0

Is it possible to run and access a mesos master on a machine that is placed behind a proxy?

I have successfully succeeded to deployed a MesosMaster/Marathon/MesosSalve on my local infrastructure.

The problem arises when I want to put the MesosSlave somewhere in the internet, so that MesosSlave and MesosMaster shall communicate through public IPs

My conf is the following:

              Internet                                                                          My Infra

      .----------------------.                   .-----------------.    .-----------------.              .-------------------------------------------------.
      |    Mesos Slave VM    |                   |  Front Machine  |    |      Proxy      |              |                     Tool-VM                     |
      |    178.22.17.248     |                   |  39.224.147.94  |    |    10.2.0.57    |              |                   10.1.10.176                   |
      |----------------------|                   |  my.domain.com  |    |-----------------|              |           192.168.5.1 (docker bridge)           |
      |                      |                   |-----------------|    |                 |              |-------------------------------------------------|
      |                      |                   |                 |    |                 |              |                                                 |
      |       __________     |                   | __________      |    | __________      |              |                 .-----------------------------. |
      |      [_...__..5051.°]|                   |[_..5050.__...°] |<---|[_..5050.__...°] |<------------^|                 |   Mesos-Master Container    | |
      |                      |                   |                 |    |                 |              \ __________      | 192.168.5.4 (docker bridge) | |
      |                      |                   | __________      |    | __________      |              |[_..5050.__...°]^|-----------------------------| |
      |                      |                   |[_..2181.__...°] |<---|[_..2181.__...°] |<------------^|                 \ __________                  | |
      |                      |                   |                 |    |                 |              \ __________      |[_..5050.__...°]             | |
      |                      |                   |                 |    |                 |              |[_..2181.__...°]^| __________                  | |
      |                      |                   |                 |    |                 |              |                 \[_..2181.__...°]             | |
      |                      |                   |                 |    |                 |              |                 '-----------------------------' |
      '----------------------'                   '-----------------'    '-----------------'              '-------------------------------------------------'

However:

My domain infra redirect everthing that arrives from outside on ports 5050 (for Mesos) and port 2181 (zookeeper) ONLY for requests that are addressed to the domain 'my.domain.com' (which is a virtualhost of 39.224.147.94). But not for the other requests (that are arriving on 39.224.147.94).

So I try to execute the service through CLI for the moment:

  1. Execute Mesos Master(in Mesos Master Container)

/usr/sbin/mesos-master --ip=192.168.5.4 --work_dir=~/Mesos/mesos-0.23.0/workdir/ --zk=zk://192.168.5.4:2181/mesos --quorum=1 --log_dir=/var/log/mesos --external_log_file=/dev/stdout

  1. Execute Marathon (in Mesos Master Container)

/usr/bin/marathon --zk zk://192.168.5.4:2181/marathon --master zk://my.domain.com:2181/mesos

  1. Execute Mesos Slave (in Mesos Slave VM)

/usr/sbin/mesos-slave --master=my.domain.com:5050 --work_dir=/var/lib/mesos/agent --port=8009 --containerizers=docker --executor_registration_timeout=3mins --log_dir=/var/log/mesos

The Mesos Master can see the Slave resources. However, when I send a Job through Marathon, this job stay in a waiting state.

It seems that the slave is not able to communicate on the hostname of the Master, but only using it's public IP:

I have this in the Slave logs:

New master detected at master@39.224.147.94:5050

However incoming traffic on 39.224.147.94:5050 is blocked by my infra (only my.domain.com:5050 is accepted)

So, is it possible to create a connection between Master and Slaves, using domain names, but not IPs?

matt
  • 1,046
  • 1
  • 13
  • 26

1 Answers1

0

It's a bit confusing to bee honest. What I don't understand is that you seem to use the 192.168.5.4 ip for the Master process, but it's nowhere to be found in your diagram. I'd expect to use 39.224.147.94 instead.

Furthermore, I'd recommend to use the ip addresses instead of hostname in all connection strings, you're using a mixture...

Additionally, you can try to set the LIBPROCESS_IP environment variable to the respective ip addresses for the agent and Marathon processes.

Another question would be why you use such an old version of Mesos... Mesos 1.1.0 is out already!

Tobi
  • 31,405
  • 8
  • 58
  • 90