running marathon as a mesos task with: ssl verify on, host network, still communicates 'standard' hostname to mesos-master #7209
Comments
f1-outsourcing
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I am trying to run marathon as a task with host networking on, and ssl verify on.
I have a test server with marathon that can connect to the mesos-master if the mesos-master has LIBPROCESS_SSL_VERIFY_SERVER_CERT=1
If I just change this test server setup with
export MARATHON_HOSTNAME=blabla.localINFO Starting Marathon 1.9.109/b9c866838666331f26814af65c6bff234390fc84 with --metrics_prometheus --plugin_conf /etc/marathon/marathon-plugins.conf --task_lost_expunge_interval 300000 --disable_metrics_datadog --disable_http --hostname bla.local -
I still can connect with the mesos-master, I would expect not being able to connect because the advertised hostname is not the same as in the certificate.
Vice versa is my problem
If I do configure marathon with the hostname=marathon.prod.marathon.mesos I am still getting mesos-master warnings like these:
W0725 14:31:36.663656 12203 process.cpp:1480] Failed to link to '192.168.10.114:42743', connect: Presented Certificate Name: marathon.prod.marathon.mesos does not match peer hostname name: xxxx.local
The text was updated successfully, but these errors were encountered: