Hi Greg, Yes, this configuration works for me now. However, my next question is related to multi-tenancy.
If I turn off the settings for view_tasks from ANY and restrict to a specific user, from the UI, how can I as user A see only my tasks? I'm using the local authorizer - default that comes with open source mesos 1.0. To configure view_tasks, view_executors, access_sandboxes, do we need additional authentication added to the exisiting mesos UI? >From the UI how does it recognize User A to be User A? Are there any assumptions that I'm missing? What is the required infrastructure for multi tenancy here? On Wed, Sep 7, 2016 at 1:48 PM, Greg Mann <[email protected]> wrote: > Hi Haripriya, > I just ran a quick test using your ACLs (I added a permissive ACL for > "run_tasks" as well), and I was able to view everything in the web UI. I > did this test with the current HEAD of Mesos master, however, so it's > possible that something has changed since 1.0. > > One thing that can be very helpful is to look in the developer tools tab > of your browser to see what return codes and error messages are being > produced by the failed HTTP requests to the web UI. If you can provide some > of that information here, perhaps it will help us troubleshoot your > situation. > > Also, what is your authentication configuration? Are you setting any of > the authentication-related flags? > > Cheers, > Greg > > > On Wed, Sep 7, 2016 at 11:35 AM, Haripriya Ayyalasomayajula < > [email protected]> wrote: > >> Hi, >> >> Sorry, I should have been clear. I was referring to examples related to >> how to use them. there are examples for view_tasks but not for others. >> >> On Wed, Aug 31, 2016 at 7:44 PM, haosdent <[email protected]> wrote: >> >>> Hi, @haripriya I saw we already have "view_executors" in the document ( >>> https://github.com/apache/mesos/blob/master/docs/authorizat >>> ion.md#authorizable-actions) ? >>> >>> On Thu, Sep 1, 2016 at 4:41 AM, Haripriya Ayyalasomayajula < >>> [email protected]> wrote: >>> >>>> Well, I had to turn on auth for run_tasks, I had different set of >>>> configuration there. >>>> I had some syntax issue with the above mentioned configurations in my >>>> original file, fixed them and it works file. >>>> Is there a way the flags view_executors etc can be added to the >>>> existing documentation? >>>> >>>> On Wed, Aug 31, 2016 at 1:26 AM, haosdent <[email protected]> wrote: >>>> >>>>> Because your types are ANY, have you consider disable auth via don't >>>>> specify `--acl` flag when you launch Mesos master? >>>>> >>>>> >>>>> >>>>> On Wed, Aug 31, 2016 at 3:00 AM, Haripriya Ayyalasomayajula < >>>>> [email protected]> wrote: >>>>> >>>>>> Hi all, >>>>>> >>>>>> I've upgraded my mesos cluster to 1.0. >>>>>> I have spark and Marathon registered as frameworks and have no >>>>>> problem running jobs. >>>>>> I am unable to see any frameworks nor any tasks on the web UI. >>>>>> >>>>>> I found out that the following fields have been added to acls. >>>>>> view_frameworks, view_tasks, view_executors, access_sandboxes, >>>>>> access_mesos_logs >>>>>> and there are no examples related to these in: >>>>>> http://mesos.apache.org/documentation/latest/authorization/ >>>>>> Can someone help me understand where I'm going wrong? >>>>>> >>>>>> Looking at the JIRA https://issues.apache.org/jira/browse/MESOS-5746 >>>>>> I tried to come up with this json configuration, but that doesn't >>>>>> seem to work either. >>>>>> Here is my mesos_acls.json file: >>>>>> >>>>>> "get_endpoints": [ { >>>>>> >>>>>> "principals": { "type": "ANY" }, >>>>>> >>>>>> "paths": { "type": "ANY" } } >>>>>> >>>>>> ], >>>>>> >>>>>> >>>>>> "view_frameworks": [ { >>>>>> >>>>>> "principals": { "type": "ANY" }, >>>>>> >>>>>> "users": { "type": "ANY" } } >>>>>> >>>>>> ], >>>>>> >>>>>> >>>>>> "view_tasks": [ { >>>>>> >>>>>> "principals": { "type": "ANY" }, >>>>>> >>>>>> "users": { "type": "ANY" } } >>>>>> >>>>>> ], >>>>>> >>>>>> "view_executors": [ { >>>>>> >>>>>> "principals": { "type": "ANY" }, >>>>>> >>>>>> "users": { "type": "ANY" } } >>>>>> >>>>>> ], >>>>>> >>>>>> "access_sandboxes": [ { >>>>>> >>>>>> "principals": { "type": "ANY" }, >>>>>> >>>>>> "users": { "type": "ANY" } } >>>>>> >>>>>> ], >>>>>> >>>>>> "access_mesos_logs": [ { >>>>>> >>>>>> "principals": { "type": "ANY" }, >>>>>> >>>>>> "logs": { "type": "ANY" } } >>>>>> >>>>>> ], >>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Regards, >>>>>> Haripriya Ayyalasomayajula >>>>>> >>>>>> >>>>> >>>>> >>>>> -- >>>>> Best Regards, >>>>> Haosdent Huang >>>>> >>>> >>>> >>>> >>>> -- >>>> Regards, >>>> Haripriya Ayyalasomayajula >>>> >>>> >>> >>> >>> -- >>> Best Regards, >>> Haosdent Huang >>> >> >> >> >> -- >> Regards, >> Haripriya Ayyalasomayajula >> >> > -- Regards, Haripriya Ayyalasomayajula
