Fix dispatcher Principal and Role (apache#45)

jlopezmalla · Aug 17, 2017 · 8165783 · 8165783
1 parent bade4d4
commit 8165783
Show file tree

Hide file tree

Showing 2 changed files with 29 additions and 30 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,8 +1,12 @@
 # Changelog
 
+## 2.1.0.4 (upcoming)
+
+* Spark Dispatcher retrieves Mesos Principal and Secret from Vault
+
 ## 2.1.0.3 (July 26, 2017)
 
-* Fix History Server env vars.
+* Fix History Server env vars
 
 
 ## 2.1.0.2 (July 25, 2017)

diff --git a/docker/dispatcher/service b/docker/dispatcher/service
@@ -4,23 +4,13 @@ set -x
 
 exec 2>&1
 
+source /root/kms_utils-0.2.1.sh
+
 function export_daemon_opts() {
     export SPARK_DAEMON_JAVA_OPTS=""
     if [ "${DCOS_SERVICE_NAME}" != "spark" ]; then
         export SPARK_DAEMON_JAVA_OPTS="$SPARK_DAEMON_JAVA_OPTS -Dspark.deploy.zookeeper.dir=/spark_mesos_dispatcher_${DCOS_SERVICE_NAME}"
     fi
-
-    if [ "$SPARK_DISPATCHER_MESOS_ROLE" != "" ]; then
-        export SPARK_DAEMON_JAVA_OPTS="$SPARK_DAEMON_JAVA_OPTS -Dspark.mesos.role=$SPARK_DISPATCHER_MESOS_ROLE"
-    fi
-
-    if [ "$SPARK_DISPATCHER_MESOS_PRINCIPAL" != "" ]; then
-        export SPARK_DAEMON_JAVA_OPTS="$SPARK_DAEMON_JAVA_OPTS -Dspark.mesos.principal=$SPARK_DISPATCHER_MESOS_PRINCIPAL"
-    fi
-
-    if [ "$SPARK_DISPATCHER_MESOS_SECRET" != "" ]; then
-        export SPARK_DAEMON_JAVA_OPTS="$SPARK_DAEMON_JAVA_OPTS -Dspark.mesos.secret=$SPARK_DISPATCHER_MESOS_SECRET"
-    fi
 }
 
 function set_log_level() {
@@ -36,25 +26,28 @@ function add_if_non_empty() {
 
 function configure_properties() {
 
-    echo '' > /opt/spark/dist/conf/mesos-cluster-dispatcher.properties
-    if [ "${SPARK_DYNAMIC_AUTHENTICATION_PATH}" != "" ]; then
-    echo "spark.mesos.secret.dispatcher.dynamic.authentication.path=${SPARK_DYNAMIC_AUTHENTICATION_PATH}" >> /opt/spark/dist/conf/mesos-cluster-dispatcher.properties
-    fi
-    # write defaults
-    if [ "${DCOS_SERVICE_ACCOUNT_CREDENTIAL}" != "" ]; then
-        # write defaults using both property names, since 2.0 uses one and 2.1 uses the other
-        echo "spark.mesos.dispatcher.driverDefault.spark.mesos.driverEnv.MESOS_MODULES=file:///opt/mesosphere/etc/mesos-scheduler-modules/dcos_authenticatee_module.json" >> /opt/spark/dist/conf/mesos-cluster-dispatcher.properties
-        echo "spark.mesos.cluster.taskProperty.spark.mesos.driverEnv.MESOS_MODULES=file:///opt/mesosphere/etc/mesos-scheduler-modules/dcos_authenticatee_module.json" >> /opt/spark/dist/conf/mesos-cluster-dispatcher.properties
-
-        echo "spark.mesos.dispatcher.driverDefault.spark.mesos.driverEnv.MESOS_AUTHENTICATEE=com_mesosphere_dcos_ClassicRPCAuthenticatee" >> /opt/spark/dist/conf/mesos-cluster-dispatcher.properties
-        echo "spark.mesos.cluster.taskProperty.spark.mesos.driverEnv.MESOS_AUTHENTICATEE=com_mesosphere_dcos_ClassicRPCAuthenticatee" >> /opt/spark/dist/conf/mesos-cluster-dispatcher.properties
-
-        echo "spark.mesos.dispatcher.driverDefault.spark.mesos.principal=${SPARK_DISPATCHER_MESOS_PRINCIPAL}" >> /opt/spark/dist/conf/mesos-cluster-dispatcher.properties
-        echo "spark.mesos.cluster.taskProperty.spark.mesos.principal=${SPARK_DISPATCHER_MESOS_PRINCIPAL}" >> /opt/spark/dist/conf/mesos-cluster-dispatcher.properties
-    fi
+echo '' > /opt/spark/dist/conf/mesos-cluster-dispatcher.properties
+if [[ "$SECURED_MESOS" == "true" ]]
+then
+     #Login to get access token for Vault
+     login
+     #Get Mesos secrets from Vault
+     getPass "userland" "$DCOS_SERVICE_NAME" "mesos"
+     declare DCOS_SERVICE_NAME_NOHYPHEN=${DCOS_SERVICE_NAME//-/_}
+     declare MESOS_PRINCIPAL="${DCOS_SERVICE_NAME_NOHYPHEN^^}_MESOS_USER"
+     MESOS_PRINCIPAL=${!MESOS_PRINCIPAL}
+     declare MESOS_SECRET="${DCOS_SERVICE_NAME_NOHYPHEN^^}_MESOS_PASS"
+     MESOS_SECRET=${!MESOS_SECRET}
+
+      echo "spark.mesos.principal=${MESOS_PRINCIPAL}" >> /opt/spark/dist/conf/mesos-cluster-dispatcher.properties
+      echo "spark.mesos.secret=${MESOS_SECRET}" >> /opt/spark/dist/conf/mesos-cluster-dispatcher.properties
+      echo "spark.mesos.role=${DCOS_SERVICE_NAME}" >> /opt/spark/dist/conf/mesos-cluster-dispatcher.properties
+
+else
+	echo 'MESOS SECURITY IS NOT ENABLE'
+fi
 }
 
-
 export APPLICATION_WEB_PROXY_BASE="${DISPATCHER_UI_WEB_PROXY_BASE}"
 set_log_level
 export_daemon_opts
@@ -67,6 +60,8 @@ if [ "${SPARK_VIRTUAL_USER_NETWORK}" != "" ]; then
    export LIBPROCESS_IP=$HOST
 fi
 
+
+
 exec /opt/spark/dist/bin/spark-class \
     org.apache.spark.deploy.mesos.MesosClusterDispatcher \
     --port "${DISPATCHER_PORT}" \