You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@mesos.apache.org by "De Groot (CTR), Craig" <cr...@usgs.gov> on 2017/05/02 14:19:16 UTC
Re: Mesos fetcher error when running as non-root user
Stephan,
Thanks for the suggestion, but the docker.tar.gz URI was just an example of
the problem. We also need to write temporary files to the sandbox. This
means we need the sandbox to be owned by the specified user.
__________________________________________________
Craig De Groot
On Sat, Apr 29, 2017 at 8:50 AM, Stephen Gran <st...@piksel.com>
wrote:
> Hi,
>
> We ran into this as well, but happily you can specify docker credentials
> for the mesos agent instead of using a file URI. This works a treat and
> stops putting docker credentials in the sandbox, which is a nice side
> effect.
>
> Cheers,
>
> On 26/04/17 17:07, De Groot (CTR), Craig wrote:
> > We recently upgraded from Mesos 1.1.0 to 1.2.0 and are encountering
> > errors with code that previously worked in 1.1.0. I believe that this
> > is a bug in the new version. If not, I would like to know the correct
> > procedure for using the sandbox as a user other than root.
> >
> > Here is the scenario:
> > 1) Setup a job in Marathon which specifies a URI to our private
> > docker.tar.gz
> > - See: this for an example
> > ... https://mesosphere.github.io/marathon/docs/native-docker-
> private-registry.html
> > <https://mesosphere.github.io/marathon/docs/native-docker-
> private-registry.html>
> > - This is a local file on each node
> >
> > 2) Specify a User (other than root) in the Marathon UI
> >
> > 3) Mesos will try to fetch the file and fails during the copy because
> > the ownership of the sandbox directory are not changed to the specified
> > user.
> > - Note that 1.1.0 correctly set the sandbox directory to the specified
> > user
> > - This behavior is documented in the Mesos Docs here (see "specifying
> > a user name"): http://mesos.apache.org/documentation/latest/fetcher/
> > <http://mesos.apache.org/documentation/latest/fetcher/>
> >
> > Thanks in advance for the help!
> >
> > __________________________________________________
> > Craig De Groot
> >
> >
>
> --
> Stephen Gran
> Senior Technical Architect
>
> picture the possibilities | piksel.com
>
>