subject:"Mesos Modifying User Group"

RE: Mesos Modifying User Group

2015-08-13 Thread Nastooh Avessta (navesta)

0.23, here I come.
Thanks John, will install 0.23 and retest.
Cheers,

[http://www.cisco.com/web/europe/images/email/signature/logo05.jpg]

Nastooh Avessta
ENGINEER.SOFTWARE ENGINEERING
nave...@cisco.com
Phone: +1 604 647 1527

Cisco Systems Limited
595 Burrard Street, Suite 2123 Three Bentall Centre, PO Box 49121
VANCOUVER
BRITISH COLUMBIA
V7X 1J1
CA
Cisco.com<http://www.cisco.com/>





[Think before you print.]Think before you print.

This email may contain confidential and privileged material for the sole use of 
the intended recipient. Any review, use, distribution or disclosure by others 
is strictly prohibited. If you are not the intended recipient (or authorized to 
receive for the recipient), please contact the sender by reply email and delete 
all copies of this message.
For corporate legal information go to:
http://www.cisco.com/web/about/doing_business/legal/cri/index.html

Cisco Systems Canada Co, 181 Bay St., Suite 3400, Toronto, ON, Canada, M5J 2T3. 
Phone: 416-306-7000; Fax: 416-306-7099. 
Preferences<http://www.cisco.com/offer/subscribe/?sid=000478326> - 
Unsubscribe<http://www.cisco.com/offer/unsubscribe/?sid=000478327> – 
Privacy<http://www.cisco.com/web/siteassets/legal/privacy.html>

From: John Omernik [mailto:j...@omernik.com]
Sent: Thursday, August 13, 2015 5:02 AM
To: user@mesos.apache.org
Subject: Re: Mesos Modifying User Group

I ran into this same issue.  For me it manifested as weird permission denied in 
MapR's NFS implementation, running in bash, etc was fine. But running in on 
Mesos, it didn't work (permission denied)(Also thank you to MapR for helping me 
troubleshoot).  Good news, there is a patch.

https://issues.apache.org/jira/browse/MESOS-719

And it's fixed in Mesos 0.23.  I applied the patch and recompiled and it worked 
great, and when I installed 0.23, it also worked great.

Good luck.

John

On Wed, Aug 12, 2015 at 5:28 PM, Nastooh Avessta (navesta) 
mailto:nave...@cisco.com>> wrote:
Having a bit of a strange problem with Mesos 0.22, running Spark 1.4.0, on 
Docker 1.6 slaves. Part of my Spark program calls on a script that accesses a 
GPU. I am able to run this script:

1.   As Bash

2.   Via Marathon

3.   As part of a Spark program running as a standalone master
However, when I try to run the same Spark program with Mesos as master, i.e., 
spark-submit --master mesos://\`cat /etc/mesos/zk\` --deploy-mode client…, I am 
not able to access dri devices, e.g., mfx init: /dev/dri/renderD128 fd open 
failed. What seems to be happening is that the group membership of the default 
user, in this case “ubuntu” is modified by Mesos, i.e., whereas under cases 
1-3, above, I get:

$ id
uid=1000(ubuntu) gid=1000(ubuntu) 
groups=1000(ubuntu),4(adm),20(dialout),24(cdrom),25(floppy),27(sudo),29(audio),30(dip),44(video),46(plugdev),102(netdev),999(docker)
In case of Mesos, I get:
uid=1000(ubuntu) gid=1000(ubuntu) groups=1000(ubuntu),0(root)

I am wondering if there are configuration parameters that can be passed to 
Mesos to prevent it from modifying user groups?

Cheers,
[http://www.cisco.com/web/europe/images/email/signature/logo05.jpg]

Nastooh Avessta
ENGINEER.SOFTWARE ENGINEERING
nave...@cisco.com<mailto:nave...@cisco.com>
Phone: +1 604 647 1527

Cisco Systems Limited
595 Burrard Street, Suite 2123 Three Bentall Centre, PO Box 49121
VANCOUVER
BRITISH COLUMBIA
V7X 1J1
CA
Cisco.com<http://www.cisco.com/>





[Think before you print.]Think before you print.

