Details
-
Epic
-
Status: Resolved
-
Blocker
-
Resolution: Implemented
-
None
-
SSL
Description
Currently all the messages that flow through the Mesos cluster are unencrypted
making it possible for intruders to intercept and potentially control your task.
We plan to add encryption support by adding SSL/TLS support to libprocess, the
low-level communication library that Mesos uses for all network communication
between Mesos components.
As a first step, we should replace the hand-coded http code in libprocess with a
standard library, ensuring that any mesos custom code like routing remains.
Then, transition to https should be easier.
Road map to SSL
- Isolate libev dependencies to a manageable set of implementing files.
MESOS-1912Decouple libev from clock implementationMESOS-1914Decouple libev from connection handling (use io::poll() instead of individual watchers)MESOS-1952Abstract network logic into socket class: connect()MESOS-1954Abstract network logic into socket class: read()/write()MESOS-1953Abstract network logic into socket class: connection events (connected(), closed(), writable(), readable())- MESOS-2119 Add Socket tests
- (MESOS-XXXX Libev backed Socket)
- Provide alternative implementation with libevent.
MESOS-2106Enable libevent backed libprocess with configure flag.MESOS-2107Create libevent-backed clock implementationMESOS-2133Create libevent-backed poll implementation- MESOS-1911 Create libevent-backed socket implementation
- Enable SSL
MESOS-2108Add configure flag or environment variable to enable SSL/libevent SocketMESOS-2109Introduce socket factoryMESOS-1913Create libevent/SSL-backed Socket implementationMESOS-2085Add support encrypted and non-encrypted communication in parallel for cluster upgrade
Attachments
Attachments
Issue Links
- blocks
-
MESOS-2727 0.23.0 Release
- Resolved
- relates to
-
MESOS-418 Add security and authentication support to Mesos (including integration with LDAP).
- Resolved
- supercedes
-
MESOS-1330 Introduce stream abstraction to libprocess
- Resolved
Issues in epic
|
MESOS-1913 | Create libevent/SSL-backed Socket implementation | Resolved | Joris Van Remoortere | ||
|
MESOS-2108 | Add configure flag or environment variable to enable SSL/libevent Socket | Resolved | Joris Van Remoortere | ||
|
MESOS-1912 | Decouple libev from clock implementation | Resolved | Benjamin Hindman | ||
|
MESOS-1914 | Decouple libev from connection handling | Resolved | Benjamin Hindman | ||
|
MESOS-1952 | Abstract network logic into socket class: connect() | Resolved | Joris Van Remoortere | ||
|
MESOS-1953 | Abstract network logic into socket class: connection events (connected(), closed(), writable(), readable()) | Resolved | Joris Van Remoortere | ||
|
MESOS-1954 | Abstract network logic into socket class: read()/write() | Resolved | Joris Van Remoortere | ||
|
MESOS-2106 | Enable libevent backed libprocess with configure flag | Resolved | Joris Van Remoortere | ||
|
MESOS-2107 | Create libevent-backed clock implementation | Resolved | Joris Van Remoortere | ||
|
MESOS-2109 | Introduce socket factory | Resolved | Joris Van Remoortere | ||
|
MESOS-2133 | Create libevent-backed poll implementation | Resolved | Joris Van Remoortere | ||
|
MESOS-2168 | Introduce Event Loop Interface | Resolved | Joris Van Remoortere | ||
|
MESOS-2888 | Add SSL socket tests | Resolved | Joris Van Remoortere | ||
|
MESOS-2085 | Add support encrypted and non-encrypted communication in parallel for cluster upgrade | Resolved | Joris Van Remoortere | ||
|
MESOS-2889 | Add SSL switch to python configuration | Resolved | Artem Harutyunyan | ||
|
MESOS-2890 | Sandbox URL doesn't work in web-ui when using SSL | Resolved | Joris Van Remoortere | ||
|
MESOS-2942 | Create documentation for using SSL | Resolved | Joris Van Remoortere | ||
|
MESOS-2943 | mesos fails to compile under mac when libssl and libevent are enabled | Resolved | Joris Van Remoortere | ||
|
MESOS-2963 | Configure Jenkins to build ssl | Resolved | Joris Van Remoortere | ||
|
MESOS-2966 | socket::peer() and socket::address() might fail with SSL enabled | Resolved | Joris Van Remoortere | ||
|
MESOS-2973 | SSL tests don't work with --gtest_repeat | Resolved | Joris Van Remoortere | ||
|
MESOS-2975 | SSL tests don't work with --gtest_shuffle | Resolved | Joris Van Remoortere | ||
|
MESOS-2997 | SSL connection failure causes failed CHECK. | Resolved | Joris Van Remoortere | ||
|
MESOS-3005 | SSL tests can fail depending on hostname configuration | Resolved | Joris Van Remoortere | ||
|
MESOS-3008 | Libevent SSL doesn't use EPOLL | Resolved | Joris Van Remoortere | ||
|
MESOS-3121 | Always disable SSLV2 | Resolved | Joris Van Remoortere | ||
|
MESOS-4069 | libevent_ssl_socket assertion fails | Resolved | Jojy Varghese |