On Thu, Jun 4, 2015 at 5:58 PM, Kevin Sweeney <[email protected]> wrote:
> Jeff, have you succfessfully run stunnel with a Mesos cluster? I'd > anticipate it to be a bit difficult due to the way that slaves dynamically > discover masters via zookeeper. If I remember correctly, with stunnel you > need to configure all the tunnels beforehand, which would mean that every > master would need to enumerate every possible slave beforehand, and > vice-versa. > > IMO that fairly severely limits the reliability of the system. > > By the way, is there a design doc for how TLS between slave and master is > going to be implemented in 0.23.0? > Its not a design doc, but the issue breakdown spells out much: https://issues.apache.org/jira/browse/MESOS-910 > > On Thu, Jun 4, 2015 at 4:30 PM, Jeff Schroeder <[email protected] > > wrote: > >> For securing insecure network communication you can use something like >> stunnel, then point the app at the local stunnel. It would be a fair bit of >> hoops to configure it all with any your config management system, but is >> totally doable. >> >> >> On Thursday, June 4, 2015, John Webb <[email protected]> wrote: >> >>> All, >>> >>> I'm looking for some recommendations on how to encrypt Mesos Slave & >>> Framework communication to the Mesos Master until Mesos v0.23 is released >>> which will include SSL support. I'm concerned about having the slave & >>> framework user/password being sent across our network in clear text. >>> >>> I would especially like to hear from people who actually running Mesos >>> in production environment. >>> >>> Thanks, >>> John Webb >>> >> >> >> -- >> Text by Jeff, typos by iPhone >> > >
