You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@mesos.apache.org by "Alexander Rukletsov (JIRA)" <ji...@apache.org> on 2014/11/12 17:38:34 UTC
[jira] [Commented] (MESOS-1486) Introduce an optional master
whitelist for slaves
[ https://issues.apache.org/jira/browse/MESOS-1486?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14208225#comment-14208225 ]
Alexander Rukletsov commented on MESOS-1486:
--------------------------------------------
A follow-up on this issue. We would like to authorize (not authenticate) masters in slaves. For example, if a new (rogue) master becomes a leader, a slave checks it against its list of whitelisted masters and refuses to communicate with it if it is not authorized. As a short-term solution, we can use a mechanism similar to slave whitelisting in master, which will be [deprecated in favour of ACLs|https://issues.apache.org/jira/browse/MESOS-2089]. In a long run, this feature should resemble [MESOS-1546|https://issues.apache.org/jira/browse/MESOS-1546].
> Introduce an optional master whitelist for slaves
> -------------------------------------------------
>
> Key: MESOS-1486
> URL: https://issues.apache.org/jira/browse/MESOS-1486
> Project: Mesos
> Issue Type: Improvement
> Components: slave
> Reporter: Niklas Quarfot Nielsen
>
> Like masters can whitelist slaves (and only announce available resources from slaves whitelisted), slaves should be able to whitelist masters they are willing/allowed to connect to. I have a proof-of-concept ready which ties into the slave::detected() method and prevents non-whitelisted masters to register.
> If "*" is provided - whitelisting is not enforced (which would be the usual case).
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)