[jira] [Created] (MESOS-5746) Sandbox links are broken in authorized cluster

Wed, 29 Jun 2016 12:37:50 -0700 

Greg Mann created MESOS-5746:
--------------------------------

             Summary: Sandbox links are broken in authorized cluster
                 Key: MESOS-5746
                 URL: https://issues.apache.org/jira/browse/MESOS-5746
             Project: Mesos
          Issue Type: Bug
    Affects Versions: 1.0.0
            Reporter: Greg Mann


I ran Mesos master with this script:
{code}
#! /usr/bin/env bash

rm -rf /tmp/mesos/*

cat <<EOF > /tmp/credentials.txt
foo bar
baz bar
EOF

cat <<EOF > /tmp/acls.json
{
  "permissive": false,
  "access_mesos_logs" : [
    {
      "principals" : { "values" : ["foo"] },
      "logs" : { "type" : "ANY" }
    }
  ],
  "register_frameworks" : [
    {
      "principals" : { "values" : ["foo"] },
      "roles" : { "type" : "ANY" }
    }
  ],
  "run_tasks" : [
    {
      "principals" : { "values" : ["foo"] },
      "users" : { "type" : "ANY" }
    }
  ],
  "get_endpoints" : [
    {
      "principals" : { "values" : ["foo"] },
      "paths" : { "type" : "ANY" }
    }
  ],
  "view_frameworks" : [
    {
      "principals" : { "values" : ["foo"] },
      "users" : { "type" : "ANY" }
    }
  ],
  "view_tasks" : [
    {
      "principals" : { "values" : ["foo"] },
      "users" : { "type" : "ANY" }
    }
  ],
  "view_executors" : [
    {
      "principals" : { "values" : ["foo"] },
      "users" : { "type" : "ANY" }
    }
  ],
  "access_sandboxes" : [
    {
      "principals" : { "values" : ["foo"] },
      "users" : { "type" : "ANY" }
    }
  ],
  "access_mesos_logs" : [
    {
      "principals" : { "values" : ["foo"] },
      "logs" : { "type" : "ANY" }
    }
  ],
  "get_quotas" : [
    {
      "principals" : { "values" : ["foo"] },
      "roles" : { "type" : "ANY" }
    }
  ]
}
EOF

export GLOG_v=2
export MESOS_VERBOSE=1
./bin/mesos-master.sh --work_dir=/tmp/mesos/master \
                      --authenticate_http \
                      --credentials=file:///tmp/credentials.txt \
                      --acls=file:///tmp/acls.json \
                      --log_dir=/tmp/mesos/logs/master
{code}
and ran the agent with this script:
{code}
#! /usr/bin/env bash

cat <<EOF > /tmp/credentials.txt
foo bar
baz bar
EOF

cat <<EOF > /tmp/acls.json
{
  "permissive": false,
  "access_mesos_log" : [
    {
      "principals" : { "values" : ["foo"] },
      "logs" : { "type" : "ANY" }
    }
  ]
}
EOF

export GLOG_v=2
export MESOS_VERBOSE=1
./bin/mesos-slave.sh --work_dir=/tmp/mesos/agent \
                     --master=127.0.0.1:5050 \
                     --authenticate_http \
                     --http_credentials=file:///tmp/credentials.txt \
                     --acls=file:///tmp/acls.json \
                     --log_dir=/tmp/mesos/logs/agent
{code}

And then ran the long-lived framework with {{src/long-lived-framework 
--master=127.0.0.1:5050 --principal=foo --secret=bar}}. When attempting to 
click on "Sandbox" links in the Mesos web UI, I see the error {{Framework with 
ID 'd2735ff3-52ac-467a-b8eb-6bd7a119ee32-0000' does not exist on agent with ID 
'd2735ff3-52ac-467a-b8eb-6bd7a119ee32-S0'.
}} (screenshot attached). Looking at Chrome devtools, I don't see any non-200 
return codes in HTTP responses. Each click on "Sandbox" produces a single 
request to the agent's {{/state}} endpoint, which returns 200 OK.

I verified that the sandbox links work as expected when authorization is not 
enabled.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to