Uploaded image for project: 'Mesos'
  1. Mesos
  2. MESOS-5746

Sandbox links are broken in authorized cluster

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Cannot Reproduce
    • Affects Version/s: 1.0.0
    • Fix Version/s: None
    • Component/s: None

      Description

      I ran Mesos master with this script:

      #! /usr/bin/env bash
      
      rm -rf /tmp/mesos/*
      
      cat <<EOF > /tmp/credentials.txt
      foo bar
      baz bar
      EOF
      
      cat <<EOF > /tmp/acls.json
      {
        "permissive": false,
        "access_mesos_logs" : [
          {
            "principals" : { "values" : ["foo"] },
            "logs" : { "type" : "ANY" }
          }
        ],
        "register_frameworks" : [
          {
            "principals" : { "values" : ["foo"] },
            "roles" : { "type" : "ANY" }
          }
        ],
        "run_tasks" : [
          {
            "principals" : { "values" : ["foo"] },
            "users" : { "type" : "ANY" }
          }
        ],
        "get_endpoints" : [
          {
            "principals" : { "values" : ["foo"] },
            "paths" : { "type" : "ANY" }
          }
        ],
        "view_frameworks" : [
          {
            "principals" : { "values" : ["foo"] },
            "users" : { "type" : "ANY" }
          }
        ],
        "view_tasks" : [
          {
            "principals" : { "values" : ["foo"] },
            "users" : { "type" : "ANY" }
          }
        ],
        "view_executors" : [
          {
            "principals" : { "values" : ["foo"] },
            "users" : { "type" : "ANY" }
          }
        ],
        "access_sandboxes" : [
          {
            "principals" : { "values" : ["foo"] },
            "users" : { "type" : "ANY" }
          }
        ],
        "access_mesos_logs" : [
          {
            "principals" : { "values" : ["foo"] },
            "logs" : { "type" : "ANY" }
          }
        ],
        "get_quotas" : [
          {
            "principals" : { "values" : ["foo"] },
            "roles" : { "type" : "ANY" }
          }
        ]
      }
      EOF
      
      export GLOG_v=2
      export MESOS_VERBOSE=1
      ./bin/mesos-master.sh --work_dir=/tmp/mesos/master \
                            --authenticate_http \
                            --credentials=file:///tmp/credentials.txt \
                            --acls=file:///tmp/acls.json \
                            --log_dir=/tmp/mesos/logs/master
      

      and ran the agent with this script:

      #! /usr/bin/env bash
      
      cat <<EOF > /tmp/credentials.txt
      foo bar
      baz bar
      EOF
      
      cat <<EOF > /tmp/acls.json
      {
        "permissive": false,
        "access_mesos_log" : [
          {
            "principals" : { "values" : ["foo"] },
            "logs" : { "type" : "ANY" }
          }
        ]
      }
      EOF
      
      export GLOG_v=2
      export MESOS_VERBOSE=1
      ./bin/mesos-slave.sh --work_dir=/tmp/mesos/agent \
                           --master=127.0.0.1:5050 \
                           --authenticate_http \
                           --http_credentials=file:///tmp/credentials.txt \
                           --acls=file:///tmp/acls.json \
                           --log_dir=/tmp/mesos/logs/agent
      

      And then ran the long-lived framework with src/long-lived-framework --master=127.0.0.1:5050 --principal=foo --secret=bar. When attempting to click on "Sandbox" links in the Mesos web UI, I see the error Framework with ID 'd2735ff3-52ac-467a-b8eb-6bd7a119ee32-0000' does not exist on agent with ID 'd2735ff3-52ac-467a-b8eb-6bd7a119ee32-S0'. (screenshot attached). Looking at Chrome devtools, I don't see any non-200 return codes in HTTP responses. Each click on "Sandbox" produces a single request to the agent's /state endpoint, which returns 200 OK.

      I verified that the sandbox links work as expected when authorization is not enabled.

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              greggomann Greg Mann
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: