Sure,
it looks like this, not very imaginative. There is currently no
authorization on the agents.
{
"permissive": false,
[...] // Here is the previous ACL with actions "run_tasks" and
"register_frameworks"
"get_endpoints": [
{
Benno,
Would you mind providing more information on the ACL definitions that you
used to gain full access to the web UI? I'm working on some more
documentation for this. Also, did you have authorization enabled on the
agents as well?
Cheers,
Greg
On Wed, Jun 8, 2016 at 7:43 AM, Neil Conway
On Wed, Jun 8, 2016 at 4:27 PM, Alexander Rojas wrote:
> I think we should also think more thoroughly about the expected behaviour
> when we introduce new authorizable actions (and we most certainly will).
> Since things may break particularly if users set the
Maybe we can just supply a default acl template file specifying these
defaults acls. Then users will have more guidance when starting to use acls.
I will create a sample patch to clarify how I envision such kind of
template :-).
On Wed, Jun 8, 2016 at 4:27 PM, Alexander Rojas
I think we should also think more thoroughly about the expected behaviour
when we introduce new authorizable actions (and we most certainly will).
Since things may break particularly if users set the `permissive` ACL field
to false.
Perhaps initially, if no ACL is given for the new action we
Hi,
thanks for the pointer. For people having the same problem, it seems
that you have to actually provide six new ACL rules to restore the
previous behaviour:
get_endpoints, view_frameworks, view_tasks, view_executors,
access_sandboxes, and access_mesos_logs.
On 03.06.2016 21:59, Michael Park
Hello, I'm not exactly sure about whether the behavior is undesired or not.
But I think the ACL that you're missing is `GetEndpoint`:
https://github.com/apache/mesos/blob/master/include/mesos/authorizer/acls.proto#L183-L190
Hope that helps,
MPark
On 3 June 2016 at 12:36, Evers Benno
I just tried building and running the 1.0.0-rc1, and it seems that the
web UI is broken due to /metrics/snapshot returning a 403. (There's a
popup continously displaying "Failed to connect to
mesos-master.example.org:5050!"
I'm running mesos-master with options `--no-authenticate_http