►
From YouTube: Mesos Developer Community Meeting (April 20, 2017)
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
E
B
Have
well
okay,
so
we
have
a
presentation
by
Greg
today
for
Education
Association
of
executives,
we
r
0
benadryl
on
the
agenda,
which
oh,
like
this,
whether
I
like
a
diamond
in
trouble
loading
tickets
and
that's
what
it
that's
all
we
have
on
the
never
know.
If
anyone
else
has
an
hour
topics
that
they
will
discuss,
one.
B
E
H
H
We
are
expecting
their
many
attendees
this
year
because
it's
held
it
in
Beijing
and
it's
in
the
National
Convention
Center.
It
is
the
biggest
crazy.
Then
people
host
conference
is
very
expensive.
There
are
many
family,
mrs.
user
in
Beijing
family
pic
guys
and
I.
Just
heard
like
this,
a
video
streaming
company
called.
H
C
C
G
H
B
H
I'm,
comparing
the
linux
foundation,
so
so
for
the
video
guessing
the
recording
of
the
conference
so
seriously,
we
don't
have
sufficient
recording
cuz,
we
just
record
couple
and
then
post
it
on
the
linux
foundation
website.
But
I
will
try
to
confirm
with
them
to
make
sure.
Like
me
all
the
video
for
each
Club
yeah.
G
Sweet
all
right,
so
we
are
nearing
the
end
of
the
implementation
of
executor
of
medication
and
authorization.
Most
the
code
has
landed
and
basis.
At
this
point,
the
authorization
code
is
currently
in
play
and
we'll
be
landing
really
soon.
So
it's
almost
wrapped
up
so
I'll
just
go
through
the
motivations
and
I'm
communication
get
in
and
we'll
do
a
short
little
demo
to
show
a
connection.
G
It's
uncertain
that
the
process
on
the
other
end
is
the
executives.
So
this
is
especially
relevant
in
a
multi-tenant
scenario
where
you
could
have
tasks
that
are
dealing
with
sensitive
data
running
next
to
paths
from
some
other
divisions
in
the
company
on
the
same
machine.
G
So
here's
an
example
attack
scenario
that
we
could
imagine
occurring
on
an
agent.
Let's
say
an
agent
launches
an
executor
and
there's
a
malicious
process
running
on
this
agent
as
well.
This
could
be
another
masive
ask
perhaps
run
by
someone
else
in
the
organization
and
once
that
executor
is
launched,
the
agent
is
going
to
accept
this
expect
a
subscription
from
that
executor.
G
So
we
can
have
a
process
that
is
repeatedly
attempting
to
subscribe.
If
it
knows
or
is
able
to
predict
the
framework,
ID
involved
and
perhaps
knows
the
executor
ID,
then
it
can
attempt
to
subscribe.
As
this
executor,
and
especially
with
the
executor
ID,
is
not
unreasonable
to
expect
that
someone
might
be
able
to
guess
this
or
might
have
knowledge
from
within
the
organization
that
would
allow
them
to
specify
the
executor
ID,
since
these
are
specified
by
the
framework.
G
So
if
this
process
is
repeatedly
attempting
a
subscription,
it
could
succeed
at
the
moment
that
this
executor
is
launched,
but
before
it
is
actually
subscribed
with
the
agent,
and
if
that
subscription
is
successful,
it
could
then
receive
launch
events
from
the
agent
which
could
contain
sensitive
information
labels
or
data
sent
from
the
framework,
and
you
can
potentially
watch
tasks
and
status
updates
to
the
frameworks
and
messages.
So.
C
G
I
think
this
case
is
potentially
like
this
case
could
be
especially
bad,
because
we
know
that
immediately
after
that
subscription
you're
going
to
guess
your
events
that
could
contain
privileged
information
but
you're
right,
even
in
the
case
of
an
existing
executor.
That's
already
running
you
could
subscribe
and
it
will
terminate
the
existing
connection.
