dcos-launch icon indicating copy to clipboard operation
dcos-launch copied to clipboard

Published 20 hours ago verified publisher icon dcos

Open Mesos and Marathon ports

Open timaa2k opened this issue 7 years ago • 5 comments

In order to first-class the resilience tests direct access to Mesos and Marathon instances is desired. This is necessary at this point until appropriate DC/OS checks are in place that can be accessed over SSH.

I am aware of the security risk of this change. The resilience tests specify admin_location to be the IP range of the machine executing the tests. However other tests using DC/OS launch might not have such restrictions and for them it may very well be dangerous to expose those ports to the public.

Right now I'm modifying the template in a separate branch in e2e every time DC/OS launch is bumped.

timaa2k avatar Apr 25 '18 10:04 timaa2k

@timaa2k given that this might be a security issue for other dcos-launch use cases where admin_location is not specified, would it be more appropriate to leave this in its separate branch?

cprovencher avatar Apr 27 '18 20:04 cprovencher

I'm not aware of how dcos-launch is currently used in tests, that's why I was raising this issue. Since it's not a default setting to restrict cluster access I believe not many users secure their cluster. It may be better to have a separate branch.

timaa2k avatar May 08 '18 08:05 timaa2k

I do not think that supporting Mesosphere use cases is best done by maintaining multiple branches. In my opinion it is best done by supporting options, choosable with Python. Is that viable?

@timaa2k Perhaps link this to a JIRA issue?

adamtheturtle avatar May 08 '18 08:05 adamtheturtle

Corresponding JIRA issue: https://jira.mesosphere.com/browse/DCOS-28736

timaa2k avatar May 08 '18 12:05 timaa2k

@timaa2k @adamtheturtle yeah Adam let's just let's make this a new template and make the usage of those templates configurable

cprovencher avatar May 08 '18 17:05 cprovencher