Uploaded image for project: 'Mesos'
  1. Mesos
  2. MESOS-910

Add SSL support to Mesos

Attach filesAttach ScreenshotVotersWatch issueWatchersLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • SSL

    Description

      Currently all the messages that flow through the Mesos cluster are unencrypted
      making it possible for intruders to intercept and potentially control your task.
      We plan to add encryption support by adding SSL/TLS support to libprocess, the
      low-level communication library that Mesos uses for all network communication
      between Mesos components.
      As a first step, we should replace the hand-coded http code in libprocess with a
      standard library, ensuring that any mesos custom code like routing remains.
      Then, transition to https should be easier.

      Road map to SSL

      1. Isolate libev dependencies to a manageable set of implementing files.
        1. MESOS-1912 Decouple libev from clock implementation
        2. MESOS-1914 Decouple libev from connection handling (use io::poll() instead of individual watchers)
        3. MESOS-1952 Abstract network logic into socket class: connect()
        4. MESOS-1954 Abstract network logic into socket class: read()/write()
        5. MESOS-1953 Abstract network logic into socket class: connection events (connected(), closed(), writable(), readable())
        6. MESOS-2119 Add Socket tests
        7. (MESOS-XXXX Libev backed Socket)
      2. Provide alternative implementation with libevent.
        1. MESOS-2106 Enable libevent backed libprocess with configure flag.
        2. MESOS-2107 Create libevent-backed clock implementation
        3. MESOS-2133 Create libevent-backed poll implementation
        4. MESOS-1911 Create libevent-backed socket implementation
      3. Enable SSL
        1. MESOS-2108 Add configure flag or environment variable to enable SSL/libevent Socket
        2. MESOS-2109 Introduce socket factory
        3. MESOS-1913 Create libevent/SSL-backed Socket implementation
        4. MESOS-2085 Add support encrypted and non-encrypted communication in parallel for cluster upgrade

      Attachments

        Issue Links

        Activity

          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            jvanremoortere Joris Van Remoortere
            adam-mesos Adam B
            Benjamin Hindman Benjamin Hindman
            Votes:
            4 Vote for this issue
            Watchers:
            11 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Slack

                Issue deployment