G
So
one
thing
we
considered
early
on
was
whether
we
could
obviate
the
need
for
executive
education
by
implementing
UNIX
domain
socket
communication
for
executives.
So
we
decided
not
to
go
this
route.
We
decided
it
wasn't
sufficient
for
a
few
reasons,
one
that
it
wouldn't
be
platform
independent.
So
if
we
want
a
window
support
it's
possible,
we
could
also
do
a
similar
thing
on
windows
with
named
pipes
which
windows
does
have,
but
we
would
need
two
implementations
for
this.
Going.
The
authentication
route
with
a
token
allows
us
one
implementation
that
works
for
both
platforms.
G
G
We
may
want
frameworks
to
be
able
to
pass
identities
down
for
their
executives
to
use,
but
in
the
short
term,
we
wanted
a
system
that
wouldn't
require
framework
updates
to
start
enabling
this
feature
so
we're
relying
on
a
couple
modules.
So
we
implemented
a
few
new
modules
in
order
to
make
this
happen,
so
the
authorizer
module
it's
already
around
the
local
authorizer
and
that
interface
exists.
One
new
module
that
we
added
is
this
secret
generator
module.
So
the
basic
idea
is
that
we're
generating
/
executor
tokens.
G
G
All
right,
so
we
also
be
combined
authenticator,
so
the
combined
Authenticator
holds
ownership
of
a
couple
Authenticator
modules
and
then
calls
them
in
series
and
returns
the
first
successful
result.
So
this
is
something
that
was
kind
of
anticipated.
Previously,
the
existing
flags
for
HTTP
authenticators
use
the
plurals.
We
were
expecting
at
some
point.
We
would
support
multiple
authenticators
and
this
project
gave
us
an
impetus
to
actually
have
that
support.
G
So
there's
a
Mesa
to
level
up
educator
called
the
combined
Authenticator
that
allows
you
to
load
multiple
authenticators
into
it
and
it'll
take
care
of
calling
them
and
returning
a
successful
result.
If
it
I'm,
plum,
I
guess
I'd
swappers
turn
around
and
we
have
the
JWT
authenticators.
This
is
a
new
Authenticator
module.
G
It's
pretty
simple.
We
now
have
a
value
field
in
the
principal,
so
it's
represented
as
a
struct.
Since
this
is
a
lib
process
object
we
represented
as
a
struct
instead
of
a
pro
buff
message.
It
has
a
value
which
is
optional,
so
that's
equivalent
to
the
existing
string
principle
that
we've
been
using
in
the
code
base.
We
now
also
have
a
hashmap
of
claims,
so
you
can
store
arbitrary
key
value
pairs,
and
this
is
where
we're
identifying
the
executives.
G
G
The
framework
subscription
like
when
a
framework
subscribes
and
we
store
its
principal.
We
still
store
that
as
a
string
and
we
will
migrate
in
the
future
to
using
this
destruct
in
there,
but
for
the
MVP
we
haven't
gone
there
yet
and
we
added
some
implicit
authorization
rules
for
executives.
So
these
have
been
added
partly
to
the
local
authorizer,
hardly
to
the
executor
API
handler,
but
we've
added
implicit
rules
that
basically
allow
executives
to
do
things
to
themselves.
So
they
can
subscribe
as
themselves.
G
They
can
launch
nessa
containers
within
themselves,
we're
just
verifying
that
they
are
not
trying
to
do
something
to
another
executor
or
as
another
executor,
and
another
important
point
is
that
this
is
all
being
added
just
for
the
v1
HTTP
API,
so
HTTP
executives
can
authenticate.
That's
a
CP
command
executives.
Custom
htp
executor
saw
their
default,
HTTP
executor,
but
v-0
executives
do
not
have
authentication.
G
G
When
an
agent
goes
to
launch
a
new
executor,
it
is
first
going
to
call
into
this
secret
generator
to
generate
an
authentication
token
for
it.
