2
我正在努力如何获得与激活的acls配额。如何使用激活的acls设置/删除配额?
我使用Mesos版本0.27.2。
我使用follwing标志硕士3:
- --ip =一些-IP \
- --logging_level = INFO \
- --advertise_ip =一些-IP \
- - -port = 5050 \
- --advertise_port = 5050 \
- --registry = replicated_log \
- --quorum = 2 \
- = --zk一些-zookepyer-URL \
- --cluster = AlisterDevelopment \
- --log_dir = /无功/日志/ mesos /主\
- --work_dir =的/ var/lib中/ mesos /主\
- --offer_timeout = 1mins \
- --hostname =某些主机名\
- --credentials =文件:///等/ mesos主/密码\
- --acls = file:/// etc/mesos-master/acls \
- --authenticate_slaves
我的ACL是这样的:
{
"permissive": false,
"run_tasks": [
{
"principals": { "values": ["ase", "core", "opss", "jenkins"] },
"users": { "values": ["jenkins"] }
}
],
"register_frameworks": [
{
"principals": { "values": ["ase"] },
"roles": { "values": ["ase"] }
},
{
"principals": { "values": ["opss"] },
"roles": { "values": ["opss"] }
},
{
"principals": { "values": ["core"] },
"roles": { "values": ["core"] }
},
{
"principals": { "values": ["jenkins"] },
"roles": { "values": ["jenkins"] }
}
],
"set_quotas": [
{
"principals": {
"values": ["ase", "core", "opss", "jenkins"]
},
"roles": {
"values": ["ase", "core", "opss", "jenkins"]
}
}
],
"remove_quotas": [
{
"principals": {
"values": ["ase", "core", "opss", "jenkins"]
},
"quota_principals": {
"values": ["ase", "core", "opss", "jenkins"]
}
}
]
}
的校长酶,核心和OPS中有凭据的密码文件,并使用这些凭据登录框架工作得很好,一样注册奴隶。
然而,试图用卷曲增加配额,当我得到禁止的respons的403。
curl -u opss -v -d @ase-quota.json -X POST http://SERVER-IP:5050/quota --header "Content-Type: application/json"
上述命令在没有启用acn的情况下工作正常。
一旦再次启用,403再次禁止删除配额失败。
我在mesos主日志中看到的是:
I0414 10:59:39.396838 9 http.cpp:501] HTTP GET for /master/state.json from 192.168.7.14:35248 with User-Agent='Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:44.0) Gecko/20100101 Firefox/44.0'
I0414 10:59:40.019409 8 http.cpp:501] HTTP POST for /master/quota from 192.168.7.14:35258 with User-Agent='curl/7.35.0'
I0414 10:59:40.031294 8 quota_handler.cpp:446] Authorizing principal 'ANY' to request quota for role 'ase'
添加和:
I0414 13:07:23.521467 9 http.cpp:501] HTTP DELETE for /master/quota/ase from 192.168.7.14:50685 with User-Agent='curl/7.35.0'
I0414 13:07:23.523748 9 quota_handler.cpp:472] Authorizing principal 'ANY' to remove quota set by 'ANY'
试图删除配额时。
问题是,如何让curl或mesos意识到我在这种情况下作为主要opss工作?
thx,这实际上是问题所在。仍然回答一个问题很奇怪;) – rekie