2
我正在努力如何獲得與激活的acls配額。如何使用激活的acls設置/刪除配額?
我使用Mesos版本0.27.2。
我使用follwing標誌碩士3:
- --ip =一些-IP \
- --logging_level = INFO \
- --advertise_ip =一些-IP \
- - -port = 5050 \
- --advertise_port = 5050 \
- --registry = replicated_log \
- --quorum = 2 \
- = --zk一些-zookepyer-URL \
- --cluster = AlisterDevelopment \
- --log_dir = /無功/日誌/ mesos /主\
- --work_dir =的/ var/lib中/ mesos /主\
- --offer_timeout = 1mins \
- --hostname =某些主機名\
- --credentials =文件:///等/ mesos主/密碼\
- --acls = file:/// etc/mesos-master/acls \
- --authenticate_slaves
我的ACL是這樣的:
{
"permissive": false,
"run_tasks": [
{
"principals": { "values": ["ase", "core", "opss", "jenkins"] },
"users": { "values": ["jenkins"] }
}
],
"register_frameworks": [
{
"principals": { "values": ["ase"] },
"roles": { "values": ["ase"] }
},
{
"principals": { "values": ["opss"] },
"roles": { "values": ["opss"] }
},
{
"principals": { "values": ["core"] },
"roles": { "values": ["core"] }
},
{
"principals": { "values": ["jenkins"] },
"roles": { "values": ["jenkins"] }
}
],
"set_quotas": [
{
"principals": {
"values": ["ase", "core", "opss", "jenkins"]
},
"roles": {
"values": ["ase", "core", "opss", "jenkins"]
}
}
],
"remove_quotas": [
{
"principals": {
"values": ["ase", "core", "opss", "jenkins"]
},
"quota_principals": {
"values": ["ase", "core", "opss", "jenkins"]
}
}
]
}
的校長酶,核心和OPS中有憑據的密碼文件,並使用這些憑據登錄框架工作得很好,一樣註冊奴隸。
然而,試圖用捲曲增加配額,當我得到禁止的respons的403。
curl -u opss -v -d @ase-quota.json -X POST http://SERVER-IP:5050/quota --header "Content-Type: application/json"
上述命令在沒有啓用acn的情況下工作正常。
一旦再次啓用,403再次禁止刪除配額失敗。
我在mesos主日誌中看到的是:
I0414 10:59:39.396838 9 http.cpp:501] HTTP GET for /master/state.json from 192.168.7.14:35248 with User-Agent='Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:44.0) Gecko/20100101 Firefox/44.0'
I0414 10:59:40.019409 8 http.cpp:501] HTTP POST for /master/quota from 192.168.7.14:35258 with User-Agent='curl/7.35.0'
I0414 10:59:40.031294 8 quota_handler.cpp:446] Authorizing principal 'ANY' to request quota for role 'ase'
添加和:
I0414 13:07:23.521467 9 http.cpp:501] HTTP DELETE for /master/quota/ase from 192.168.7.14:50685 with User-Agent='curl/7.35.0'
I0414 13:07:23.523748 9 quota_handler.cpp:472] Authorizing principal 'ANY' to remove quota set by 'ANY'
試圖刪除配額時。
問題是,如何讓curl或mesos意識到我在這種情況下作爲主要opss工作?
thx,這實際上是問題所在。仍然回答一個問題很奇怪;) – rekie