[
https://issues.apache.org/jira/browse/MESOS-6747?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15729392#comment-15729392
]
Till Toenshoff commented on MESOS-6747:
---------------------------------------
This did not pop up earlier because originally the mesos-logrotate-logger was
running in the agent context and as the agent user, hence it did have no issues
accessing the key-file. Now that
https://issues.apache.org/jira/browse/MESOS-5856 has landed, the logger is
running as a different user, causing this problem to surface.
> ContainerLogger runnable must not inherit the slave environment.
> ----------------------------------------------------------------
>
> Key: MESOS-6747
> URL: https://issues.apache.org/jira/browse/MESOS-6747
> Project: Mesos
> Issue Type: Bug
> Reporter: Till Toenshoff
> Priority: Blocker
>
> The ContainerLogger module which forks a child process named
> "mesos-logrotate-logger" does inherit the slave's environment. Specifically
> things like {{LIBPROCESS_SSL_....}} variables are not meant to be picked up
> by that runnable and cause issues as soon as the owning user is not the same
> as the one owning the agent process.
> So if the agent has an SSL key setup via {{LIBPROCESS_SSL_KEY_FILE}} and if
> that key-file is readable by the agent user (root) only, then the
> {{mesos-logrotate-logger}} will try to read that file as well even though it
> is being run as nobody - that action will then fail the runnable and hence
> fail the entire task.
> {noformat}
> Could not load key file '/my/funky/key/path/key.key' (OpenSSL error
> #33558541): error:0200100D:system library:fopen:Permission denied
> {noformat}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