So
it
presents
the
secret
generator
with
a
principal
and
the
secret
should
the
contract
with
the
generators
that
it
should
return.
An
authentication
token
that,
when
presented
to
the
Authenticator,
will
return
that
principle,
so
we
pass
it
an
authentication
show
again
that
contains
these
or
we
pass
it
a
principal.
G
Rather
that
can
change
these
claims
and
the
secret
generator
returns
an
authentication
token
that
we
can
present
to
the
Authenticator
and
get
those
claims
back.
So
that
token
is
then
injected
into
the
executor.
Currently
we
injected
into
the
environment
of
the
process
in
the
future,
so
file-based
secrets
are
on
the
road
map
and
main
those
are
being
thought
about
in
general,
and
we
would
like
to
switch
to
using
tempeh
fest
based
file-based
secret
in
the
future,
because
that
will
be
more
secure.
G
The
executor
them
provides
that
token
to
the
agent.
When
submitting
calls
so
when
it
subscribes,
it
places
this
token
in
the
authorization
header
and
the
agent
then
well.
So
strictly
speaking,
this
is
happening
at
the
lib
process
level.
That
process
invokes
the
authenticator.
This
JWT
Authenticator
will
get
called
it'll
validate
the
signature.
G
On
that
token
and
return
a
principal,
the
agent
then
confirms
that
that
principle
is
able
to
perform
this
action,
so
that
could
be
calling
into
the
authorizer
for
the
operator
API,
where
the
authorizer
will
validate
that
this
executor
can
perform
this
action
on
the
given
container
ID
or
in
the
executor
API.
The
handler
would
verify
that
this
executor
is
attempting
to
subscribe
as
itself
and
not
of
someone
else.
G
F
G
So
I'm
going
to
run
simple
master
with
not
too
many
arguments,
but
when
running
the
agent
I'm
going
to
specify
some
flags,
so
a
couple
of
these
are
new
flags
that
we've
added
one
of
them
is
this
authenticate
HTTP
executor
supply.
So
this
enables
required
authentication
on
a
new
realm
which
a
new
education
realm
in
which
the
executor
API
sits.
The
executor
endpoint.
G
We
also
have
this
executor
secret
PFLAG,
so
when
using
the
default
secret
generator
in
the
default
data,
BG
authenticator
just
lets,
you
specify
the
key.
That's
going
to
be
used
to
sign
the
tokens
that
are
generated
and
then
will
be
used
to
validate
the
signature
on
those
tokens
and
then
we're
setting
the
HTTP
command
executor
so
that
when
we
use
mates,
sxq
will
get
the
correct
executor
and.
J
G
G
A
G
Yeah,
so
to
run
a
failed
task,
we're
going
to
use
me.
It's
us,
execute
simple
command
and
we're
going
to
override
this
environment
variable
which
is
used
to
communicate
the
authentication
token
to
the
executor.
So
the
executor
will
come
alive
and
not
have
the
chokin
it
needs
in
order
to
authenticate.
G
G
G
G
G
G
G
G
We
can
define
an
interface
that
will
allow
developers
to
place
authentication,
locker
yeah
place
the
authentic,
a
Teesside
of
authentication
logic
in
HTTP,
executives
and
schedulers
right
now.
This
is
just
hard
coded
into
the
default
executor,
but
by
making
this
modular,
someone
could
use
a
custom
seeker,
generator
a
custom
Authenticator
and
then
have
a
custom
authentication
module
that
plays
nicely
with
that
authenticator.
G
We
also
want
to
move
to
file
based
secrets
that
will
be
more
secure.
In
the
long
run,
we
will
move
all
of
the
implicit
authorization
into
the
authorizer,
so
there's
already
a
little
bit
of
implicit
operas
ation
in
the
scheduler
API,
because
we
we
verify
that
a
schedulers
principle
is
the
same
as
the
principal
stored
in
its
framework
info.
