You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@mesos.apache.org by me...@apache.org on 2016/03/24 05:07:48 UTC
[9/9] mesos git commit: Added agent HTTP authentication to the docs.
Added agent HTTP authentication to the docs.
Review: https://reviews.apache.org/r/44554/
Project: http://git-wip-us.apache.org/repos/asf/mesos/repo
Commit: http://git-wip-us.apache.org/repos/asf/mesos/commit/5892058c
Tree: http://git-wip-us.apache.org/repos/asf/mesos/tree/5892058c
Diff: http://git-wip-us.apache.org/repos/asf/mesos/diff/5892058c
Branch: refs/heads/master
Commit: 5892058cdbe839a601bafe3e0dd5de9a54730ce1
Parents: c2927b8
Author: Greg Mann <gr...@mesosphere.io>
Authored: Wed Mar 23 02:30:34 2016 -0700
Committer: Adam B <ad...@mesosphere.io>
Committed: Wed Mar 23 21:07:23 2016 -0700
----------------------------------------------------------------------
docs/authentication.md | 12 ++++++++
docs/configuration.md | 69 +++++++++++++++++++++++++++++----------------
docs/home.md | 4 +--
3 files changed, 59 insertions(+), 26 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/mesos/blob/5892058c/docs/authentication.md
----------------------------------------------------------------------
diff --git a/docs/authentication.md b/docs/authentication.md
index e7c0bf3..9f64f65 100644
--- a/docs/authentication.md
+++ b/docs/authentication.md
@@ -77,6 +77,18 @@ Mesos master and slave processes. For more information, refer to the
only one credential is allowed. This credential is used to identify the slave
to the master.
+* `--[no-]authenticate_http` - If `true`, authentication is required to make
+ HTTP requests to the HTTP endpoints that support authentication. If `false`
+ (the default), all endpoints can be used without authentication.
+
+* `--http_authenticators` - Specifies which HTTP authenticator module to use.
+ The default is `basic`, but additional modules can be added using the
+ `--modules` option.
+
+* `--http_credentials` - The path to a text file which contains a list (in JSON
+ format) of accepted credentials. This may be optional depending on the
+ authenticator being used.
+
### Framework
If framework authentication is enabled, each framework must be configured to
http://git-wip-us.apache.org/repos/asf/mesos/blob/5892058c/docs/configuration.md
----------------------------------------------------------------------
diff --git a/docs/configuration.md b/docs/configuration.md
index 73ee8fa..103ba50 100644
--- a/docs/configuration.md
+++ b/docs/configuration.md
@@ -69,6 +69,16 @@ access Mesos master/slave.
</tr>
<tr>
<td>
+ --[no-]authenticate_http
+ </td>
+ <td>
+If <code>true</code>, only authenticated requests for HTTP endpoints supporting
+authentication are allowed. If <code>false</code>, unauthenticated requests to
+HTTP endpoints are also allowed. (default: false)
+ </td>
+</tr>
+<tr>
+ <td>
--firewall_rules=VALUE
</td>
<td>
@@ -100,6 +110,19 @@ Show the help message and exit. (default: false)
</tr>
<tr>
<td>
+ --http_authenticators=VALUE
+ </td>
+ <td>
+HTTP authenticator implementation to use when handling requests to
+authenticated endpoints. Use the default
+<code>basic</code>, or load an alternate
+HTTP authenticator module using <code>--modules</code>.
+<p/>
+Currently there is no support for multiple HTTP authenticators. (default: basic)
+ </td>
+</tr>
+<tr>
+ <td>
--ip=VALUE
</td>
<td>
@@ -445,17 +468,6 @@ If <code>true</code>, only authenticated frameworks are allowed to register. If
</tr>
<tr>
<td>
- --[no-]authenticate_http
- </td>
- <td>
-If <code>true</code> only authenticated requests for HTTP endpoints supporting
-authentication are allowed.
-If <code>false</code> unauthenticated HTTP endpoint requests are also allowed.
-(default: false)
- </td>
-</tr>
-<tr>
- <td>
--[no-]authenticate_slaves
</td>
<td>
@@ -532,19 +544,6 @@ are the same as for user_allocator. (default: drf)
</tr>
<tr>
<td>
- --http_authenticators=VALUE
- </td>
- <td>
-HTTP authenticator implementation to use when handling requests to
-authenticated endpoints. Use the default
-<code>basic</code>, or load an alternate HTTP
-authenticator module using <code>--modules</code>.
-<p/>
-Currently there is no support for multiple HTTP authenticators. (default: basic)
- </td>
-</tr>
-<tr>
- <td>
--[no-]log_auto_initialize
</td>
<td>
@@ -995,6 +994,7 @@ are specified is the order they are tried.
Either a path to a text with a single line
containing <code>principal</code> and <code>secret</code> separated by whitespace.
Or a path containing the JSON-formatted information used for one credential.
+This credential is used to identify the slave to the master.
Path could be of the form <code>file:///path/to/file</code> or <code>/path/to/file</code>.
Example:
<pre><code>{
@@ -1247,6 +1247,27 @@ environment or find hadoop on <code>PATH</code>) (default: )
</tr>
<tr>
<td>
+ --http_credentials=VALUE
+ </td>
+ <td>
+Path to a JSON-formatted file containing credentials. These
+credentials are used to authenticate HTTP endpoints on the slave.
+Path can be of the form <code>file:///path/to/file</code> or <code>/path/to/file</code>.
+<p/>
+Example:
+<pre><code>{
+ "credentials": [
+ {
+ "principal": "yoda",
+ "secret": "usetheforce"
+ }
+ ]
+}
+</code></pre>
+ </td>
+</tr>
+<tr>
+ <td>
--image_providers=VALUE
</td>
<td>
http://git-wip-us.apache.org/repos/asf/mesos/blob/5892058c/docs/home.md
----------------------------------------------------------------------
diff --git a/docs/home.md b/docs/home.md
index fd7794f..dc41fc4 100644
--- a/docs/home.md
+++ b/docs/home.md
@@ -23,8 +23,8 @@ layout: documentation
* [External Containerizer](external-containerizer.md) for custom containerization implementations (deprecated).
* [Roles](roles.md)
* [Weights](weights.md)
-* [Framework Authentication](authentication.md)
-* [Framework Authorization](authorization.md)
+* [Authentication](authentication.md)
+* [Authorization](authorization.md)
* [Framework Rate Limiting](framework-rate-limiting.md)
* [Logging](logging.md)
* [High Availability](high-availability.md) for running multiple masters simultaneously.