This email may contain confidential and privileged material for the sole use of 
the intended recipient. Any review, use, distribution or disclosure by others 
is strictly prohibited. If you are not the intended recipient (or authorized to 
receive for the recipient), please contact the sender by reply email and delete 
all copies of this message.
For corporate legal information go to:
http://www.cisco.com/web/about/doing_business/legal/cri/index.html

Cisco Systems Canada Co, 181 Bay St., Suite 3400, Toronto, ON, Canada, M5J 2T3. 
Phone: 416-306-7000; Fax: 416-306-7099. 
Preferences<http://www.cisco.com/offer/subscribe/?sid=000478326> - 
Unsubscribe<http://www.cisco.com/offer/unsubscribe/?sid=000478327> – 
Privacy<http://www.cisco.com/web/siteassets/legal/privacy.html>

Re: Mesos Modifying User Group

2015-08-13 Thread John Omernik

I ran into this same issue.  For me it manifested as weird permission
denied in MapR's NFS implementation, running in bash, etc was fine. But
running in on Mesos, it didn't work (permission denied)(Also thank you to
MapR for helping me troubleshoot).  Good news, there is a patch.

https://issues.apache.org/jira/browse/MESOS-719

And it's fixed in Mesos 0.23.  I applied the patch and recompiled and it
worked great, and when I installed 0.23, it also worked great.

Good luck.

John

On Wed, Aug 12, 2015 at 5:28 PM, Nastooh Avessta (navesta) <
nave...@cisco.com> wrote:

> Having a bit of a strange problem with Mesos 0.22, running Spark 1.4.0, on
> Docker 1.6 slaves. Part of my Spark program calls on a script that accesses
> a GPU. I am able to run this script:
>
> 1.   As Bash
>
> 2.   Via Marathon
>
> 3.   As part of a Spark program running as a standalone master
>
> However, when I try to run the same Spark program with Mesos as master,
> i.e., spark-submit --master mesos://\`cat /etc/mesos/zk\` --deploy-mode
> client…, I am not able to access dri devices, e.g., mfx init:
> /dev/dri/renderD128 fd open failed. What seems to be happening is that the
> group membership of the default user, in this case “ubuntu” is modified by
> Mesos, i.e., whereas under cases 1-3, above, I get:
>
>
>
> $ id
>
> uid=1000(ubuntu) gid=1000(ubuntu)
> groups=1000(ubuntu),4(adm),20(dialout),24(cdrom),25(floppy),27(sudo),29(audio),30(dip),44(video),46(plugdev),102(netdev),999(docker)
>
> In case of Mesos, I get:
>
> uid=1000(ubuntu) gid=1000(ubuntu) groups=1000(ubuntu),0(root)
>
>
>
> I am wondering if there are configuration parameters that can be passed to
> Mesos to prevent it from modifying user groups?
>
>
>
> Cheers,
>
> [image: http://www.cisco.com/web/europe/images/email/signature/logo05.jpg]
>
> *Nastooh Avessta*
> ENGINEER.SOFTWARE ENGINEERING
> nave...@cisco.com
> Phone: *+1 604 647 1527 <%2B1%20604%20647%201527>*
>
> *Cisco Systems Limited*
> 595 Burrard Street, Suite 2123 Three Bentall Centre, PO Box 49121
> VANCOUVER
> BRITISH COLUMBIA
> V7X 1J1
> CA
> Cisco.com 
>
>
>
> [image: Think before you print.]Think before you print.
>
> This email may contain confidential and privileged material for the sole
> use of the intended recipient. Any review, use, distribution or disclosure
> by others is strictly prohibited. If you are not the intended recipient (or
> authorized to receive for the recipient), please contact the sender by
> reply email and delete all copies of this message.
>
> For corporate legal information go to:
> http://www.cisco.com/web/about/doing_business/legal/cri/index.html
>
> Cisco Systems Canada Co, 181 Bay St., Suite 3400, Toronto, ON, Canada, M5J
> 2T3. Phone: 416-306-7000; Fax: 416-306-7099. *Preferences
>  - Unsubscribe
>  – Privacy
> *
>
>
>

Re: Mesos Modifying User Group

2015-08-13 Thread Steven Schlansker


On Aug 12, 2015, at 3:28 PM, Nastooh Avessta (navesta)  
wrote:

> Having a bit of a strange problem with Mesos 0.22, running Spark 1.4.0, on 
> Docker 1.6 slaves. Part of my Spark program calls on a script that accesses a 
> GPU. I am able to run this script:
> 1.   As Bash
> 2.   Via Marathon
> 3.   As part of a Spark program running as a standalone master
> However, when I try to run the same Spark program with Mesos as master, i.e., 
> spark-submit --master mesos://\`cat /etc/mesos/zk\` --deploy-mode client…, I 
> am not able to access dri devices, e.g., mfx init: /dev/dri/renderD128 fd 
> open failed. What seems to be happening is that the group membership of the 
> default user, in this case “ubuntu” is modified by Mesos, i.e., whereas under 
> cases 1-3, above, I get:
>  
> $ id
> uid=1000(ubuntu) gid=1000(ubuntu) 
> groups=1000(ubuntu),4(adm),20(dialout),24(cdrom),25(floppy),27(sudo),29(audio),30(dip),44(video),46(plugdev),102(netdev),999(docker)
> In case of Mesos, I get:
> uid=1000(ubuntu) gid=1000(ubuntu) groups=1000(ubuntu),0(root)
>  
> I am wondering if there are configuration parameters that can be passed to 
> Mesos to prevent it from modifying user groups?

Assuming your diagnosis here is correct,  this is actually a serious security 
issue -- notice how the group "0(root)" was added!

Mesos Modifying User Group

2015-08-12 Thread Nastooh Avessta (navesta)

Having a bit of a strange problem with Mesos 0.22, running Spark 1.4.0, on 
Docker 1.6 slaves. Part of my Spark program calls on a script that accesses a 
GPU. I am able to run this script:

1.   As Bash

2.   Via Marathon

3.   As part of a Spark program running as a standalone master
However, when I try to run the same Spark program with Mesos as master, i.e., 
spark-submit --master mesos://\`cat /etc/mesos/zk\` --deploy-mode client..., I 
am not able to access dri devices, e.g., mfx init: /dev/dri/renderD128 fd open 
failed. What seems to be happening is that the group membership of the default 
user, in this case "ubuntu" is modified by Mesos, i.e., whereas under cases 
1-3, above, I get:

$ id
uid=1000(ubuntu) gid=1000(ubuntu) 
groups=1000(ubuntu),4(adm),20(dialout),24(cdrom),25(floppy),27(sudo),29(audio),30(dip),44(video),46(plugdev),102(netdev),999(docker)
In case of Mesos, I get:
uid=1000(ubuntu) gid=1000(ubuntu) groups=1000(ubuntu),0(root)

I am wondering if there are configuration parameters that can be passed to 
Mesos to prevent it from modifying user groups?

Cheers,
[http://www.cisco.com/web/europe/images/email/signature/logo05.jpg]

Nastooh Avessta
ENGINEER.SOFTWARE ENGINEERING
nave...@cisco.com
Phone: +1 604 647 1527

Cisco Systems Limited
595 Burrard Street, Suite 2123 Three Bentall Centre, PO Box 49121
VANCOUVER
BRITISH COLUMBIA
V7X 1J1
CA
Cisco.com





[Think before you print.]Think before you print.

This email may contain confidential and privileged material for the sole use of 
the intended recipient. Any review, use, distribution or disclosure by others 
is strictly prohibited. If you are not the intended recipient (or authorized to 
receive for the recipient), please contact the sender by reply email and delete 
all copies of this message.
For corporate legal information go to:
http://www.cisco.com/web/about/doing_business/legal/cri/index.html

Cisco Systems Canada Co, 181 Bay St., Suite 3400, Toronto, ON, Canada, M5J 2T3. 
Phone: 416-306-7000; Fax: 416-306-7099. 
Preferences - 
Unsubscribe - 
Privacy

RE: Mesos Modifying User Group

Re: Mesos Modifying User Group

Re: Mesos Modifying User Group

Mesos Modifying User Group

4 matches

Site Navigation

Mail list logo

Footer information