Hi Vinod,
The users in below run_tasks definition - does it refer to unix users in
the machine where the framework is run or the unix users in the mesos-slave
machine. I think the fact that I run all softwares (mesos-master,
mesos-slave, marathon) as docker containers is of significance and reason
for the below failure.
"run_tasks": [
{
"principals": {
"values": [
"marathon"
]
},
"users": {
"values": [
"devel"
]
}
},
{
"principals": {
"values": [
"marathon"
]
},
"users": {
"type": "NONE"
}
}
]
When I start the marathon, I start with the flag --mesos_user=devel and
while bringing up mesos-slave I bring up with the flag
--switch_user=true(which I think anyway is default). When I try to launch a
task this is what I am getting
Marathon Log:
0.10; rv:38.0) Gecko/20100101 Firefox/38.0"
(mesosphere.chaos.http.ChaosRequestLog:15)
[2015-03-06 06:04:04,057] INFO Received status update for task
busybox.9777a963-c3c6-11e4-a31a-56847afe9799: TASK_FAILED (Abnormal
executor termination) (mesosphere.marathon.MarathonScheduler:165)
[2015-03-06 06:04:04,063] INFO Task launch delay for [/busybox] is now [43]
seconds (mesosphere.util.RateLimiter:34)
[2015-03-06 06:04:04,068] INFO Task
busybox.9777a963-c3c6-11e4-a31a-56847afe9799 expunged and removed from
TaskTracker (mesosphere.marathon.tasks.TaskTracker:101)
[2015-03-06 06:04:04,068] INFO Sending event notification.
(mesosphere.marathon.MarathonScheduler:274)
Mesos-Slave Log:
Mar 06 06:06:03 node-0800279564ad sh[27684]: E0306 06:06:03.898473 13
slave.cpp:2787] Container '9835da8c-a844-4d53-a7f7-4a5e6e808a9b' for
executor 'busybox.d4ef22c6-c3c6-11e4-a31a-56847afe9799' of framework
'20150306-054714-24707342-5050-1-0000' failed to start: Failed to create
container: Failed to chown: Failed to get user information for 'devel':
Success
Mar 06 06:06:03 node-0800279564ad sh[27684]: E0306 06:06:03.900068 13
slave.cpp:2882] Termination of executor
'busybox.d4ef22c6-c3c6-11e4-a31a-56847afe9799' of framework
'20150306-054714-24707342-5050-1-0000' failed: Unknown container:
9835da8c-a844-4d53-a7f7-4a5e6e808a9b
Mar 06 06:06:03 node-0800279564ad sh[27684]: E0306 06:06:03.905900 13
slave.cpp:3134] Failed to unmonitor container for executor
busybox.d4ef22c6-c3c6-11e4-a31a-56847afe9799 of framework
20150306-054714-24707342-5050-1-0000: Not monitored
Could the failure be related to me running the mesos-slave as container
here?
Thanks,
./Siva.
On Mon, Mar 9, 2015 at 10:51 AM, Sivaram Kannan <[email protected]> wrote:
>
> Hi Vinod,
>
> Thanks, I got it. I guess I did not understand the relationship between
> principals defined in authentication and in authorization. I re-read the
> authentication and credentials flag, it is not clear from them that the
> principals defined in authorization should match them to work correctly. If
> I could, will change the documentation to be more clear and submit a PR.
>
> Thanks,
> ./Siva.
>
> On Mon, Mar 9, 2015 at 2:18 AM, Vinod Kone <[email protected]> wrote:
>
>> The principal used for authenticating the framework is the same principal
>> used to authorize the framework too. So you need to use 'marathon' in your
>> credentials too. In other words, when you start the framework the
>> Credential.principal should be the same as FrameworkInfo.principal (Mesos
>> master will validate this).
>>
>> On Sun, Mar 8, 2015 at 10:48 AM, Sivaram Kannan <[email protected]>
>> wrote:
>>
>>> I0308 17:41:14.876610 6 master.cpp:1342] Authorizing framework
>>> principal 'user1' to receive offers for role 'apps'
>>>
>>
>> As you can see from this line, the master is trying to authorize
>> principal 'user1' and not 'marathon'.
>>
>
>
>
> --
> ever tried. ever failed. no matter.
> try again. fail again. fail better.
> -- Samuel Beckett
>
--
ever tried. ever failed. no matter.
try again. fail again. fail better.
-- Samuel Beckett