So
we
we
don't
allow
a
scheduler
with
a
different
principle
to
do
something
as
well.
So
a
framework
can
only
do
things
as
its
own
principal,
and
this
is
just
verified
in
the
HTTP
scheduler
handler.
G
It's
implicit
in
the
be
0
API
since
that
happy
off
n
occation
happens
once
and
then
a
persistent
TCP
connection
is
established
and
all
subsequent
calls
occurred
over
that
connection,
so
that
that
the
constant
nature
of
the
principal
is
implicit
in
that
scenario.
So
this
check
just
exists
in
the
scheduler
API
to
verify
that
that's
the
case.
G
So
open
SSL
is
needed
in
order
to
build
the
JWT
components,
but
you
don't
necessarily
need
to
build
meses
with
ssl
socket
support
in
order
to
build
the
jwg
components
you
just
have
to
have
openssl
available,
so
we
haven't
yet
updated
the
build
system
to
allow
you
to
build
a
JWT
stuff
when
ssl
is
around
without
also
building
us.
A
cell
socket
support
in
and
I
definitely
like
to
thank
the
node.
After
all,
his
help
reviewing
designing
yarm
did
a
lot
of
work
on
this
as
well,
and
Anand
also
helped
out
a
lot.
G
D
B
Great
thanks,
Greg
no
problem,
so
only
other
topic
that
we
have
an
agenda
is
gr
management.
B
B
C
So
for
the
external
ones,
the
league
team,
that's
an
active
and
that
we
work
on
is
this
combo
right,
friends,
okay,
yeah
and
then
how
many
new
users
I
should
know
about
that
spring,
but
maybe
they
get
emails
and
someone
omits
the
sprint
and
creates
in
a
non-stick
history,
with
over
the
Apache,
mrs.
French
that
we,
the
mesosphere,
sprint
sprint
in
SS.
Oh,
you
know
what.
B
C
Expenditure
sure
on
itself,
so
that's
the
only
thing,
that's
probably
visible
and
that's
actually
have
come
today.
I,
don't
have
a
combo
board
yeah.
You
also
have
a
count
on
both,
but
I.
Don't
think
we
regularly
look
at
that,
one
to
make
sure
that's
up
to
date
and
we
we
don't
do
any
kind
of
triaging
all
that
one
at
some
point.
B
and
Artem
spend
some
time
I'm
trying
to
curate
this,
but
we
never
a
kind
of
finished
it.
So
bad
board
is
I.
C
Guess
the
very
first
food
in
SF
to
actually
go
to
rapid
board
dot.
Jsp
and
I've.
Been
you
equal
to
one,
that's
sort
of
what
would
you
say?
So
if
you
look
at
the
dashboards
that
are
in
SF
yeah
I,
our
dashboard
name,
the
convert
hunbun
boots
number
is
one,
so
that's
a
very
first
flash
poison
ever
created
in
SF,
obviously
a
Buick
and
up
pretty
early
in
the
game
when
we
didn't
keep
it
up
to
date.
Obviously,
but
that's
the
boat
that
we
have
yes,
so
yeah.
So
we
share.
B
B
C
C
B
C
C
Yeah,
I
guess
im
go
to
the
class
one
another
one
Archie,
research
yeah,
this
one
is
probably
little
better
commuter
feel
like
because
this
one
had
things
that
were
accepted,
not
everything
about
file,
but
something
that
we
are
through
it.
He
actually
accepted
at
something
is
worth
working
on
under
stuff.
That's
in
progress
stuff,
that's
reviewable!
That
stuff!
That's
done
so
I!
Think
that's
in
progress
and
reviewable
I
think
that
that
they
accurate
description
of
what's
happening
on
what
we
are
doing
in
progress.
C
C
G
C
C
C
We
need
to
filter
criteria,
for
what
I
accepted
means
that
when
is
something
accepted,
is
it
something
when
there's
someone
who
decides
to
work
on
it
like
this
mess,
I
me
and
maybe
there's
a
shepherd.
