Enabling SSL on Zookeeper will likely not work, as the Zookeeper C library (which Mesos uses to talk to Zookeeper) does not contain any concept of SSL. If they added SSL support to the C library in that alpha version, you would need to bump the library in the Mesos code and rebuild, possibly with other code changes.
On Wed, Dec 28, 2016 at 2:33 PM, Douglas Nelson <itsbeh...@gmail.com> wrote: > I was wondering how others are securing ZooKeeper on top of Mesos. > > I'm running Mesos in HA mode on 3 AWS EC2 instances. A number of external > machines are set up as Mesos agents and SSL/authentication is enabled on > both ends (for Mesos and its frameworks). But to use HA mode the agents > have to communicate with ZK directly (and my ZK registry stores secure > information). > > Is the recommended route to use an alpha version of ZK to enable SSL? > Also, does this play nicely with a Mesos agent's "master" flag? Any help > would be appreciated! >
