> On Nov. 13, 2015, 9:59 a.m., Joris Van Remoortere wrote:
> > Can we fix the underlying problem, as opposed to disabling SSL?
> 
> Jojy Varghese wrote:
>     Not sure if we should enforce SSL sockets in an executor unless being 
> explicitly asked for (say using a flag)
> 
> Timothy Chen wrote:
>     I don't think hard coding this is the right way to fix this, and this is 
> going to cause more problems as it affects all executors.
>     We should investigate how to get SSL to work when the environment is 
> present, and also have a better way to control all components either SSL 
> enabled or not.

What we really want is to be able to pass in SSL keys, certs etc for the 
container from the command line. But that would be a new feature. By default I 
think we should disable SSL on the launched containers. Also this change is 
local to mesos containetizer.


- Jojy


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/40284/#review106388
-----------------------------------------------------------


On Nov. 13, 2015, 8:12 a.m., Jojy Varghese wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/40284/
> -----------------------------------------------------------
> 
> (Updated Nov. 13, 2015, 8:12 a.m.)
> 
> 
> Review request for mesos and Timothy Chen.
> 
> 
> Repository: mesos
> 
> 
> Description
> -------
> 
> When SSL is enabled, the executor process will also expect SSL certs, keys 
> etc.
> which causes unnecessary dependencies. A simple case is when password is
> required for the SSL key. In this case, the executor would launch and wait for
> user on terminal to enter password.
> 
> 
> Diffs
> -----
> 
>   src/slave/containerizer/mesos/containerizer.cpp 
> 08243b61c1c277da7609bc910323cc1e27ff5cd4 
> 
> Diff: https://reviews.apache.org/r/40284/diff/
> 
> 
> Testing
> -------
> 
> 
> Thanks,
> 
> Jojy Varghese
> 
>

Reply via email to