That's
when
Trisha
probably
accepted
make
a
commitment
from
people
for
writing
it
and
reviewing
it.
Maybe
that's
something
that
could
take
it
again
from
on
exactly
the
reason.
C
K
C
That
stone
is
bordered
kept
up
to
date
and
we're
trying
to
see
you
can
keep
at
it
on
the
board
up
to
date,
where
other
people
are
working
on,
the
gay
guys
do
scrums
on
the
on
SF
at
Apple.
I
guess
not!
C
K
So
in
terms
of
you
know,
grooming,
the
backlog
and
determining
what
should
be
accepted,
and
and
what
should
you
know
what
we
can
assign
people
on
I
guess
it's
inherently
well
be
based
on
each
organization's
priority
and
you
know
time,
but
if
we
can
remove
that
and
just
focus
on
the
Torah's
themselves,
I
guess
it
is,
it
can
probably
something
can
probably
organized
that
we
just
a
bunch
of
people
spending
some
time,
grooming
them
right.
C
K
Not
saying
each
organization
is
going
to
do,
do
it
in
an
open
but
I'm
saying
that,
besides
these
internal
planning's,
we
can
probably
organize
some
periodic
events
where
we
just
basically
doing
this
together
and
look
look
at
the
backlog
and
determined
based
on
merits
and
and
our
roadmap.
The
asf,
mrs.
Rowe
map
and
and
shared
opinions
on
I,
don't
know
whether
that'll
be
helpful.
K
J
K
Because
I
feel
there
are
two
parts
of
things
one
is.
My
organization
may
have
my
internal
priority,
which
determines
what
I
will
be
working
on.
However,
we
as
a
community
can
probably
determine
whether
this
makes
sense
more
than
that,
and
this
definitely
looks
something
that's
like
low
or
hanging
fruit,
which
is
also
valuable.
So
we
should
probably
prioritize
that
kind
of
prioritization
which
I'm
happy
to
participate.
C
Yeah
so
should
be
like
do
that
in
one
of
the
community
sings
or
do
you
think
we
should
do
it
as
one
of
the
one
of
the
word
group
meetings
should
we
do
this
irregularity
doing
that,
take
some
time
getting
a
become
interesting
to
groom
it's
like
15
minutes
or
something
or
is
it
not
enough
time,
I
mission
for
a
bit
more
face-to-face
in
group
meetings?
Oh
yeah.
K
B
It's
a
10-yard
who
shows
up
to
the
meet
the
community
meetings,
but
but
not
everyone's
gonna
have
strong
enough
opinions
on
whether
it's
your
ticket
is
worth
accepting
or
not
in
a
room
up
or
even
this
room
is
like
right.
K
C
B
K
K
A
C
J
So
that
I
think
the
American
team
has
kind
of
reviewed
a
bunch
of
their
tickets
because
they
just
move
them
all
into
jira
for
the
first
time
and
their
process
was
kind
of
to
dump
them
all
into
buckets,
and
then
d
jube
everything
first
and
then
try
and
like
prioritize
it
after
they
were
pretty
confident
that
they
didn't
have
a
million
it's
all
over
the
place,
and
so
that
kind
of
two
step
process
I
didn't
get
any
feedback
on
whether
it
work
for
them
or
not.
J
The
other
thing
with
that
approaches
that
you
might
get
two
different
types
of
people
interested
in
the
different
steps
of
of
triage
me.
Cuz
like
it
would
be
like
a
beginner
user
of
nato's
and
just
like
get
familiar
with
the
tickets
by
dropping
them
into
buckets.
But
you
kind
of
need
to
be
a
little
more
familiar
with
it
to
like
recognize,
duplicates
and
even
more
familiar
to
prioritize.
So
this.
C
C
Tag
to
get
his
life
groups
different
world
oops
and
those
work
groups
are
responsible
for
rising
within
that
component
at
least
saturday.
