Uploaded image for project: 'DC/OS'
  1. DC/OS
  2. DCOS_OSS-5247

Mesos Authentication dosent work for Marathon and Metronome

    Details

      Description

      I took long time for enable Mesos Authentication in DCOS. I did following configuration:

      nano /opt/mesosphere/etc/mesos-master

      Config

       

      // #Framework authentication
      
      MESOS_AUTHENTICATORS="crammd5
      
      MESOS_AUTHENTICATE_FRAMEWORKS=true
      
      MESOS_AUTHENTICATE_HTTP_FRAMEWORKS=true
      
      MESOS_HTTP_FRAMEWORK_AUTHENTICATORS="basic"
      
      MESOS_AUTHENTICATE_AGENTS=true
      
      MESOS_AUTHENTICATE_HTTP_EXECUTORS=true
      
      MESOS_AUTHENTICATE_HTTP_READWRITE=true
      
      MESOS_AUTHENTICATE_HTTP_READONLY=true
      
      MESOS_CREDENTIALS=/opt/mesosphere/etc/mesos_credentials_auth.json
      

      my mesos-credential file is:

       

      {
          "credentials": [
              {
                  "principal": "marathon",
                  "secret": "123456"
              }
      ,
       {
                  "principal": "metronomo",
                  "secret": "123456"
              }
          ]
      }

      also I added this configuration for marathon: (path : /opt/mesosphere/etc/marathon)

       

      MARATHON_MESOS_AUTHENTICATION=enabled
      MARATHON_MESOS_AUTHENTICATION_PRINCIPAL=marathon
      MARATHON_MESOS_AUTHENTICATION_SECRET_file=/opt/mesosphere/etc/marathon.secret
      MARATHON_MESOS_ROLE=foo

       

      also I added this configuration for marathon: (path : /opt/mesosphere/etc/metronome)

       

      METRONOME_MESOS_AUTHENTICATION_ENABLED=true
      METRONOME_MESOS_AUTHENTICATION_PRINCIPAL=metronome
      METRONOME_MESOS_AUTHENTICATION_SECRET_FILE=/opt/mesosphere/etc/metronome.secret
      METRONOME_MESOS_ROLE=foo

       

       But when I run log file I see these errors :

      // I0605 12:10:09.016122 23405 authenticator.cpp:98] Creating new server SASL connection
      I0605 12:10:09.017475 23407 master.cpp:10255] Re-authenticating scheduler-54f51f40-18d7-4ea8-8bc4-3be52b66f71a@172.17.0.2:15201; discarding outstanding authentication
      I0605 12:10:09.017704 23407 master.cpp:10285] Ignoring stale authentication result of scheduler-54f51f40-18d7-4ea8-8bc4-3be52b66f71a@172.17.0.2:15201
      I0605 12:10:09.017743 23407 authenticator.cpp:98] Creating new server SASL connection
      I0605 12:10:09.018771 23397 master.cpp:10255] Re-authenticating scheduler-54f51f40-18d7-4ea8-8bc4-3be52b66f71a@172.17.0.2:15201; discarding outstanding authentication
      I0605 12:10:09.019088 23411 master.cpp:10285] Ignoring stale authentication result of scheduler-54f51f40-18d7-4ea8-8bc4-3be52b66f71a@172.17.0.2:15201
      I0605 12:10:09.019094 23397 authenticator.cpp:98] Creating new server SASL connection
      I0605 12:10:09.020607 23403 master.cpp:10255] Re-authenticating scheduler-54f51f40-18d7-4ea8-8bc4-3be52b66f71a@172.17.0.2:15201; discarding outstanding authentication
      I0605 12:10:09.020936 23403 master.cpp:10285] Ignoring stale authentication result of scheduler-54f51f40-18d7-4ea8-8bc4-3be52b66f71a@172.17.0.2:15201
      I0605 12:10:09.020987 23403 authenticator.cpp:98] Creating new server SASL connection
      

       

      Is there any miss configuration?

       

       

       

       

       

        Attachments

          Activity

            People

            • Assignee:
              matthias.eichstedt Matthias Eichstedt
              Reporter:
              zakiehalizadeh Zakieh Alizadeh
              Team:
              Orchestration Team
              Watchers:
              Zakieh Alizadeh
            • Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated: