Uploaded image for project: 'DC/OS'
  1. DC/OS
  2. DCOS_OSS-3617

SDK Service can start without a 'service account' when using 'transport-encryption'


    • Type: Task
    • Status: Open
    • Priority: Medium
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: dcos-ui
    • Labels:


      On the 0.42.1 SDK I notice that our service is able to start when 'transport-encryption' is enabled, but no 'principal' (DC/OS Service Account) is provided.

      The SDK process fails and restarts forever when a Service Account is not provided and 'transport-encryption' is used.

      The SDK process dies on this stack trace:

      ERROR 2018-06-11 12:21:47,967 [main] com.mesosphere.sdk.scheduler.SchedulerBuilder:updateConfig(631): Fatal error when performing configuration update. Service exiting.
      com.mesosphere.sdk.state.ConfigStoreException: Configuration failed validation without any prior target configurationavailable for fallback. Initial launch with invalid configuration? 1 Errors: 1: Field: 'transport-encryption'; Value: ''; Message: 'Scheduler is missing a service account that is required for provisioning TLS artifacts. Please configure in order to continue.' (reason: LOGIC_ERROR)
      at com.mesosphere.sdk.config.DefaultConfigurationUpdater.updateConfiguration(DefaultConfigurationUpdater.java:118) ~[scheduler-0.42.1.jar:?]
      at com.mesosphere.sdk.config.DefaultConfigurationUpdater.updateConfiguration(DefaultConfigurationUpdater.java:33) ~[scheduler-0.42.1.jar:?]
      at com.mesosphere.sdk.scheduler.SchedulerBuilder.updateConfig(SchedulerBuilder.java:629) [scheduler-0.42.1.jar:?]
      at com.mesosphere.sdk.scheduler.SchedulerBuilder.getDefaultScheduler(SchedulerBuilder.java:353) [scheduler-0.42.1.jar:?]
      at com.mesosphere.sdk.scheduler.SchedulerBuilder.build(SchedulerBuilder.java:302) [scheduler-0.42.1.jar:?]
      at com.mesosphere.sdk.scheduler.SchedulerRunner.run(SchedulerRunner.java:111) [scheduler-0.42.1.jar:?]
      at com.mesosphere.sdk.mongo.scheduler.Main.main(Main.java:27) [dcos-mongo.jar:?]
      INFO 2018-06-11 12:21:48,048 [Thread-1] com.mesosphere.sdk.scheduler.SchedulerRunner:lambda$run$0(104): Shutdown initiated, releasing curator lock

      I would like the SDK or DC/OS to refuse to launch my service if no Service Account was defined in the service config and I am using a feature that requires a Service Account, such as 'transport-encryption'.




            • Assignee:
              amr Amr Abdelrazik
              timvaillancourt Tim Vaillancourt
              Frontend Team
              Amr Abdelrazik, GeorgiSTodorov, Tim Vaillancourt
            • Watchers:
              3 Start watching this issue


              • Created: