mesos-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Lawrence Rau <larry...@mac.com>
Subject Re: Questions about secret handling in Mesos
Date Sat, 21 Apr 2018 17:19:02 GMT
doesn’t seem a great place for a secret; depending on how the host is handling swap and your
tolerance for risk of leakage via ram content recovery.

..larry

> On Apr 21, 2018, at 9:02 AM, Qian Zhang <zhq527725@gmail.com> wrote:
> 
> Hi Aditya,
> 
> Yeah, you are right. `hostSecretPath` is a sub-directory under agent's runtime dir, and
the default value of agent's runtime dir is `/var/run/mesos` which is a tmpfs. So the secret
is written to tmpfs on agent host.
> 
> 
> Regards,
> Qian Zhang
> 
> On Sat, Apr 21, 2018 at 8:19 AM, Aditya Bhave <adityacb@uber.com <mailto:adityacb@uber.com>>
wrote:
> Hi Qian,
> 
> Secret is written to file at hostSecretPath which is derived like this:
> 
> const string hostSecretPath = path::join(flags.runtime_dir, SECRET_DIR, stringify(id::UUID::random()));
> Also,
>   const string hostSecretTmpDir = path::join(flags.runtime_dir, SECRET_DIR);
> Is the hostSecretTmpDir not located on tmpfs? The dir name alludes to this.
> 
> Thanks,
> -Aditya
> 
> On Fri, Apr 20, 2018 at 5:05 PM, Qian Zhang <zhq527725@gmail.com <mailto:zhq527725@gmail.com>>
wrote:
> > When the secret is first downloaded on the mesos agent, it will be stored as "root"
on the tmpfs/ramfs before being mounted in the container ramfs.
> 
> It seems the secret is not stored on the tmpfs/ramfs on the agent host, we just write
it into a file <https://github.com/apache/mesos/blob/1.5.0/src/slave/containerizer/mesos/isolators/volume/secret.cpp#L281>
under the agent's runtime directory, and then move it into the ramfs <https://github.com/apache/mesos/blob/1.5.0/src/slave/containerizer/mesos/isolators/volume/secret.cpp#L260:L267>
in the container when the container is launched.
> 
> 
> Regards,
> Qian Zhang
> 
> On Fri, Apr 20, 2018 at 2:47 PM, Gilbert Song <gilbert@apache.org <mailto:gilbert@apache.org>>
wrote:
> IIUC, your assumptions are all correct.
> 
> @Kapil, could you please confirm? Maybe we could improve the document at the next Docathon.
> 
> Gilbert
> 
> On Thu, Apr 19, 2018 at 10:57 AM, Zhitao Li <zhitaoli.cs@gmail.com <mailto:zhitaoli.cs@gmail.com>>
wrote:
> Hello,
> 
> We at Uber plan to use volume/secret isolator to send secrets from Uber
> framework to Mesos agent.
> 
> For this purpose, we are referring to these documents:
> 
>    - File based secrets design doc
>    <https://docs.google.com/document/d/18raiiUfxTh-JBvjd6RyHe_TOScY87G_bMi5zBzMZmpc/edit#
<https://docs.google.com/document/d/18raiiUfxTh-JBvjd6RyHe_TOScY87G_bMi5zBzMZmpc/edit#>>
>    and slides
>    <http://schd.ws/hosted_files/mesosconasia2017/70/Secrets%20Management%20in%20Mesos.pdf
<http://schd.ws/hosted_files/mesosconasia2017/70/Secrets%20Management%20in%20Mesos.pdf>>
>    .
>    - Apache Mesos secrets documentation
>    <http://mesos.apache.org/documentation/latest/secrets/ <http://mesos.apache.org/documentation/latest/secrets/>>
> 
> Could you please confirm that the following assumptions are correct?
> 
>    - Mesos agent and master will never log the secret data at any logging
>    level;
>    - Mesos agent and master will never expose the secret data as part of
>    any API response;
>    - Mesos agent and master will never store the secret in any persistent
>    storage, but only on tmpfs or ramfs;
>    - When the secret is first downloaded on the mesos agent, it will be
>    stored as "root" on the tmpfs/ramfs before being mounted in the container
>    ramfs.
> 
> If above assumptions are true, then I would like to see them documented in
> this as part of the Apache Mesos secrets documentation
> <http://mesos.apache.org/documentation/latest/secrets/ <http://mesos.apache.org/documentation/latest/secrets/>>.
Otherwise, we'd
> like to have a design discussion with maintainer of the isolator.
> 
> We appreciate your help regarding this. Thanks!
> 
> Regards,
> Aditya And Zhitao
> 
> 
> 
> 


Mime
View raw message