发件人: haosdent <[email protected]<mailto:[email protected]>> 答复: "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>> 日期: 2015年11月1日 星期日 下午5:02 至: user <[email protected]<mailto:[email protected]>> 主题: Re: How to tell master which ip to connect.
Hi, @Xiaodong I think ssl + register auth is enough, I don't think you need worried about that. Let me also attach some other mesos documents except ssl relate to security. authentication: https://github.com/apache/mesos/blob/master/docs/authorization.md authentication: https://github.com/apache/mesos/blob/master/docs/authentication.md firewall_rules: https://github.com/apache/mesos/blob/master/docs/configuration.md#master-and-slave-options And if you want to use external firewall of iptables to limit access, it is also OK when you using mesos. On Fri, Oct 30, 2015 at 7:50 AM, Xiaodong Zhang <[email protected]<mailto:[email protected]>> wrote: oh!connect via ssl and register with auth is not safety enough? 发自我的 iPhone 在 2015年10月30日,上午12:55,tommy xiao <[email protected]<mailto:[email protected]>> 写道: public ip is very dangerous for mesos cluster, you need a firewall on your solution. 2015-10-28 10:16 GMT+08:00 Xiaodong Zhang <[email protected]<mailto:[email protected]>>: Hi teams: My scenarios is like this: My master nodes were deployed in AWS. My slaves were in AZURE.So they communicate via public ip. I got trouble when slaves try to register to master. Now slaves can get master’s public ip address,and can send register request.But they can only send there private ip to master.(Because they don’t know there public ip,thus they can’t not bind a public ip via ―ip flag), thus masters can’t connect slaves.How can the slave to tell master which ip master should connect(I can’t find any flags like ―advertise_ip in master). -- Deshi Xiao Twitter: xds2000 E-mail: xiaods(AT)gmail.com<http://gmail.com> -- Best Regards, Haosdent Huang