A
better
idea
like,
for
example,
contain
laser.
They
can.
They
can
I
serve
ideas
within
that
like
what
are
always
intended
to
lick
it
to
them
and
then
maybe
API
stuff.
Maybe
someone
can
prioritize
if
you
survive,
you
can
do
it
like
what
you
look
waste
and
the
security
security
dictator
tickets.
E
How
can
I
think
that
Mitchell
immaculate
tomorrow
seem
simple,
more
scalable?
If
you
give
it
two
more
groups
yeah
or
like
yes,
we
could
also
go
to.
A
B
C
B
B
C
Yeah,
I
think,
is
the
connect
working
there's
coming.
Yes,
like
a
message
of
kinda
temperature.
Also
kind
of
fraud,
see
forward
group
trip
yep
contain
riser,
you
have
a
shape
api,
we
have
see
make
stuff,
they
are
networking
yeah.
So
those
are
like
there's
some
already
a
busy
slide
channels
there
we're
on,
we
could
make
punished.
One
corresponds
with
that
to
working
groups
are
active
and
we
can
have
people
I
get
within
networking
group
by
tagging
it
I
can
to
get
some
odd
and
lunches
for
groups
28.
B
Oh
yeah,
please
also.
We
could
also
be
like
a
similar
one
could
also
maybe
do
some
coding
or
later
going
for
like
send
it
up
or
not,
rather
than
exciting,
all
the
tickets
to
everyone
to
try
to.
Essentially
that's
what
happens
when,
like
five
people
get
together
and
try
to
get
the
thing
on,
we
just
have
broken
down
further
and
said:
well,
here's
a
puzzle
to
take
a
look
in
categories
on
both
vessel,
so
I
what
happens
with
my
conferences
where
you.
B
B
We're
gonna
say
that
it
because
it's
easier
to
get
people
to
few
things
when
you
projected
to
them,
as
opposed
to
like
say
they
would
like
gay
people
to
give
talks
like
to
reach
out
to
them
like,
if
I
to
say
anybody
who
was
the
talk.
Just
come
to
me
like
like.
Oh,
please,
go,
take
a
look
at
the
board
and
do
some
stuff,
because.
J
C
No,
let's
say
that's
a
good
idea:
they
may
we
can
write
a
column
vector
what
group
meetings
are
Americans
forward
to
see
what
you
can
do.
Okay,
we
can
each
target
process.
Okay,
great
something
looks
like
jurors
that
the
only
communist
left
is
almost
end
up.
Hey
we're
going
to
chat
about
bring
up
something
on
to
magenta.
Oh.
B
Yeah
Sonia
are
going
to
be
1.3
release
address,
so
I
created
that
forward.
I
have
it
for
general
hospital
days,
but
personally,
but
from
wherever
they're
worth
your
time.
Okay,.
B
Anyway,
so
for
people
who
are
working
on
stuff,
please
push
it
to
carbon
or
or
or
if
you
can
get
it
in
then
mark
it
as
a
clunker,
it's
a
barker
or
whatever
please
manage.
The
thing
is
that
your
friend
working
on
cue
reflects
what
you
want
and
when
I
need
I
need
to
cut
the
cut
at
the
end
of
this
week
so
tomorrow,
but
I
think
there
are
too
many
issues
that
are
open.
For
my
remember
support.
You
know.
C
Try
to
get
us,
I
canna
stuff
from
1-3
by
this
week,
sir
man,
so
basically
the
messages
for
people
to
get
their
stuff
for
1t
kind
of
this
weekend,
/
cut
on
there
Tuesday
rule,
81
and
1.4
is
just
like
a
couple
months
of
a
red
shirts,
hardly
anything
else
to
go
into
13.
What
wait
a
couple
more
realistic,
coming
on
once
and
produce
some
more
testing,
don't
rush
it
for
one
day
would
birthday.
Oh
cool
thanks.