[
https://issues.apache.org/jira/browse/MESOS-5900?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15391888#comment-15391888
]
Till Toenshoff commented on MESOS-5900:
---------------------------------------
This would also very much simplify having strict SSL encryption enabled on all
connections of our agents {{LIBPROCESS_SSL_SUPPORT_DOWNGRADE=false}}. Right now
getting this covered demands a bunch of extra precautions as described in
https://issues.apache.org/jira/browse/MESOS-3815. Using domain-sockets appears
to be the most reliable, flexible and secure solution for the agent / executor
communication.
One challenge here may be getting domain-sockets to work on Windows -- Linux
and OSX support them out of the box for sure. However, having regular sockets
as a fallback may be a good option.
> Consider supporting Unix domain socket connections in libprocess
> ----------------------------------------------------------------
>
> Key: MESOS-5900
> URL: https://issues.apache.org/jira/browse/MESOS-5900
> Project: Mesos
> Issue Type: Improvement
> Components: libprocess
> Reporter: Neil Conway
> Labels: mesosphere
>
> We should consider allowing two programs on the same host using libprocess to
> communicate via Unix domain sockets rather than TCP. This has a few
> advantages:
> * Security: remote hosts cannot connect to the Unix socket. Domain sockets
> also offer additional support for
> [authentication|https://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Authentication-UNIX_Domain.html].
> * Performance: domain sockets are marginally faster than localhost TCP.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
