New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Marathon fails to properly escape command health checks #3333
Comments
@bbannier @lloesche Marathon just passes the command string directly to Mesos. Escaping should be done on the Mesos side. |
Hi, do you use MesosContainerizer or DockerContainerizer? @lloesche As I checked by HealthCheckTest.HealthyTaskShellEscape All below ways could pass:
And I am going to set up a marathon to test e2e. |
My marathon task json
Which could pass health check in Mesos
|
By the way, I noticed marathon didn't set env for health check command. https://github.com/mesosphere/marathon/blob/master/src/main/scala/mesosphere/marathon/health/HealthCheck.scala#L89
|
If I want to execute a command health check like
/bin/bash -c "</dev/tcp/$HOST/$PORT0"
using the following definition
the health check will fail even though it is a perfectly valid command when executed on the system.
The reason being that Mesos wrapps the command health check in another
sh -c ""
and Marathon fails to properly escape the quotes in the configured command.To successfully run the check above I have to use a config like this:
This means a Marathon user would have to have intimate knowledge of how Mesos further processes his command. I would expect Marathon to accept any valid shell command and properly escape it for further processing.
By escape I don't mean shell escape because then you can't do pipes and redirection and command concatenation. Just replace
"
with\"
in the user provided command before handing it off to Mesos.The text was updated successfully, but these errors were encountered: