Uploaded image for project: 'Marathon'
  1. Marathon
  2. MARATHON-4462

Refuse to authenticate from Mesos master

    Details

    • Type: Task
    • Status: Resolved
    • Priority: Medium
    • Resolution: Cannot Reproduce
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: Docs
    • Labels:

      Description

      I enabled mesos framework authentication with Mesos Master (version 1.1.0), but I got the following error message from Marathon (version 1.3.6) end:

      > WARN Error: Framework at scheduler-6a211186-72b8-4369-ac73-31b2dae579fa@192.168.47.125:38616 is not authenticated

      192.168.47.125 is where I'm running the Marathon

      And the Master side has the error message:

      > Refusing subscription of framework 'marathon' at scheduler-de43c2e8-6bb5-4db0-98b4-109ee98a0acb@192.168.47.127:41451: Framework at scheduler-de43c2e8-6bb5-4db0-98b4-109ee98a0acb@192.168.47.127:41451 is not authenticated

      127 is the host for Master

      Configuration for Master:

      # more /etc/mesos-master/authenticate
      true
      
      # more /etc/mesos-master/credentials
      file:///etc/mesos/auth
      
      # more /etc/mesos/auth
      {
          "credentials": [
              {
                  "principal": "marathon",
                  "secret": "123456"
              }
          ]
      }
      
      # more /etc/mesos-master/acls
      {
          "run_tasks": [
              {
                  "principals": {
                      "type": "ANY"
                  },
                  "users": {
                      "type": "ANY"
                  }
              }
          ],
          "register_frameworks": [
              {
                  "principals": {
                      "type": "ANY"
                  },
                  "roles": {
                      "type": "ANY"
                  }
              }
          ]
      }
      

      Having the following configuration for Marathon:

      # cat /etc/marathon/conf/mesos_authentication_principal
      marathon
      
      # cat /etc/marathon/conf/mesos_authentication_secret_file
      /etc/marathon/auth/marathon.secret
      
      # cat /etc/marathon/auth/marathon.secret
      123456
      

      mesos_authentication parameter is enabled from systemd script:

      # cat /usr/lib/systemd/system/marathon.service
      [Unit]
      Description=Marathon
      After=network.target
      Wants=network.target
      
      [Service]
      EnvironmentFile=-/etc/sysconfig/marathon
      ExecStart=/usr/bin/marathon --mesos_authentication
      Restart=always
      RestartSec=20
      
      [Install]
      WantedBy=multi-user.target
      

      When the Marathon startup, it outputs:

      > Dec 30 11:46:28 slaver4.mesos.local marathon[30360]: run_jar --master zk://zk1:2181,zk2:2181,zk3:2181/mesos --zk zk://zk1:2181,zk2:2181,zk3:2181/marathon --mesos_authentication_principal marathon --mesos_authentication_secret_file /etc/marathon/auth/marathon.secret
      Dec 30 11:46:31 slaver4.mesos.local marathon[30377]: [2016-12-30 11:46:31,421] INFO Starting Marathon 1.3.6/unknown with --master zk://zk1:2181,zk2:2181,zk3:2181/mesos --zk zk://zk1:2181,zk2:2181,zk3:2181/marathon --mesos_authentication_principal marathon --mesos_authentication_secret_file /etc/marathon/auth/marathon.secret (mesosphere.marathon.Main$:main)

      I think I've already done what I can do, but still have been refused to authenticate from Master, why?

        Attachments

          Activity

            People

            • Assignee:
              joerg Jörg Schad (Inactive)
              Reporter:
              GitHub_jeffwji jeffwji (Inactive)
              Team:
              Orchestration Team
              Watchers:
              Jason Gilanfarr (Inactive), Matthias Eichstedt
            • Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: