Re: Questions about secret handling in Mesos

2018-04-20 Thread Qian Zhang 
> When the secret is first downloaded on the mesos agent, it will be stored
as "root" on the tmpfs/ramfs before being mounted in the container ramfs.

It seems the secret is not stored on the tmpfs/ramfs on the agent host, we
just write it into a file

under the agent's runtime directory, and then move it into the ramfs

in the container when the container is launched.


Regards,
Qian Zhang

On Fri, Apr 20, 2018 at 2:47 PM, Gilbert Song  wrote:

> IIUC, your assumptions are all correct.
>
> @Kapil, could you please confirm? Maybe we could improve the document at
> the next Docathon.
>
> Gilbert
>
> On Thu, Apr 19, 2018 at 10:57 AM, Zhitao Li  wrote:
>
>> Hello,
>>
>> We at Uber plan to use volume/secret isolator to send secrets from Uber
>> framework to Mesos agent.
>>
>> For this purpose, we are referring to these documents:
>>
>>- File based secrets design doc
>>> TOScY87G_bMi5zBzMZmpc/edit#>
>>and slides
>>> Management%20in%20Mesos.pdf>
>>.
>>- Apache Mesos secrets documentation
>>
>>
>> Could you please confirm that the following assumptions are correct?
>>
>>- Mesos agent and master will never log the secret data at any logging
>>level;
>>- Mesos agent and master will never expose the secret data as part of
>>any API response;
>>- Mesos agent and master will never store the secret in any persistent
>>storage, but only on tmpfs or ramfs;
>>- When the secret is first downloaded on the mesos agent, it will be
>>stored as "root" on the tmpfs/ramfs before being mounted in the
>> container
>>ramfs.
>>
>> If above assumptions are true, then I would like to see them documented in
>> this as part of the Apache Mesos secrets documentation
>> . Otherwise, we'd
>> like to have a design discussion with maintainer of the isolator.
>>
>> We appreciate your help regarding this. Thanks!
>>
>> Regards,
>> Aditya And Zhitao
>>
>
>

Re: High availability feature

2018-04-20 Thread Tomek Janiszewski 
Marathon has its own mechanism. In theory it's similar but differs in
implementation but both rely on Zookeeper (ZK) for leader election. Mesos
uses replica log for keeping data while Marathon stores everything in ZK.

pt., 20.04.2018, 16:06 użytkownik Mahmood Naderan 
napisał:

> Hi,
> I want to know if the high availability feature of mesos is related to
> high availability of Marathon? In other word, mesos supports multiple
> master nodes with an election policy and so on. Does that provide high
> availability feature for marathon? Or marathon has its own mechanism?
>
>
> Regards,
> Mahmood
>

Re: High availability feature

2018-04-20 Thread Ken Sipe 
Marathon provides it’s own HA through multiple instances of Marathon:  
https://mesosphere.github.io/marathon/docs/high-availability.html 


Ken 

> On Apr 20, 2018, at 9:05 AM, Mahmood Naderan  wrote:
> 
> Hi,
> I want to know if the high availability feature of mesos is related to
> high availability of Marathon? In other word, mesos supports multiple
> master nodes with an election policy and so on. Does that provide high
> availability feature for marathon? Or marathon has its own mechanism?
> 
> 
> Regards,
> Mahmood

High availability feature

2018-04-20 Thread Mahmood Naderan 
Hi,
I want to know if the high availability feature of mesos is related to
high availability of Marathon? In other word, mesos supports multiple
master nodes with an election policy and so on. Does that provide high
availability feature for marathon? Or marathon has its own mechanism?


Regards,
Mahmood

Re: Questions about secret handling in Mesos

2018-04-20 Thread Gilbert Song 
IIUC, your assumptions are all correct.

@Kapil, could you please confirm? Maybe we could improve the document at
the next Docathon.

Gilbert

On Thu, Apr 19, 2018 at 10:57 AM, Zhitao Li  wrote:

> Hello,
>
> We at Uber plan to use volume/secret isolator to send secrets from Uber
> framework to Mesos agent.
>
> For this purpose, we are referring to these documents:
>
>- File based secrets design doc
> bMi5zBzMZmpc/edit#>
>and slides
> 20Management%20in%20Mesos.pdf>
>.
>- Apache Mesos secrets documentation
>
>
> Could you please confirm that the following assumptions are correct?
>
>- Mesos agent and master will never log the secret data at any logging
>level;
>- Mesos agent and master will never expose the secret data as part of
>any API response;
>- Mesos agent and master will never store the secret in any persistent
>storage, but only on tmpfs or ramfs;
>- When the secret is first downloaded on the mesos agent, it will be
>stored as "root" on the tmpfs/ramfs before being mounted in the
> container
>ramfs.
>
> If above assumptions are true, then I would like to see them documented in
> this as part of the Apache Mesos secrets documentation
> . Otherwise, we'd
> like to have a design discussion with maintainer of the isolator.
>
> We appreciate your help regarding this. Thanks!
>
> Regards,
> Aditya And Zhitao
>