Stephan, Thanks for the suggestion, but the docker.tar.gz URI was just an example of the problem. We also need to write temporary files to the sandbox. This means we need the sandbox to be owned by the specified user.
__________________________________________________ Craig De Groot On Sat, Apr 29, 2017 at 8:50 AM, Stephen Gran <[email protected]> wrote: > Hi, > > We ran into this as well, but happily you can specify docker credentials > for the mesos agent instead of using a file URI. This works a treat and > stops putting docker credentials in the sandbox, which is a nice side > effect. > > Cheers, > > On 26/04/17 17:07, De Groot (CTR), Craig wrote: > > We recently upgraded from Mesos 1.1.0 to 1.2.0 and are encountering > > errors with code that previously worked in 1.1.0. I believe that this > > is a bug in the new version. If not, I would like to know the correct > > procedure for using the sandbox as a user other than root. > > > > Here is the scenario: > > 1) Setup a job in Marathon which specifies a URI to our private > > docker.tar.gz > > - See: this for an example > > ... https://mesosphere.github.io/marathon/docs/native-docker- > private-registry.html > > <https://mesosphere.github.io/marathon/docs/native-docker- > private-registry.html> > > - This is a local file on each node > > > > 2) Specify a User (other than root) in the Marathon UI > > > > 3) Mesos will try to fetch the file and fails during the copy because > > the ownership of the sandbox directory are not changed to the specified > > user. > > - Note that 1.1.0 correctly set the sandbox directory to the specified > > user > > - This behavior is documented in the Mesos Docs here (see "specifying > > a user name"): http://mesos.apache.org/documentation/latest/fetcher/ > > <http://mesos.apache.org/documentation/latest/fetcher/> > > > > Thanks in advance for the help! > > > > __________________________________________________ > > Craig De Groot > > > > > > -- > Stephen Gran > Senior Technical Architect > > picture the possibilities | piksel.com > >
