You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@mesos.apache.org by vi...@apache.org on 2017/04/24 20:26:54 UTC

[1/2] mesos git commit: Updated the upgrade documentation for executor authentication.

Repository: mesos
Updated Branches:
  refs/heads/master 16697c1a8 -> 7a98a0139


Updated the upgrade documentation for executor authentication.

This patch updates the upgrade documentation to inform users
that enabling the `--authenticate_http_executors` and
`--executor_secret_key` agent flags after upgrade is
disruptive to HTTP executors which were launched before the
upgrade.

Review: https://reviews.apache.org/r/58635/


Project: http://git-wip-us.apache.org/repos/asf/mesos/repo
Commit: http://git-wip-us.apache.org/repos/asf/mesos/commit/6b7a63c5
Tree: http://git-wip-us.apache.org/repos/asf/mesos/tree/6b7a63c5
Diff: http://git-wip-us.apache.org/repos/asf/mesos/diff/6b7a63c5

Branch: refs/heads/master
Commit: 6b7a63c5028a6a118c5aa22b26d7c14898a54a9d
Parents: 16697c1
Author: Greg Mann <gr...@mesosphere.io>
Authored: Mon Apr 24 13:26:30 2017 -0700
Committer: Vinod Kone <vi...@gmail.com>
Committed: Mon Apr 24 13:26:30 2017 -0700

----------------------------------------------------------------------
 docs/upgrades.md | 5 +++++
 1 file changed, 5 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/mesos/blob/6b7a63c5/docs/upgrades.md
----------------------------------------------------------------------
diff --git a/docs/upgrades.md b/docs/upgrades.md
index a12e6ea..071ba43 100644
--- a/docs/upgrades.md
+++ b/docs/upgrades.md
@@ -50,6 +50,8 @@ We categorize the changes as follows:
   <td style="word-wrap: break-word; overflow-wrap: break-word;"><!--Flags-->
     <ul style="padding-left:10px;">
       <li>R <a href="1-3-x-setquota-removequota-acl">--acls (set_quotas and remove_quotas)</a></li>
+      <li>A <a href="#1-3-x-executor-authentication">authenticate_http_executors</a></li>
+      <li>A <a href="#1-3-x-executor-authentication">executor_secret_key</a></li>
     </ul>
   </td>
   <td style="word-wrap: break-word; overflow-wrap: break-word;"><!--Framework API-->
@@ -280,6 +282,9 @@ We categorize the changes as follows:
 <a name="1-3-x-allocator-interface-change"></a>
 * Implementors of allocator modules have to provide new implementation functionality to satisfy the `MULTI_ROLE` framework capability. Also, the interface has changed.
 
+<a name="1-3-x-executor-authentication"></a>
+* New Agent flags authenticate_http_executors and executor_secret_key: Used to enable required HTTP executor authentication and set the key file used for generation and authentication of HTTP executor tokens. Note that enabling these flags after upgrade is disruptive to HTTP executors that were launched before the upgrade. For more information on the recommended upgrade procedure when enabling these flags, see the [authentication documentation](docs/authentication.md).
+
 ## Upgrading from 1.1.x to 1.2.x ##
 
 <a name="1-2-x-heartbeat-flag"></a>

[2/2] mesos git commit: Added executor authentication and authorization to the CHANGELOG.

Posted by vi...@apache.org.

Added executor authentication and authorization to the CHANGELOG.

This patch adds MESOS-6365 to the CHANGELOG. This ticket
corresponds to the addition of authentication and authorization
for HTTP executors.

Review: https://reviews.apache.org/r/58626/


Project: http://git-wip-us.apache.org/repos/asf/mesos/repo
Commit: http://git-wip-us.apache.org/repos/asf/mesos/commit/7a98a013
Tree: http://git-wip-us.apache.org/repos/asf/mesos/tree/7a98a013
Diff: http://git-wip-us.apache.org/repos/asf/mesos/diff/7a98a013

Branch: refs/heads/master
Commit: 7a98a01394bd9114970ff5df06e7068741ac018d
Parents: 6b7a63c
Author: Greg Mann <gr...@mesosphere.io>
Authored: Mon Apr 24 13:26:34 2017 -0700
Committer: Vinod Kone <vi...@gmail.com>
Committed: Mon Apr 24 13:26:34 2017 -0700

----------------------------------------------------------------------
 CHANGELOG | 13 +++++++++++++
 1 file changed, 13 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/mesos/blob/7a98a013/CHANGELOG
----------------------------------------------------------------------
diff --git a/CHANGELOG b/CHANGELOG
index fd97ef0..3fdd19c 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -16,6 +16,19 @@ This release contains the following new features:
     (e.g. new employees join, new teams are formed, employees leave, teams
     are disbanded, etc).
 
+  * [MESOS-6365] - Authentication and authorization support for HTTP executors.
+    A new `--authenticate_http_executors` agent flag enables required
+    authentication on the HTTP executor API. A new `--executor_secret_key` flag
+    sets a key file to be used when generating and authenticating default tokens
+    that are passed to HTTP executors. Note that enabling these flags after
+    upgrade is disruptive to HTTP executors that were launched before the
+    upgrade; see 'docs/authentication.md' for more information on these flags
+    and the recommended upgrade procedure. Implicit authorization rules have
+    been added which allow an authenticated executor to make executor API calls
+    as that executor and make operator API calls which affect that executor's
+    container. See 'docs/authorization.md' for more information on these
+    implicit authorization rules.
+
 Deprecations:
   * [MESOS-7259] - Remove deprecated ACLs `SetQuota` and `RemoveQuota`
     This change is only applicable to the local authorizer since internally