[jira] [Commented] (MESOS-7886) Add master hook for setting environment variables

Mon, 14 Aug 2017 10:37:27 -0700 

    [ 
https://issues.apache.org/jira/browse/MESOS-7886?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16126050#comment-16126050
 ] 

Joseph Wu commented on MESOS-7886:
----------------------------------

>From a security perspective, putting secrets in environment variables is not 
>ideal (but it is admittedly pretty common).  There are a few places in the 
>Mesos code (in older versions) where environment variables are printed to logs 
>or stderr.

>From a historical perspective, the master generally limits itself to 
>coordinating frameworks and agents, but stays out of the business logic needed 
>to run tasks.  This is mostly because heterogeneous clusters can have many 
>different agent configurations; and having the master keep track of how to 
>handle each configuration may become onerous.

> Add master hook for setting environment variables
> -------------------------------------------------
>
>                 Key: MESOS-7886
>                 URL: https://issues.apache.org/jira/browse/MESOS-7886
>             Project: Mesos
>          Issue Type: Improvement
>          Components: modules
>            Reporter: Matthew Mead-Briggs
>
> At Yelp we're planning to integrate our secret store with our platform as a 
> service which runs on Mesos.
> I was hoping to write a module to "inject" environment variables on the 
> master side but the necessary hook doesn't currently exist. Such a hook 
> already exists on the slave side. However, for this integration that would 
> require me to give all the agents access to the secret store and I'd much 
> prefer to limit this to the master side.
> There is already a hook for adding labels:
> https://github.com/apache/mesos/blob/72752fc6deb8ebcbfbd5448dc599ef3774339d31/include/mesos/hook.hpp#L44-L48
> So it seems it should be pretty easy to add one for setting environment 
> variables too? I had a crack the other day but although I got my code to 
> compile something was not working at runtime (note: I'm not a C++ dev). Is 
> there any reason why we wouldn't want such a hook? If anyone can confirm that 
> it's a sane thing to add then I'd be happy to spend some time trying to get 
> it working (although I may need some help)!



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Reply via email to