You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@mesos.apache.org by "Cyrille Chépélov (JIRA)" <ji...@apache.org> on 2017/03/01 14:10:45 UTC
[jira] [Commented] (MESOS-6517) Health checking only on 127.0.0.1
is limiting.
[ https://issues.apache.org/jira/browse/MESOS-6517?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15890232#comment-15890232 ]
Cyrille Chépélov commented on MESOS-6517:
-----------------------------------------
Hi [~alexr] / [~avinash.mesos], we have such a case.
We use Marathon to schedule long-running services.
Our services are trivial FatJAR jvms (typically made in Scala/Play or akka-http) and currently require no supplementary containerisation (we use the platform JVM and the app itself is a single JAR + whatever configuration supplied from the command line). In other words, we don't use Docker and live in the host network namespace.
Our machines have two network interfaces:
- eth0 is connected to the wild world, iptable'd to only allow ssh from known secure locations (including the IaaS provider)
- eth1 is on a private LAN and holds the services
Services are then exposed via Bamboo/HAProxy by a gateway machine, also dual-hosted. Much simplified, this gives that structure:
[client] ---- https ----> { eth0 [ gateway: HAProxy(etc.) ] eth1 ----http(s)---> eth1 [ Task spun off by Marathon ] eth0 }
What we do (or what we'd like to do) is that in addition to be iptable'd off from the outside world, our services (Marathon tasks) only bind on the local "eth1" address.
If we do this, we cannot use the Mesos Native healthcheck now mandated by Marathon in https://mesosphere.com/blog/2017/01/05/introducing-mesos-native-health-checks-apache-mesos-part-1/ , or we must have our tasks bind twice, once on the eth1 interface and one on lo just for the purpsoe of the healthcheck.
It would make our live much, much easier if it was possible to specify, either on a global or on a per-Marathon Service level, the interface to use for the http(s) health checks.
Thanks in advance.
> Health checking only on 127.0.0.1 is limiting.
> ----------------------------------------------
>
> Key: MESOS-6517
> URL: https://issues.apache.org/jira/browse/MESOS-6517
> Project: Mesos
> Issue Type: Improvement
> Reporter: Alexander Rukletsov
> Labels: health-check, mesosphere
>
> As of Mesos 1.1.0, HTTP and TCP health checks always use 127.0.0.1 as the target IP. This is not configurable. As a result, tasks should listen on all interfaces if they want to support HTTP and TCP health checks. However, there might be some cases where tasks or containers will end up binding to a specific IP address.
> To make health checking more robust we can:
> * look at all interfaces in a given network namespace and do health check on all the IP addresses;
> * allow users to specify the IP to health check;
> * deduce the target IP from task's discovery information.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)