Hi, We ran into this as well, but happily you can specify docker credentials for the mesos agent instead of using a file URI. This works a treat and stops putting docker credentials in the sandbox, which is a nice side effect.
Cheers, On 26/04/17 17:07, De Groot (CTR), Craig wrote: > We recently upgraded from Mesos 1.1.0 to 1.2.0 and are encountering > errors with code that previously worked in 1.1.0. I believe that this > is a bug in the new version. If not, I would like to know the correct > procedure for using the sandbox as a user other than root. > > Here is the scenario: > 1) Setup a job in Marathon which specifies a URI to our private > docker.tar.gz > - See: this for an example > ... > https://mesosphere.github.io/marathon/docs/native-docker-private-registry.html > <https://mesosphere.github.io/marathon/docs/native-docker-private-registry.html> > - This is a local file on each node > > 2) Specify a User (other than root) in the Marathon UI > > 3) Mesos will try to fetch the file and fails during the copy because > the ownership of the sandbox directory are not changed to the specified > user. > - Note that 1.1.0 correctly set the sandbox directory to the specified > user > - This behavior is documented in the Mesos Docs here (see "specifying > a user name"): http://mesos.apache.org/documentation/latest/fetcher/ > <http://mesos.apache.org/documentation/latest/fetcher/> > > Thanks in advance for the help! > > __________________________________________________ > Craig De Groot > > -- Stephen Gran Senior Technical Architect picture the possibilities | piksel.com