You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@mesos.apache.org by "Till Toenshoff (JIRA)" <ji...@apache.org> on 2015/02/21 22:50:11 UTC

[jira] [Commented] (MESOS-2379) Disabled master authentication causes authentication retries in the scheduler.

    [ https://issues.apache.org/jira/browse/MESOS-2379?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14330451#comment-14330451 ] 

Till Toenshoff commented on MESOS-2379:
---------------------------------------

It appears three things could be considered for improvement;

A. retry counter
B. randomly delayed retries
C. retries without authentication 

> Disabled master authentication causes authentication retries in the scheduler. 
> -------------------------------------------------------------------------------
>
>                 Key: MESOS-2379
>                 URL: https://issues.apache.org/jira/browse/MESOS-2379
>             Project: Mesos
>          Issue Type: Bug
>            Reporter: Till Toenshoff
>              Labels: tech-debt
>
> The CRAM-MD5 authenticator relies upon shared credentials. Not supplying such credentials while starting up a master effectively disables any authentication.
> A framework (or slave) may still attempt to authenticate which is answered by an {{AuthenticationErrorMessage}} by the master. That in turn will cause the authenticatee to fail its {{authenticate}} promise, which in turn will cause the current framework driver implementation to infinitely (and unthrottled) retry authentication.
> See: https://github.com/apache/mesos/blob/master/src/sched/sched.cpp#L372
> {noformat}
>     if (reauthenticate || !future.isReady()) {
>       LOG(INFO)
>         << "Failed to authenticate with master " << master.get() << ": "
>         << (reauthenticate ? "master changed" :
>            (future.isFailed() ? future.failure() : "future discarded"));
>       authenticating = None();
>       reauthenticate = false;
>       // TODO(vinod): Add a limit on number of retries.
>       dispatch(self(), &Self::authenticate); // Retry.
>       return;
>     }
> {noformat}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)