[SPARK-22131][MESOS] Mesos driver secrets

[susanxhuynh]

Background

In #18837 , @ArtRand added Mesos secrets support to the dispatcher. This PR is to add the same secrets support to the drivers. This means if the secret configs are set, the driver will launch executors that have access to either env or file-based secrets.

One use case for this is to support TLS in the driver <=> executor communication.

What changes were proposed in this pull request?

Most of the changes are a refactor of the dispatcher secrets support (#18837) - moving it to a common place that can be used by both the dispatcher and drivers. The same goes for the unit tests.

How was this patch tested?

There are four config combinations: [env or file-based] x [value or reference secret]. For each combination:

• Added a unit test.
• Tested in DC/OS.

[SparkQA]

Test build #82475 has finished for PR 19437 at commit 6f062c0.

• This patch passes all tests.
• This patch merges cleanly.
• This patch adds no public classes.

[susanxhuynh]

@ArtRand @skonto Please review. Tests passed.

[skonto]

assert(envVars.count(!_.getName.startsWith("SPARK_")) == 2)

[susanxhuynh]

Done

[skonto]

assert(envVars.count(!_.getName.startsWith("SPARK_")) == 2)

[susanxhuynh]

Thanks, I'll fix it.

[skonto]

IMHO a better name would be createContainerInfo or buildContainerInfo

[susanxhuynh]

OK, I'll use buildContainerInfo.

[skonto]

avoid wild card imports if possible.

[susanxhuynh]

Hmm, IntelliJ added this automatically - I'll fix it.

[skonto]

s -> secrets

[susanxhuynh]

Done

[skonto]

shouldn't be SECRET_NAMES? Same for the rest of the configs below.

[susanxhuynh]

I see what you mean. I'll change them.

[skonto]

I think this is redundant, it is covered by the last false statement anyway.
Does it make sense to have paths but no secrets?

[susanxhuynh]

Good point. If they specify paths but no secrets, it should throw an exception.

[skonto]

@susanxhuynh I think this a mesos 1.4 feature, shouldn't we document this for users?
https://issues.apache.org/jira/browse/MESOS-7418
Btw this scheduler still depends on mesos 1.3 proto,

[ArtRand]

@susanxhuynh @skonto The secret-containing protos will be valid in Mesos 1.3 onwards, thus why the scheduler has that requirement. DC/OS with file-based secrets has Mesos 1.4 thus why we test it there.

[susanxhuynh]

I'll push another commit soon.

[susanxhuynh]

Thanks, I'll fix it.

[susanxhuynh]

I see what you mean. I'll change them.

[susanxhuynh]

Hmm, IntelliJ added this automatically - I'll fix it.

[susanxhuynh]

OK, I'll use buildContainerInfo.

[susanxhuynh]

Done

[susanxhuynh]

Good point. If they specify paths but no secrets, it should throw an exception.

[susanxhuynh]

Done

[SparkQA]

Test build #82565 has finished for PR 19437 at commit 73b2cbf.

• This patch passes all tests.
• This patch merges cleanly.
• This patch adds no public classes.

[skonto]

LGTM. @susanxhuynh have you tested this with TLS, just curious.

[susanxhuynh]

@skonto I haven't tested with TLS; I'll work on that in the next couple of days.

[susanxhuynh]

@vanzin Would you mind reviewing this PR? A followup to ArtRand's secrets PR.

[ArtRand]

Just a few nits mostly. Thanks.

[ArtRand]

I'd almost prefer that we don't add any features to fine-grained right now. As we have virtually no test coverage on whether or not this will work.

[skonto]

+1 There is a PR for removing it already waiting for spark 3.0. Let's to give users the wrong impression that we maintain it.

[susanxhuynh]

Okay, I've reverted this change in fine-grained mode.

[ArtRand]

Maybe change secretConfig to mesosConfig and pass the whole thing? That way if we want to add new functionality later this function is more general. Given that most of what we do is proto-generation, I bet we'll have to do this eventually anyways.

[susanxhuynh]

I've removed that second parameter and moved the secret stuff out of this method, since it's called by Fine-Grained mode, and we don't want to touch Fine-Grained mode.

[ArtRand]

Need a space at the end of this log line (my bad!)

[susanxhuynh]

Fixed.

[ArtRand]

Space at the end of this log line too.

[susanxhuynh]

Fixed

[ArtRand]

What do you think about putting an example here like we do for spark.mesos.network.labels - something general for all secrets?

[susanxhuynh]

I'll add some examples. I didn't find a good general example; I added a separate example to each config option.

[ArtRand]

Is it possible to make this return List[Variable] like it used to as opposed to mutating the Environment.Builder, just more consistent (e.g. getSecretVolume)

[susanxhuynh]

I've removed this method. To be more consistent, I've moved this code back into MesosClusterScheduler. There's a little duplication, because MesosCoarseGrainedSchedulerBackend now has a similar code snippet, but it does avoid the mutation.

[ArtRand]

Indentation?

[susanxhuynh]

Fixed

[ArtRand]

Out of curiosity, why do we have this file and MesosSchedulerUtils?

[skonto]

It is for the MesosScheduler's helper functions but there are methods (eg. createResource) used all over the place. We need to cleanup the code at some point.

[ArtRand]

Ah ok. One of these days let's make a "clean up" JIRA and harmonize all of this code. The naming is also all over the place..

[susanxhuynh]

@ArtRand @skonto I reverted the change in Fine-Grained mode. There's a change in the method name, but that's it.

@ArtRand I've added the doc examples, and did a little re-arranging of the code to address the consistency issue you raised (getSecretEnvVar and getSecretVolumes code blocks).

[susanxhuynh]

I'll add some examples. I didn't find a good general example; I added a separate example to each config option.

