One possible way could be map an external volume and make the certificate available on the volume. The application can poll the file, and presence of file can trigger alert to read it. 2cnts
On Mon, Nov 30, 2015 at 4:56 PM, tommy xiao <[email protected]> wrote: > Haosdent's suggest is not ideal way. > > 2015-11-30 0:28 GMT+08:00 Jojy Varghese <[email protected]>: > > > Haosdent is right that “nsenter” is used by docker users but wanted to > add > > that it is not a docker only command. It is a linux utility that can be > > used to enter the namespaces of processes using their “procfs” files [1]. > > Mesos containerizer can be configured to use linux isolators (filesystem > > for example) which uses namespaces. So these namespaces (say mount > > namespace) can be then entered using “nsenter”. > > If i understand what you are trying to achieve, the certificates can be > > placed into the container by entering the mount namespace of the > container > > process. Mount namespace will give you view of the file system as viewed > by > > the container process. > > > > -Jojy > > > > [1] http://man7.org/linux/man-pages/man1/nsenter.1.html < > > http://man7.org/linux/man-pages/man1/nsenter.1.html> > > > > > > > > > On Nov 29, 2015, at 4:51 AM, haosdent <[email protected]> wrote: > > > > > > If you use Docker container, you could use "nsenter" command > > > https://docs.docker.com/engine/reference/commandline/exec/ . But > because > > > you use Mesos container, I think in your task, you need send the data > to > > > some store, maybe just print data to task logs or save them in > database. > > So > > > that we could inspect them outside Mesos container. > > > > > > On Sun, Nov 29, 2015 at 8:39 PM, Shuai Lin <[email protected]> > > wrote: > > > > > >> This ticket may be related: > > >> https://issues.apache.org/jira/browse/MESOS-2724 > > >> "Support running custom commands on slaves when launching a docker > > >> container" > > >> > > >> On Sun, Nov 29, 2015 at 6:13 PM, Adam Medziński < > > [email protected]> > > >> wrote: > > >> > > >>> So if I understand all correctly - I can (as Sargun Dhillon suggests) > > >>> write my own mesos hook and inject data through environment > variables, > > >>> or try to use nsenter if I need something more sophisticated? > > >>> > > >>> On 28 November 2015 at 17:23, Jojy Varghese <[email protected]> > > wrote: > > >>>> Although its not possible today directly using Mesos, we could > always > > >>> use “nsenter” to enter the container namespace and do things. I > haven’t > > >>> tried it myself but conceptually thats the way to do it. > > >>>> > > >>>> -Jojy > > >>>> > > >>>> > > >>>>> On Nov 28, 2015, at 3:30 AM, Sargun Dhillon <[email protected]> > > wrote: > > >>>>> > > >>>>> You can do this using Mesos Modules - Documented here: > > >>>>> http://mesos.apache.org/documentation/latest/modules/ > > >>>>> > > >>>>> I think you're probably looking at writing a hooks module for the > > >>>>> agent, and taking advantage of the > slaveExecutorEnvironmentDecorator > > >>>>> callback. > > >>>>> > > >>>>> On Sat, Nov 28, 2015 at 3:12 AM, tommy xiao <[email protected]> > > wrote: > > >>>>>> feel no way, you need some tricks on it. > > >>>>>> > > >>>>>> 2015-11-27 19:23 GMT+08:00 Adam Medziński < > [email protected] > > >>> : > > >>>>>> > > >>>>>>> It is possible to inject dynamically generated data (for example > > >>>>>>> certificate generated for task) into mesos container? Data should > > be > > >>>>>>> available only to task process. > > >>>>>>> > > >>>>>>> -- > > >>>>>>> Best Regards, > > >>>>>>> Adam Medziński > > >>>>>>> > > >>>>>> > > >>>>>> > > >>>>>> > > >>>>>> -- > > >>>>>> Deshi Xiao > > >>>>>> Twitter: xds2000 > > >>>>>> E-mail: xiaods(AT)gmail.com > > >>>> > > >>> > > >>> > > >>> > > >>> -- > > >>> Best Regards, > > >>> Adam Medziński > > >>> > > >> > > > > > > > > > > > > -- > > > Best Regards, > > > Haosdent Huang > > > > > > > -- > Deshi Xiao > Twitter: xds2000 > E-mail: xiaods(AT)gmail.com >
