> On Nov. 13, 2015, 9:59 a.m., Joris Van Remoortere wrote: > > Can we fix the underlying problem, as opposed to disabling SSL? > > Jojy Varghese wrote: > Not sure if we should enforce SSL sockets in an executor unless being > explicitly asked for (say using a flag) > > Timothy Chen wrote: > I don't think hard coding this is the right way to fix this, and this is > going to cause more problems as it affects all executors. > We should investigate how to get SSL to work when the environment is > present, and also have a better way to control all components either SSL > enabled or not. > > Jojy Varghese wrote: > What we really want is to be able to pass in SSL keys, certs etc for the > container from the command line. But that would be a new feature. By default > I think we should disable SSL on the launched containers. Also this change is > local to mesos containetizer.
However if you disable SSL for all tasks from mesos containerizer it's going to cause problems, as you remember there is a existing bug in Docker executor that it doesn't inherit SSL and users wasn't able to launch tasks with it enabled right? - Timothy ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/40284/#review106388 ----------------------------------------------------------- On Nov. 13, 2015, 8:12 a.m., Jojy Varghese wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/40284/ > ----------------------------------------------------------- > > (Updated Nov. 13, 2015, 8:12 a.m.) > > > Review request for mesos and Timothy Chen. > > > Repository: mesos > > > Description > ------- > > When SSL is enabled, the executor process will also expect SSL certs, keys > etc. > which causes unnecessary dependencies. A simple case is when password is > required for the SSL key. In this case, the executor would launch and wait for > user on terminal to enter password. > > > Diffs > ----- > > src/slave/containerizer/mesos/containerizer.cpp > 08243b61c1c277da7609bc910323cc1e27ff5cd4 > > Diff: https://reviews.apache.org/r/40284/diff/ > > > Testing > ------- > > > Thanks, > > Jojy Varghese > >