[susanxhuynh]

Okay, I've reverted this change in fine-grained mode.

[susanxhuynh]

I've removed that second parameter and moved the secret stuff out of this method, since it's called by Fine-Grained mode, and we don't want to touch Fine-Grained mode.

[susanxhuynh]

Fixed.

[susanxhuynh]

I've removed this method. To be more consistent, I've moved this code back into MesosClusterScheduler. There's a little duplication, because MesosCoarseGrainedSchedulerBackend now has a similar code snippet, but it does avoid the mutation.

[susanxhuynh]

Fixed

[susanxhuynh]

Fixed

[SparkQA]

Test build #82867 has finished for PR 19437 at commit 770d307.

• This patch passes all tests.
• This patch merges cleanly.
• This patch adds no public classes.

[SparkQA]

Test build #82868 has finished for PR 19437 at commit b2a3675.

• This patch passes all tests.
• This patch merges cleanly.
• This patch adds no public classes.

[ArtRand]

LGTM

[ArtRand]

Ah ok. One of these days let's make a "clean up" JIRA and harmonize all of this code. The naming is also all over the place..

[ArtRand]

indentation?

[susanxhuynh]

Fixed

[ArtRand]

I'm not sure what the policy should be on this, but IIUC file-based secrets does require a backend module. Should we mention that here?

[susanxhuynh]

Mentioned custom module and added link to Mesos documentation.

[ArtRand]

indentation?

[susanxhuynh]

Fixed

[SparkQA]

Test build #82885 has finished for PR 19437 at commit a801799.

• This patch passes all tests.
• This patch merges cleanly.
• This patch adds no public classes.

[susanxhuynh]

@srowen Would you like to help review? Adding Mesos secrets support in driver for executor tasks.

[susanxhuynh]

@vanzin Ping, would you mind reviewing this PR?

[susanxhuynh]

@srowen Ping, would you like to help review?

[vanzin]

I can't really comment on the functionality since I don't know Mesos, but the docs are really confusing.

[vanzin]

I cannot really understand this description.

[susanxhuynh]

Let me try to improve the descriptions of all these secret configs.

[vanzin]

Indentation doesn't match other rows.

[susanxhuynh]

Fixed.

[vanzin]

Indentation is off.

[susanxhuynh]

Fixed.

[vanzin]

This is another description that is very weirdly worded. What I can understand of this:

"A comma-separated list of file names to which secret names and values will be written."

But I can't really know whether that's the case because it's really confusing.

[vanzin]

This "protobuf" thing is mentioned in a bunch of places but there's no link nor explanation of what it is. Are Mesos users just supposed to know what that is?

[susanxhuynh]

I have grouped some of these properties together to make the description clearer. Please let me know what you think.

[vanzin]

This block now needs to be indented further.

[susanxhuynh]

Fixed.

[vanzin]

Indent further.

[susanxhuynh]

Fixed.

[vanzin]

Move to previous line.

[susanxhuynh]

ok

[vanzin]

Move to previous line.

[susanxhuynh]

ok

[vanzin]

Move to previous line.

[susanxhuynh]

ok

[susanxhuynh]

@vanzin Thanks for the feedback! PTAL:

[susanxhuynh]

I have grouped some of these properties together to make the description clearer. Please let me know what you think.

[susanxhuynh]

Fixed.

[susanxhuynh]

Let me try to improve the descriptions of all these secret configs.

[susanxhuynh]

Fixed.

[susanxhuynh]

Done. I've moved this MesosSecretConfig class inside the config object, and made the constructor private to that object.

[susanxhuynh]

Fixed.

[susanxhuynh]

Fixed.

[susanxhuynh]

ok

[susanxhuynh]

ok

[susanxhuynh]

ok

[SparkQA]

Test build #83049 has finished for PR 19437 at commit 3cd1ae8.

• This patch passes all tests.
• This patch merges cleanly.
• This patch adds no public classes.

[vanzin]

Mostly just want to confirm the docs look ok. They are much clearer now (aside from the question about the secret store).

[vanzin]

Did you generate the docs to see how this looks? I wonder how browsers will try to render this extra-wide column.

[susanxhuynh]

It looks okay in a browser. This column takes up about 25% of the page width. Here's a screenshot:

[vanzin]

Just want to confirm this cell renders as expected, and not in a single paragraph or something odd like that. I'm not really familiar with how jekyll translates this into HTML.

[susanxhuynh]

Good catch. I added <p> paragraph tags to separate paragraphs in this table cell. (Jekyll doesn't need them in normal text body, only inside a table cell.)

[vanzin]

What is this secret store? I don't remember Spark providing this feature, so it's not clear how this secret store is configured or used by Spark.

[susanxhuynh]

I added a note about this. The secret store has to be provided by the user. You can configure Mesos to integrate with a secret store via a custom Mesos module.

[vanzin]

"Cannot specify both value-type and reference-type secrets."

[susanxhuynh]

Fixed.

[vanzin]

nit (also in other places): .map { s => ... }

[susanxhuynh]

Fixed.

[SparkQA]

Test build #83085 has finished for PR 19437 at commit 88dfb42.

• This patch passes all tests.
• This patch merges cleanly.
• This patch adds no public classes.

[susanxhuynh]

@vanzin I've built the docs and made sure they look good:

[susanxhuynh]

It looks okay in a browser. This column takes up about 25% of the page width. Here's a screenshot:

[susanxhuynh]

Good catch. I added <p> paragraph tags to separate paragraphs in this table cell. (Jekyll doesn't need them in normal text body, only inside a table cell.)

[susanxhuynh]

I added a note about this. The secret store has to be provided by the user. You can configure Mesos to integrate with a secret store via a custom Mesos module.

[susanxhuynh]

Fixed.

[susanxhuynh]

Fixed.

[vanzin]

Merging to master.