Greg Mann created MESOS-5746: -------------------------------- Summary: Sandbox links are broken in authorized cluster Key: MESOS-5746 URL: https://issues.apache.org/jira/browse/MESOS-5746 Project: Mesos Issue Type: Bug Affects Versions: 1.0.0 Reporter: Greg Mann
I ran Mesos master with this script: {code} #! /usr/bin/env bash rm -rf /tmp/mesos/* cat <<EOF > /tmp/credentials.txt foo bar baz bar EOF cat <<EOF > /tmp/acls.json { "permissive": false, "access_mesos_logs" : [ { "principals" : { "values" : ["foo"] }, "logs" : { "type" : "ANY" } } ], "register_frameworks" : [ { "principals" : { "values" : ["foo"] }, "roles" : { "type" : "ANY" } } ], "run_tasks" : [ { "principals" : { "values" : ["foo"] }, "users" : { "type" : "ANY" } } ], "get_endpoints" : [ { "principals" : { "values" : ["foo"] }, "paths" : { "type" : "ANY" } } ], "view_frameworks" : [ { "principals" : { "values" : ["foo"] }, "users" : { "type" : "ANY" } } ], "view_tasks" : [ { "principals" : { "values" : ["foo"] }, "users" : { "type" : "ANY" } } ], "view_executors" : [ { "principals" : { "values" : ["foo"] }, "users" : { "type" : "ANY" } } ], "access_sandboxes" : [ { "principals" : { "values" : ["foo"] }, "users" : { "type" : "ANY" } } ], "access_mesos_logs" : [ { "principals" : { "values" : ["foo"] }, "logs" : { "type" : "ANY" } } ], "get_quotas" : [ { "principals" : { "values" : ["foo"] }, "roles" : { "type" : "ANY" } } ] } EOF export GLOG_v=2 export MESOS_VERBOSE=1 ./bin/mesos-master.sh --work_dir=/tmp/mesos/master \ --authenticate_http \ --credentials=file:///tmp/credentials.txt \ --acls=file:///tmp/acls.json \ --log_dir=/tmp/mesos/logs/master {code} and ran the agent with this script: {code} #! /usr/bin/env bash cat <<EOF > /tmp/credentials.txt foo bar baz bar EOF cat <<EOF > /tmp/acls.json { "permissive": false, "access_mesos_log" : [ { "principals" : { "values" : ["foo"] }, "logs" : { "type" : "ANY" } } ] } EOF export GLOG_v=2 export MESOS_VERBOSE=1 ./bin/mesos-slave.sh --work_dir=/tmp/mesos/agent \ --master=127.0.0.1:5050 \ --authenticate_http \ --http_credentials=file:///tmp/credentials.txt \ --acls=file:///tmp/acls.json \ --log_dir=/tmp/mesos/logs/agent {code} And then ran the long-lived framework with {{src/long-lived-framework --master=127.0.0.1:5050 --principal=foo --secret=bar}}. When attempting to click on "Sandbox" links in the Mesos web UI, I see the error {{Framework with ID 'd2735ff3-52ac-467a-b8eb-6bd7a119ee32-0000' does not exist on agent with ID 'd2735ff3-52ac-467a-b8eb-6bd7a119ee32-S0'. }} (screenshot attached). Looking at Chrome devtools, I don't see any non-200 return codes in HTTP responses. Each click on "Sandbox" produces a single request to the agent's {{/state}} endpoint, which returns 200 OK. I verified that the sandbox links work as expected when authorization is not enabled. -- This message was sent by Atlassian JIRA (v6.3.4#6332)