Ben McCann created MESOS-845:
--------------------------------
Summary: Provide and document method of securely deploying
applications
Key: MESOS-845
URL: https://issues.apache.org/jira/browse/MESOS-845
Project: Mesos
Issue Type: Bug
Reporter: Ben McCann
To schedule a job you much specify URIs. This seems strange to me because I
wouldn't want my application and its credentials to be downloadable from a
public location. I could firewall the server, but even then any app could fetch
the tarball for any other app and so you have to be okay with sharing all your
credentials globally amongst all of your apps. Is there some more secure
alternative? Perhaps an authenticated API call to mesos to upload a new app?
I saw an example using an hdfs:// URI. I tried looking into setting up HDFS,
but the documentation was hard to follow. It was also not possible to set it up
without also setting up Hadoop, which I don't have a need for at this point.
Finally, it says "There is no expectation that this first method is secure in
protecting one user from impersonating another."
(https://hadoop.apache.org/docs/r1.2.1/hdfs_permissions_guide.html), so I'm not
sure that hdfs is any better than serving via HTTP(S).
--
This message was sent by Atlassian JIRA
(v6.1#6144)
