----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/36389/#review91784 -----------------------------------------------------------
To make sure that this is fool proof(ish), I would suggest that this should only ship only when the Authorizer framework (mentioned in the TODO comment) becomes available. Also, I would add a screaming comment to --usage, something along the lines of 'this is insecure, and this enables arbitrary command executrion with root privileges'. In general, I am of the firm opinion that this feature should come with a whitelisting mechanism that will allow operators to whitelist (benign) commands that they want to execute, and forbid anything else. - Artem Harutyunyan On July 14, 2015, 4:20 p.m., Marco Massenzio wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/36389/ > ----------------------------------------------------------- > > (Updated July 14, 2015, 4:20 p.m.) > > > Review request for mesos, Benjamin Hindman and Cody Maloney. > > > Bugs: MESOS-2830 > https://issues.apache.org/jira/browse/MESOS-2830 > > > Repository: mesos > > > Description > ------- > > Jira: MESOS-2830 > > Under certain (maintenance) circumnstance, it may be necessary > (or desirable) to execute arbitrary operator's commands on the > slave (the entire fleet or a subset thereof) bypassing the Mesos > Task execution mechanism; this may typically be necessary for > maintenance and/or emergency actions. > > This patch adds an HTTP endpoint (/execute) which accepts a > JSON-encoded CommandInfo structure and executes the given > command (with optional arguments). > > The output of the command (along with potentially any stderr > messages) is returned JSON-encoded in the Response. > > For more details, see the design doc at: > https://goo.gl/4npTMU > > > Diffs > ----- > > src/slave/flags.hpp 26c778db2303167369af8675fe0441a00a1e9151 > src/slave/flags.cpp 8632677ebbdbfef8ffa45204b6f63a700baff7f3 > src/slave/main.cpp 8008430e98773d8be9ba5ac6385cffb2e351932a > src/slave/slave.hpp dec4ca8323e151a6d0f9139214ff0ef6e3e3375a > src/slave/slave.cpp 2119b5176aa7cfb7b0b551d4d4f65ee12818b9e4 > > Diff: https://reviews.apache.org/r/36389/diff/ > > > Testing > ------- > > make check > > lots of manual testing (using Postman, REST client) > > > Thanks, > > Marco Massenzio > >