[
https://issues.apache.org/jira/browse/MESOS-910?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Joris Van Remoortere updated MESOS-910:
---------------------------------------
Description:
Currently all the messages that flow through the Mesos cluster are unencrypted
making it possible for intruders to intercept and potentially control your task.
We plan to add encryption support by adding SSL/TLS support to libprocess, the
low-level communication library that Mesos uses for all network communication
between Mesos components.
As a first step, we should replace the hand-coded http code in libprocess with a
standard library, ensuring that any mesos custom code like routing remains.
Then, transition to https should be easier.
h3. Road map to SSL
# Isolate libev dependencies to a manageable set of implementing files.
## MESOS-1912 Decouple libev from clock implementation
## MESOS-1914 Decouple libev from connection handling (use io::poll() instead
of individual watchers)
## MESOS-1952 Abstract network logic into socket class: connect()
## MESOS-1954 Abstract network logic into socket class: read()/write()
## MESOS-1953 Abstract network logic into socket class: connection events
(connected(), closed(), writable(), readable())
## MESOS-2119 Add Socket tests
## (MESOS-XXXX Libev backed Socket)
# Provide alternative implementation with libevent.
## MESOS-2106 Enable libevent backed libprocess with configure flag.
## MESOS-2107 Create libevent-backed clock implementation
## MESOS-2133 Create libevent-backed poll implementation
## MESOS-1911 Create libevent-backed socket implementation
# Enable SSL
## MESOS-2108 Add configure flag or environment variable to enable SSL/libevent
Socket
## MESOS-2109 Introduce socket factory
## MESOS-1913 Create libevent/SSL-backed stream/connection implementation
## MESOS-2085 Add support encrypted and non-encrypted communication in parallel
for cluster upgrade
was:
Currently all the messages that flow through the Mesos cluster are unencrypted
making it possible for intruders to intercept and potentially control your task.
We plan to add encryption support by adding SSL/TLS support to libprocess, the
low-level communication library that Mesos uses for all network communication
between Mesos components.
As a first step, we should replace the hand-coded http code in libprocess with a
standard library, ensuring that any mesos custom code like routing remains.
Then, transition to https should be easier.
h3. Road map to SSL
# Isolate libev dependencies to a manageable set of implementing files.
## MESOS-1912 Decouple libev from clock implementation
## MESOS-1914 Decouple libev from connection handling (use io::poll() instead
of individual watchers)
## MESOS-1952 Abstract network logic into socket class: connect()
## MESOS-1954 Abstract network logic into socket class: read()/write()
## MESOS-1953 Abstract network logic into socket class: connection events
(connected(), closed(), writable(), readable())
## MESOS-2119 Add Socket tests
## (MESOS-XXXX Libev backed Socket)
# Provide alternative implementation with libevent.
## MESOS-2106 Enable libevent backed libprocess with configure flag.
## MESOS-2107 Create libevent-backed clock implementation
## MESOS-2133 Create libevent-backed poll implementation
## MESOS-1911 Create libevent-backed socket implementation
# Enable SSL
## MESOS-2108 Enable SSL/libevent backed stream with configure flag.
## MESOS-2109 Introduce socket factory
## MESOS-1913 Create libevent/SSL-backed stream/connection implementation
## MESOS-2085 Add support encrypted and non-encrypted communication in parallel
for cluster upgrade
> Add SSL support to Mesos
> ------------------------
>
> Key: MESOS-910
> URL: https://issues.apache.org/jira/browse/MESOS-910
> Project: Mesos
> Issue Type: Epic
> Components: general, libprocess
> Reporter: Adam B
> Labels: encryption, security
>
> Currently all the messages that flow through the Mesos cluster are unencrypted
> making it possible for intruders to intercept and potentially control your
> task.
> We plan to add encryption support by adding SSL/TLS support to libprocess, the
> low-level communication library that Mesos uses for all network communication
> between Mesos components.
> As a first step, we should replace the hand-coded http code in libprocess
> with a
> standard library, ensuring that any mesos custom code like routing remains.
> Then, transition to https should be easier.
> h3. Road map to SSL
> # Isolate libev dependencies to a manageable set of implementing files.
> ## MESOS-1912 Decouple libev from clock implementation
> ## MESOS-1914 Decouple libev from connection handling (use io::poll() instead
> of individual watchers)
> ## MESOS-1952 Abstract network logic into socket class: connect()
> ## MESOS-1954 Abstract network logic into socket class: read()/write()
> ## MESOS-1953 Abstract network logic into socket class: connection events
> (connected(), closed(), writable(), readable())
> ## MESOS-2119 Add Socket tests
> ## (MESOS-XXXX Libev backed Socket)
> # Provide alternative implementation with libevent.
> ## MESOS-2106 Enable libevent backed libprocess with configure flag.
> ## MESOS-2107 Create libevent-backed clock implementation
> ## MESOS-2133 Create libevent-backed poll implementation
> ## MESOS-1911 Create libevent-backed socket implementation
> # Enable SSL
> ## MESOS-2108 Add configure flag or environment variable to enable
> SSL/libevent Socket
> ## MESOS-2109 Introduce socket factory
> ## MESOS-1913 Create libevent/SSL-backed stream/connection implementation
> ## MESOS-2085 Add support encrypted and non-encrypted communication in
> parallel for cluster upgrade
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
