Re: Mesos Security Recommendations
On Thu, Jun 4, 2015 at 5:12 PM, John Sirois john.sir...@gmail.com wrote: Its not a design doc, but the issue breakdown spells out much: https://issues.apache.org/jira/browse/MESOS-910 Joris will be sending out a doc soon (O(week))!
Re: Mesos Security Recommendations
On Thu, Jun 4, 2015 at 5:58 PM, Kevin Sweeney kevi...@apache.org wrote: Jeff, have you succfessfully run stunnel with a Mesos cluster? I'd anticipate it to be a bit difficult due to the way that slaves dynamically discover masters via zookeeper. If I remember correctly, with stunnel you need to configure all the tunnels beforehand, which would mean that every master would need to enumerate every possible slave beforehand, and vice-versa. IMO that fairly severely limits the reliability of the system. By the way, is there a design doc for how TLS between slave and master is going to be implemented in 0.23.0? Its not a design doc, but the issue breakdown spells out much: https://issues.apache.org/jira/browse/MESOS-910 On Thu, Jun 4, 2015 at 4:30 PM, Jeff Schroeder jeffschroe...@computer.org wrote: For securing insecure network communication you can use something like stunnel, then point the app at the local stunnel. It would be a fair bit of hoops to configure it all with any your config management system, but is totally doable. On Thursday, June 4, 2015, John Webb webbj1...@hotmail.com wrote: All, I'm looking for some recommendations on how to encrypt Mesos Slave Framework communication to the Mesos Master until Mesos v0.23 is released which will include SSL support. I'm concerned about having the slave framework user/password being sent across our network in clear text. I would especially like to hear from people who actually running Mesos in production environment. Thanks, John Webb -- Text by Jeff, typos by iPhone
Re: Mesos Security Recommendations
For securing insecure network communication you can use something like stunnel, then point the app at the local stunnel. It would be a fair bit of hoops to configure it all with any your config management system, but is totally doable. On Thursday, June 4, 2015, John Webb webbj1...@hotmail.com wrote: All, I'm looking for some recommendations on how to encrypt Mesos Slave Framework communication to the Mesos Master until Mesos v0.23 is released which will include SSL support. I'm concerned about having the slave framework user/password being sent across our network in clear text. I would especially like to hear from people who actually running Mesos in production environment. Thanks, John Webb -- Text by Jeff, typos by iPhone
Re: Mesos Security Recommendations
Jeff, have you succfessfully run stunnel with a Mesos cluster? I'd anticipate it to be a bit difficult due to the way that slaves dynamically discover masters via zookeeper. If I remember correctly, with stunnel you need to configure all the tunnels beforehand, which would mean that every master would need to enumerate every possible slave beforehand, and vice-versa. IMO that fairly severely limits the reliability of the system. By the way, is there a design doc for how TLS between slave and master is going to be implemented in 0.23.0? On Thu, Jun 4, 2015 at 4:30 PM, Jeff Schroeder jeffschroe...@computer.org wrote: For securing insecure network communication you can use something like stunnel, then point the app at the local stunnel. It would be a fair bit of hoops to configure it all with any your config management system, but is totally doable. On Thursday, June 4, 2015, John Webb webbj1...@hotmail.com wrote: All, I'm looking for some recommendations on how to encrypt Mesos Slave Framework communication to the Mesos Master until Mesos v0.23 is released which will include SSL support. I'm concerned about having the slave framework user/password being sent across our network in clear text. I would especially like to hear from people who actually running Mesos in production environment. Thanks, John Webb -- Text by Jeff, typos by iPhone
Mesos Security Recommendations
All, I'm looking for some recommendations on how to encrypt Mesos Slave Framework communication to the Mesos Master until Mesos v0.23 is released which will include SSL support. I'm concerned about having the slave framework user/password being sent across our network in clear text. I would especially like to hear from people who actually running Mesos in production environment. Thanks,John Webb