Uploaded image for project: 'Mesos'
  1. Mesos
  2. MESOS-6747

ContainerLogger runnable must not inherit the slave environment.

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Blocker
    • Resolution: Fixed
    • 1.2.0
    • 1.2.0
    • None

    Description

      The ContainerLogger module which forks a child process named "mesos-logrotate-logger" does inherit the slave's environment. Specifically things like LIBPROCESS_SSL_.... variables are not meant to be picked up by that runnable and cause issues as soon as the owning user is not the same as the one owning the agent process.
      So if the agent has an SSL key setup via LIBPROCESS_SSL_KEY_FILE and if that key-file is readable by the agent user (root) only, then the mesos-logrotate-logger will try to read that file as well even though it is being run as nobody - that action will then fail the runnable and hence fail the entire task.

      Could not load key file '/my/funky/key/path/key.key' (OpenSSL error #33558541): error:0200100D:system library:fopen:Permission denied

      Attachments

        Issue Links

          is related to

          Bug - A problem which impairs or prevents the functions of the product. MESOS-5856 Logrotate ContainerLogger module does not rotate logs when run as root with `--switch_user`.

          • Critical - Crashes, loss of data, severe memory leak.
          • Resolved
          relates to

          Improvement - An improvement or enhancement to an existing feature or task. MESOS-6751 Mesos should allow for selective environment inheritance.

          • Major - Major loss of function.
          • Open

          Activity

            People

              tillt Till Toenshoff
              tillt Till Toenshoff
              Joseph Wu Joseph Wu
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: