You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@mesos.apache.org by Rad Gruchalski <ra...@gruchalski.com> on 2015/11/04 11:50:23 UTC
How is Mesos doing certificate verification for resources in
URIs?
Hi everyone,
I’ve added the following URI to the URIs for the task: https://raw.githubusercontent.com/apache/spark/master/pom.xml. However, my task has failed because of:
Failed to fetch 'https://raw.githubusercontent.com/apache/spark/master/pom.xml': Error downloading resource: Peer certificate cannot be authenticated with given CA certificates
This surely is a problem in mesos. Everybody else in the world claims that the certificate is valid. Or is there a setting for making this work?
Kind regards,
Radek Gruchalski
radek@gruchalski.com (mailto:radek@gruchalski.com)
(mailto:radek@gruchalski.com)
de.linkedin.com/in/radgruchalski/ (http://de.linkedin.com/in/radgruchalski/)
Confidentiality:
This communication is intended for the above-named person and may be confidential and/or legally privileged.
If it has come to you in error you must take no action based on it, nor must you copy or show it to anyone; please delete/destroy and inform the sender immediately.
Re: How is Mesos doing certificate verification for resources
in URIs?
Posted by Rad Gruchalski <ra...@gruchalski.com>.
Kamil,
It’s perfect, thank you.
Kind regards,
Radek Gruchalski
radek@gruchalski.com (mailto:radek@gruchalski.com)
(mailto:radek@gruchalski.com)
de.linkedin.com/in/radgruchalski/ (http://de.linkedin.com/in/radgruchalski/)
Confidentiality:
This communication is intended for the above-named person and may be confidential and/or legally privileged.
If it has come to you in error you must take no action based on it, nor must you copy or show it to anyone; please delete/destroy and inform the sender immediately.
On Wednesday, 4 November 2015 at 12:31, Rad Gruchalski wrote:
> Kamil,
>
> Will give it a shot. Thanks for the pointer.
>
>
>
>
>
>
>
>
>
>
> Kind regards,
> Radek Gruchalski
>
radek@gruchalski.com (mailto:radek@gruchalski.com)
(mailto:radek@gruchalski.com)
> de.linkedin.com/in/radgruchalski/ (http://de.linkedin.com/in/radgruchalski/)
>
> Confidentiality:
> This communication is intended for the above-named person and may be confidential and/or legally privileged.
> If it has come to you in error you must take no action based on it, nor must you copy or show it to anyone; please delete/destroy and inform the sender immediately.
>
>
>
> On Wednesday, 4 November 2015 at 12:28, Kamil Chmielewski wrote:
>
> > We had similiar issues with custom built Mesos linked with libcurl4-nss https://github.com/apache/mesos/pull/48.
> > Everythng works like expected when we use libcurl4-openssl.
> >
> > Cheers,
> > Kamil
> >
> > 2015-11-04 12:19 GMT+01:00 Rad Gruchalski <radek@gruchalski.com (mailto:radek@gruchalski.com)>:
> > > Yes, this is from the agent:
> > >
> > > ~$ curl -i https://raw.githubusercontent.com/apache/spark/master/pom.xml
> > > HTTP/1.1 200 OK
> > > Content-Security-Policy: default-src 'none'
> > > X-XSS-Protection: 1; mode=block
> > > X-Frame-Options: deny
> > > X-Content-Type-Options: nosniff
> > > Strict-Transport-Security: max-age=31536000
> > > ETag: "762bfc728233533ab49336ff68dc02203407ea43"
> > > Content-Type: text/plain; charset=utf-8
> > > Cache-Control: max-age=300
> > > X-GitHub-Request-Id: B91F1318:509A:EEE5F90:5639E92E
> > > Content-Length: 87329
> > > Accept-Ranges: bytes
> > > Date: Wed, 04 Nov 2015 11:17:02 GMT
> > > Via: 1.1 varnish
> > > Connection: keep-alive
> > > X-Served-By: cache-lhr6327-LHR
> > > X-Cache: MISS
> > > X-Cache-Hits: 0
> > > Vary: Authorization,Accept-Encoding
> > > Access-Control-Allow-Origin: *
> > > X-Fastly-Request-ID: f3120a4d90968291aa84609c786626599809456d
> > > Expires: Wed, 04 Nov 2015 11:22:02 GMT
> > > Source-Age: 0
> > >
> > > <?xml version="1.0" encoding="UTF-8"?>
> > > <!--
> > > ~ Licensed to the Apache Software Foundation (ASF) under one or more
> > >
> > > ...
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > > Kind regards,
> > > Radek Gruchalski
> > >
radek@gruchalski.com (mailto:radek@gruchalski.com)
(mailto:radek@gruchalski.com)
> > > de.linkedin.com/in/radgruchalski/ (http://de.linkedin.com/in/radgruchalski/)
> > >
> > > Confidentiality:
> > > This communication is intended for the above-named person and may be confidential and/or legally privileged.
> > > If it has come to you in error you must take no action based on it, nor must you copy or show it to anyone; please delete/destroy and inform the sender immediately.
> > >
> > >
> > >
> > > On Wednesday, 4 November 2015 at 12:15, haosdent wrote:
> > >
> > > > Could you curl https://raw.githubusercontent.com/apache/spark/master/pom.xml success in your slave?
> > > >
> > > > On Wed, Nov 4, 2015 at 6:50 PM, Rad Gruchalski <radek@gruchalski.com (mailto:radek@gruchalski.com)> wrote:
> > > > > Hi everyone,
> > > > >
> > > > > I’ve added the following URI to the URIs for the task: https://raw.githubusercontent.com/apache/spark/master/pom.xml. However, my task has failed because of:
> > > > >
> > > > > Failed to fetch 'https://raw.githubusercontent.com/apache/spark/master/pom.xml': Error downloading resource: Peer certificate cannot be authenticated with given CA certificates
> > > > >
> > > > > This surely is a problem in mesos. Everybody else in the world claims that the certificate is valid. Or is there a setting for making this work?
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > Kind regards,
> > > > > Radek Gruchalski
> > > > >
radek@gruchalski.com (mailto:radek@gruchalski.com)
(mailto:radek@gruchalski.com)
> > > > > de.linkedin.com/in/radgruchalski/ (http://de.linkedin.com/in/radgruchalski/)
> > > > >
> > > > > Confidentiality:
> > > > > This communication is intended for the above-named person and may be confidential and/or legally privileged.
> > > > > If it has come to you in error you must take no action based on it, nor must you copy or show it to anyone; please delete/destroy and inform the sender immediately.
> > > > >
> > > > >
> > > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > --
> > > > Best Regards,
> > > > Haosdent Huang
> > >
> >
>
Re: How is Mesos doing certificate verification for resources
in URIs?
Posted by Rad Gruchalski <ra...@gruchalski.com>.
Kamil,
Will give it a shot. Thanks for the pointer.
Kind regards,
Radek Gruchalski
radek@gruchalski.com (mailto:radek@gruchalski.com)
(mailto:radek@gruchalski.com)
de.linkedin.com/in/radgruchalski/ (http://de.linkedin.com/in/radgruchalski/)
Confidentiality:
This communication is intended for the above-named person and may be confidential and/or legally privileged.
If it has come to you in error you must take no action based on it, nor must you copy or show it to anyone; please delete/destroy and inform the sender immediately.
On Wednesday, 4 November 2015 at 12:28, Kamil Chmielewski wrote:
> We had similiar issues with custom built Mesos linked with libcurl4-nss https://github.com/apache/mesos/pull/48.
> Everythng works like expected when we use libcurl4-openssl.
>
> Cheers,
> Kamil
>
> 2015-11-04 12:19 GMT+01:00 Rad Gruchalski <radek@gruchalski.com (mailto:radek@gruchalski.com)>:
> > Yes, this is from the agent:
> >
> > ~$ curl -i https://raw.githubusercontent.com/apache/spark/master/pom.xml
> > HTTP/1.1 200 OK
> > Content-Security-Policy: default-src 'none'
> > X-XSS-Protection: 1; mode=block
> > X-Frame-Options: deny
> > X-Content-Type-Options: nosniff
> > Strict-Transport-Security: max-age=31536000
> > ETag: "762bfc728233533ab49336ff68dc02203407ea43"
> > Content-Type: text/plain; charset=utf-8
> > Cache-Control: max-age=300
> > X-GitHub-Request-Id: B91F1318:509A:EEE5F90:5639E92E
> > Content-Length: 87329
> > Accept-Ranges: bytes
> > Date: Wed, 04 Nov 2015 11:17:02 GMT
> > Via: 1.1 varnish
> > Connection: keep-alive
> > X-Served-By: cache-lhr6327-LHR
> > X-Cache: MISS
> > X-Cache-Hits: 0
> > Vary: Authorization,Accept-Encoding
> > Access-Control-Allow-Origin: *
> > X-Fastly-Request-ID: f3120a4d90968291aa84609c786626599809456d
> > Expires: Wed, 04 Nov 2015 11:22:02 GMT
> > Source-Age: 0
> >
> > <?xml version="1.0" encoding="UTF-8"?>
> > <!--
> > ~ Licensed to the Apache Software Foundation (ASF) under one or more
> >
> > ...
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > Kind regards,
> > Radek Gruchalski
> >
radek@gruchalski.com (mailto:radek@gruchalski.com)
(mailto:radek@gruchalski.com)
> > de.linkedin.com/in/radgruchalski/ (http://de.linkedin.com/in/radgruchalski/)
> >
> > Confidentiality:
> > This communication is intended for the above-named person and may be confidential and/or legally privileged.
> > If it has come to you in error you must take no action based on it, nor must you copy or show it to anyone; please delete/destroy and inform the sender immediately.
> >
> >
> >
> > On Wednesday, 4 November 2015 at 12:15, haosdent wrote:
> >
> > > Could you curl https://raw.githubusercontent.com/apache/spark/master/pom.xml success in your slave?
> > >
> > > On Wed, Nov 4, 2015 at 6:50 PM, Rad Gruchalski <radek@gruchalski.com (mailto:radek@gruchalski.com)> wrote:
> > > > Hi everyone,
> > > >
> > > > I’ve added the following URI to the URIs for the task: https://raw.githubusercontent.com/apache/spark/master/pom.xml. However, my task has failed because of:
> > > >
> > > > Failed to fetch 'https://raw.githubusercontent.com/apache/spark/master/pom.xml': Error downloading resource: Peer certificate cannot be authenticated with given CA certificates
> > > >
> > > > This surely is a problem in mesos. Everybody else in the world claims that the certificate is valid. Or is there a setting for making this work?
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > Kind regards,
> > > > Radek Gruchalski
> > > >
radek@gruchalski.com (mailto:radek@gruchalski.com)
(mailto:radek@gruchalski.com)
> > > > de.linkedin.com/in/radgruchalski/ (http://de.linkedin.com/in/radgruchalski/)
> > > >
> > > > Confidentiality:
> > > > This communication is intended for the above-named person and may be confidential and/or legally privileged.
> > > > If it has come to you in error you must take no action based on it, nor must you copy or show it to anyone; please delete/destroy and inform the sender immediately.
> > > >
> > > >
> > > >
> > >
> > >
> > >
> > >
> > >
> > > --
> > > Best Regards,
> > > Haosdent Huang
> >
>
Re: How is Mesos doing certificate verification for resources in URIs?
Posted by Kamil Chmielewski <ka...@gmail.com>.
We had similiar issues with custom built Mesos linked with libcurl4-nss
https://github.com/apache/mesos/pull/48.
Everythng works like expected when we use libcurl4-openssl.
Cheers,
Kamil
2015-11-04 12:19 GMT+01:00 Rad Gruchalski <ra...@gruchalski.com>:
> Yes, this is from the agent:
>
> ~$ curl -i https://raw.githubusercontent.com/apache/spark/master/pom.xml
> HTTP/1.1 200 OK
> Content-Security-Policy: default-src 'none'
> X-XSS-Protection: 1; mode=block
> X-Frame-Options: deny
> X-Content-Type-Options: nosniff
> Strict-Transport-Security: max-age=31536000
> ETag: "762bfc728233533ab49336ff68dc02203407ea43"
> Content-Type: text/plain; charset=utf-8
> Cache-Control: max-age=300
> X-GitHub-Request-Id: B91F1318:509A:EEE5F90:5639E92E
> Content-Length: 87329
> Accept-Ranges: bytes
> Date: Wed, 04 Nov 2015 11:17:02 GMT
> Via: 1.1 varnish
> Connection: keep-alive
> X-Served-By: cache-lhr6327-LHR
> X-Cache: MISS
> X-Cache-Hits: 0
> Vary: Authorization,Accept-Encoding
> Access-Control-Allow-Origin: *
> X-Fastly-Request-ID: f3120a4d90968291aa84609c786626599809456d
> Expires: Wed, 04 Nov 2015 11:22:02 GMT
> Source-Age: 0
>
> <?xml version="1.0" encoding="UTF-8"?>
> <!--
> ~ Licensed to the Apache Software Foundation (ASF) under one or more
> ...
>
> Kind regards,
> Radek Gruchalski
> radek@gruchalski.com <ra...@gruchalski.com>
> de.linkedin.com/in/radgruchalski/
>
>
> *Confidentiality:*This communication is intended for the above-named
> person and may be confidential and/or legally privileged.
> If it has come to you in error you must take no action based on it, nor
> must you copy or show it to anyone; please delete/destroy and inform the
> sender immediately.
>
> On Wednesday, 4 November 2015 at 12:15, haosdent wrote:
>
> Could you curl
> https://raw.githubusercontent.com/apache/spark/master/pom.xml success in
> your slave?
>
> On Wed, Nov 4, 2015 at 6:50 PM, Rad Gruchalski <ra...@gruchalski.com>
> wrote:
>
> Hi everyone,
>
> I’ve added the following URI to the URIs for the task:
> https://raw.githubusercontent.com/apache/spark/master/pom.xml. However,
> my task has failed because of:
>
> Failed to fetch '
> https://raw.githubusercontent.com/apache/spark/master/pom.xml': Error
> downloading resource: Peer certificate cannot be authenticated with given
> CA certificates
>
> This surely is a problem in mesos. Everybody else in the world claims that
> the certificate is valid. Or is there a setting for making this work?
>
> Kind regards,
> Radek Gruchalski
> radek@gruchalski.com <ra...@gruchalski.com>
> de.linkedin.com/in/radgruchalski/
>
>
> *Confidentiality:*This communication is intended for the above-named
> person and may be confidential and/or legally privileged.
> If it has come to you in error you must take no action based on it, nor
> must you copy or show it to anyone; please delete/destroy and inform the
> sender immediately.
>
>
>
>
> --
> Best Regards,
> Haosdent Huang
>
>
>
Re: How is Mesos doing certificate verification for resources
in URIs?
Posted by Rad Gruchalski <ra...@gruchalski.com>.
Yes, this is from the agent:
~$ curl -i https://raw.githubusercontent.com/apache/spark/master/pom.xml
HTTP/1.1 200 OK
Content-Security-Policy: default-src 'none'
X-XSS-Protection: 1; mode=block
X-Frame-Options: deny
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000
ETag: "762bfc728233533ab49336ff68dc02203407ea43"
Content-Type: text/plain; charset=utf-8
Cache-Control: max-age=300
X-GitHub-Request-Id: B91F1318:509A:EEE5F90:5639E92E
Content-Length: 87329
Accept-Ranges: bytes
Date: Wed, 04 Nov 2015 11:17:02 GMT
Via: 1.1 varnish
Connection: keep-alive
X-Served-By: cache-lhr6327-LHR
X-Cache: MISS
X-Cache-Hits: 0
Vary: Authorization,Accept-Encoding
Access-Control-Allow-Origin: *
X-Fastly-Request-ID: f3120a4d90968291aa84609c786626599809456d
Expires: Wed, 04 Nov 2015 11:22:02 GMT
Source-Age: 0
<?xml version="1.0" encoding="UTF-8"?>
<!--
~ Licensed to the Apache Software Foundation (ASF) under one or more
...
Kind regards,
Radek Gruchalski
radek@gruchalski.com (mailto:radek@gruchalski.com)
(mailto:radek@gruchalski.com)
de.linkedin.com/in/radgruchalski/ (http://de.linkedin.com/in/radgruchalski/)
Confidentiality:
This communication is intended for the above-named person and may be confidential and/or legally privileged.
If it has come to you in error you must take no action based on it, nor must you copy or show it to anyone; please delete/destroy and inform the sender immediately.
On Wednesday, 4 November 2015 at 12:15, haosdent wrote:
> Could you curl https://raw.githubusercontent.com/apache/spark/master/pom.xml success in your slave?
>
> On Wed, Nov 4, 2015 at 6:50 PM, Rad Gruchalski <radek@gruchalski.com (mailto:radek@gruchalski.com)> wrote:
> > Hi everyone,
> >
> > I’ve added the following URI to the URIs for the task: https://raw.githubusercontent.com/apache/spark/master/pom.xml. However, my task has failed because of:
> >
> > Failed to fetch 'https://raw.githubusercontent.com/apache/spark/master/pom.xml': Error downloading resource: Peer certificate cannot be authenticated with given CA certificates
> >
> > This surely is a problem in mesos. Everybody else in the world claims that the certificate is valid. Or is there a setting for making this work?
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > Kind regards,
> > Radek Gruchalski
> >
radek@gruchalski.com (mailto:radek@gruchalski.com)
(mailto:radek@gruchalski.com)
> > de.linkedin.com/in/radgruchalski/ (http://de.linkedin.com/in/radgruchalski/)
> >
> > Confidentiality:
> > This communication is intended for the above-named person and may be confidential and/or legally privileged.
> > If it has come to you in error you must take no action based on it, nor must you copy or show it to anyone; please delete/destroy and inform the sender immediately.
> >
> >
> >
>
>
>
>
>
> --
> Best Regards,
> Haosdent Huang
Re: How is Mesos doing certificate verification for resources in URIs?
Posted by haosdent <ha...@gmail.com>.
Could you curl https://raw.githubusercontent.com/apache/spark/master/pom.xml
success in your slave?
On Wed, Nov 4, 2015 at 6:50 PM, Rad Gruchalski <ra...@gruchalski.com> wrote:
> Hi everyone,
>
> I’ve added the following URI to the URIs for the task:
> https://raw.githubusercontent.com/apache/spark/master/pom.xml. However,
> my task has failed because of:
>
> Failed to fetch '
> https://raw.githubusercontent.com/apache/spark/master/pom.xml': Error
> downloading resource: Peer certificate cannot be authenticated with given
> CA certificates
>
> This surely is a problem in mesos. Everybody else in the world claims that
> the certificate is valid. Or is there a setting for making this work?
>
> Kind regards,
> Radek Gruchalski
> radek@gruchalski.com <ra...@gruchalski.com>
> de.linkedin.com/in/radgruchalski/
>
>
> *Confidentiality:*This communication is intended for the above-named
> person and may be confidential and/or legally privileged.
> If it has come to you in error you must take no action based on it, nor
> must you copy or show it to anyone; please delete/destroy and inform the
> sender immediately.
>
--
Best Regards,
Haosdent Huang