmVjdCB2aWEgc3NsIGFu ZCByZWdpc3RlciB3aXRoIGF1dGggaXMgbm90IHNhZmV0eSBlbm91Z2ijvw0KDQq3otfUztK1xCBp UGhvbmUNCg0K1NogMjAxNcTqMTDUwjMwyNWjrMnPzucxMjo1NaOsdG9tbXkgeGlhbyA8eGlhb2Rz QGdtYWlsLmNvbTxtYWlsdG86eGlhb2RzQGdtYWlsLmNvbT4+INC0tcCjug0KDQpwdWJsaWMgaXAg aXMgdmVyeSBkYW5nZXJvdXMgZm9yIG1lc29zIGNsdXN0ZXIsIHlvdSBuZWVkIGEgZmlyZXdhbGwg b24geW91ciBzb2x1dGlvbi4NCg0KMjAxNS0xMC0yOCAxMDoxNiBHTVQrMDg6MDAgWGlhb2Rvbmcg WmhhbmcgPHhkemhhbmdAYWxhdWRhLmlvPG1haWx0bzp4ZHpoYW5nQGFsYXVkYS5pbz4+Og0KSGkg dGVhbXM6DQoNCk15IHNjZW5hcmlvcyBpcyBsaWtlIHRoaXM6DQoNCk15IG1hc3RlciBub2RlcyB3 ZXJlIGRlcGxveWVkIGluIEFXUy4gTXkgc2xhdmVzIHdlcmUgaW4gQVpVUkUuU28gdGhleSBjb21t dW5pY2F0ZSB2aWEgcHVibGljIGlwLg0KSSBnb3QgdHJvdWJsZSB3aGVuIHNsYXZlcyB0cnkgdG8g cmVnaXN0ZXIgdG8gbWFzdGVyLg0KTm93IHNsYXZlcyBjYW4gZ2V0IG1hc3RlcqGvcyBwdWJsaWMg aXAgYWRkcmVzcyxhbmQgY2FuIHNlbmQgcmVnaXN0ZXIgcmVxdWVzdC5CdXQgdGhleSBjYW4gb25s eSBzZW5kIHRoZXJlIHByaXZhdGUgaXAgdG8gbWFzdGVyLihCZWNhdXNlIHRoZXkgZG9uoa90IGtu b3cgdGhlcmUgcHVibGljIGlwLHRodXMgdGhleSBjYW6hr3Qgbm90IGJpbmQgYSBwdWJsaWMgaXAg dmlhIKGqaXAgZmxhZyksIHRodXMgIG1hc3RlcnMgY2Fuoa90IGNvbm5lY3Qgc2xhdmVzLkhvdyBj YW4gdGhlIHNsYXZlIHRvIHRlbGwgbWFzdGVyIHdoaWNoIGlwIG1hc3RlciBzaG91bGQgY29ubmVj dChJIGNhbqGvdCBmaW5kIGFueSBmbGFncyBsaWtlIKGqYWR2ZXJ0aXNlX2lwIGluIG1hc3Rlciku DQoNCg0KDQotLQ0KRGVzaGkgWGlhbw0KVHdpdHRlcjogeGRzMjAwMA0KRS1tYWlsOiB4aWFvZHMo QVQpZ21haWwuY29tPGh0dHA6Ly9nbWFpbC5jb20+DQoNCg0KDQotLQ0KQmVzdCBSZWdhcmRzLA0K SGFvc2RlbnQgSHVhbmcNCg== --_000_D28B42ABF0E9xdzhangmathildetechcom_ Content-Type: text/html; charset="gb2312" Content-ID: Content-Transfer-Encoding: quoted-printable


=B7=A2=BC=FE=C8=CB: haosdent <haosdent@gmail.com>
=B4=F0=B8=B4: "user@mesos.apache.org" <user@mesos.apache.org>
=C8=D5=C6=DA: 2015=C4=EA11=D4=C21= =C8=D5 =D0=C7=C6=DA=C8=D5 =CF=C2=CE=E75:02
=D6=C1: user <user@mesos.apache.org>
=D6=F7=CC=E2: Re: How to tell maste= r which ip to connect.

Hi, @Xiaodong I think ssl + register auth is enough, I= don't think you need worried about that. Let me also attach some other mes= os documents except ssl relate to security.

firewall_rules: https://github.com/ap= ache/mesos/blob/master/docs/configuration.md#master-and-slave-options

And if you want to use external firewall of iptables to limit access, = it is also OK when you using mesos.

On Fri, Oct 30, 2015 at 7:50 AM, Xiaodong Zhang = <xdzhang@alauda.i= o> wrote:
oh=A3=A1connect via ssl and register with auth is not safety enough=A3= =BF

=B7=A2=D7=D4=CE=D2=B5=C4 iPhone

=D4=DA 2015=C4=EA10=D4=C230=C8=D5=A3=AC=C9=CF=CE=E712:55=A3=ACtommy xiao &l= t;xiaods@gmail.com> =D0=B4=B5=C0=A3=BA

public ip is very dangerous for mesos cluster, yo= u need a firewall on your solution.

2015-10-28 10:16 GMT+08:00 Xiaodong Zhang <xdzhang@alauda.i= o>:
Hi teams:

My scenarios is like this:=

My master nodes were deplo= yed in AWS. My slaves were in AZURE.So they communicate via public ip.
I got trouble when slaves = try to register to master. 
Now slaves can get master= =A1=AFs public ip address,and can send register request.But they can only s= end there private ip to master.(Because they don=A1=AFt know there public i= p,thus they can=A1=AFt not bind a public ip via =A1=AAip flag), thus  masters can=A1=AFt connect slaves.How can the slave to t= ell master which ip master should connect(I can=A1=AFt find any flags like = =A1=AAa= dvertise_ip in master).



--
Deshi Xiao
Twitter: xds2000
E-mail: xiaods(AT)gmail.com<= /a>



--
Best Regards,
Haosdent Huang
--_000_D28B42ABF0E9xdzhangmathildetechcom_--