doesn’t seem a great place for a secret; depending on how the host is handling swap and your tolerance for risk of leakage via ram content recovery.
..larry > On Apr 21, 2018, at 9:02 AM, Qian Zhang <zhq527...@gmail.com> wrote: > > Hi Aditya, > > Yeah, you are right. `hostSecretPath` is a sub-directory under agent's > runtime dir, and the default value of agent's runtime dir is `/var/run/mesos` > which is a tmpfs. So the secret is written to tmpfs on agent host. > > > Regards, > Qian Zhang > > On Sat, Apr 21, 2018 at 8:19 AM, Aditya Bhave <adity...@uber.com > <mailto:adity...@uber.com>> wrote: > Hi Qian, > > Secret is written to file at hostSecretPath which is derived like this: > > const string hostSecretPath = path::join(flags.runtime_dir, SECRET_DIR, > stringify(id::UUID::random())); > Also, > const string hostSecretTmpDir = path::join(flags.runtime_dir, SECRET_DIR); > Is the hostSecretTmpDir not located on tmpfs? The dir name alludes to this. > > Thanks, > -Aditya > > On Fri, Apr 20, 2018 at 5:05 PM, Qian Zhang <zhq527...@gmail.com > <mailto:zhq527...@gmail.com>> wrote: > > When the secret is first downloaded on the mesos agent, it will be stored > > as "root" on the tmpfs/ramfs before being mounted in the container ramfs. > > It seems the secret is not stored on the tmpfs/ramfs on the agent host, we > just write it into a file > <https://github.com/apache/mesos/blob/1.5.0/src/slave/containerizer/mesos/isolators/volume/secret.cpp#L281> > under the agent's runtime directory, and then move it into the ramfs > <https://github.com/apache/mesos/blob/1.5.0/src/slave/containerizer/mesos/isolators/volume/secret.cpp#L260:L267> > in the container when the container is launched. > > > Regards, > Qian Zhang > > On Fri, Apr 20, 2018 at 2:47 PM, Gilbert Song <gilb...@apache.org > <mailto:gilb...@apache.org>> wrote: > IIUC, your assumptions are all correct. > > @Kapil, could you please confirm? Maybe we could improve the document at the > next Docathon. > > Gilbert > > On Thu, Apr 19, 2018 at 10:57 AM, Zhitao Li <zhitaoli...@gmail.com > <mailto:zhitaoli...@gmail.com>> wrote: > Hello, > > We at Uber plan to use volume/secret isolator to send secrets from Uber > framework to Mesos agent. > > For this purpose, we are referring to these documents: > > - File based secrets design doc > > <https://docs.google.com/document/d/18raiiUfxTh-JBvjd6RyHe_TOScY87G_bMi5zBzMZmpc/edit# > > <https://docs.google.com/document/d/18raiiUfxTh-JBvjd6RyHe_TOScY87G_bMi5zBzMZmpc/edit#>> > and slides > > <http://schd.ws/hosted_files/mesosconasia2017/70/Secrets%20Management%20in%20Mesos.pdf > > <http://schd.ws/hosted_files/mesosconasia2017/70/Secrets%20Management%20in%20Mesos.pdf>> > . > - Apache Mesos secrets documentation > <http://mesos.apache.org/documentation/latest/secrets/ > <http://mesos.apache.org/documentation/latest/secrets/>> > > Could you please confirm that the following assumptions are correct? > > - Mesos agent and master will never log the secret data at any logging > level; > - Mesos agent and master will never expose the secret data as part of > any API response; > - Mesos agent and master will never store the secret in any persistent > storage, but only on tmpfs or ramfs; > - When the secret is first downloaded on the mesos agent, it will be > stored as "root" on the tmpfs/ramfs before being mounted in the container > ramfs. > > If above assumptions are true, then I would like to see them documented in > this as part of the Apache Mesos secrets documentation > <http://mesos.apache.org/documentation/latest/secrets/ > <http://mesos.apache.org/documentation/latest/secrets/>>. Otherwise, we'd > like to have a design discussion with maintainer of the isolator. > > We appreciate your help regarding this. Thanks! > > Regards, > Aditya And Zhitao > > > >
