You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@mesos.apache.org by ka...@apache.org on 2016/02/01 03:49:28 UTC
svn commit: r1727886 [12/16] - in /mesos/site: ./ publish/
publish/assets/img/documentation/ publish/community/ publish/documentation/
publish/documentation/allocation-module/
publish/documentation/app-framework-development-guide/
publish/documentation...
Modified: mesos/site/source/assets/css/main.css
URL: http://svn.apache.org/viewvc/mesos/site/source/assets/css/main.css?rev=1727886&r1=1727885&r2=1727886&view=diff
==============================================================================
--- mesos/site/source/assets/css/main.css (original)
+++ mesos/site/source/assets/css/main.css Mon Feb 1 02:49:25 2016
@@ -11,6 +11,15 @@ ul.breadcrumb {
width: 940px;
}
+pre {
+ overflow-x: auto;
+}
+
+pre code {
+ word-wrap: normal;
+ white-space: pre;
+}
+
/* Custom container */
.container > hr {
margin: 20px 0;
Modified: mesos/site/source/blog/2015-10-12-mesos-0-25-0-released.md
URL: http://svn.apache.org/viewvc/mesos/site/source/blog/2015-10-12-mesos-0-25-0-released.md?rev=1727886&r1=1727885&r2=1727886&view=diff
==============================================================================
--- mesos/site/source/blog/2015-10-12-mesos-0-25-0-released.md (original)
+++ mesos/site/source/blog/2015-10-12-mesos-0-25-0-released.md Mon Feb 1 02:49:25 2016
@@ -34,4 +34,3 @@ If you run into any issues, please let u
Thanks to the 40 contributors who made 0.25.0 possible:
Adam B, Aditi Dixit, Alex Clemmer, Alexander Rukletsov, Anand Mazumdar, Artem Harutyunyan, Ben Mahler, Bernd Mathiske, Chi Zhang, Cong Wang, Eijsermans, Eren Güve, Felix Abecassis, Greg Mann, Guangya Liu, Isabel Jimenez, James Peach, Jan Schlicht, Jiang Yan Xu, Jie Yu, Joerg Schad, Jojy Varghese, Joris Van Remoortere, Joseph Wu, Kapil Arya, Klaus Ma, Lily Chen, M Bauer, Marco Massenzio, Michael Park, Neil Conway, Niklas Nielsen, Paul Brett, Qian Zhang, Timothy Chen, Vaibhav Khanduja, Vinod Kone, Wojciech Sielski, Yong Qiao Wang and Haosdent Huang
-
Added: mesos/site/source/blog/2015-12-16-mesos-0-26-0-released.md
URL: http://svn.apache.org/viewvc/mesos/site/source/blog/2015-12-16-mesos-0-26-0-released.md?rev=1727886&view=auto
==============================================================================
--- mesos/site/source/blog/2015-12-16-mesos-0-26-0-released.md (added)
+++ mesos/site/source/blog/2015-12-16-mesos-0-26-0-released.md Mon Feb 1 02:49:25 2016
@@ -0,0 +1,35 @@
+---
+layout: post
+title: Apache Mesos 0.26.0 Released
+permalink: /blog/mesos-0-26-0-released/
+published: true
+post_author:
+ display_name: Till Toenshoff
+ twitter: ttoenshoff
+tags: Release
+---
+
+The latest Mesos release, 0.26.0, is now available for [download](http://mesos.apache.org/downloads).
+103+ bugfixes and improvements made it into this release.
+For full release notes with all features and bug fixes, please refer to the [CHANGELOG](https://git-wip-us.apache.org/repos/asf?p=mesos.git;a=blob_plain;f=CHANGELOG;hb=0.26.0).
+
+### Upgrades
+
+Rolling upgrades from a Mesos 0.25.0 cluster to Mesos 0.26.0 are straightforward. There are just some minor, backwards compatible deprecations.
+Please refer to the [upgrade guide](http://mesos.apache.org/documentation/latest/upgrades/) for detailed information on upgrading to Mesos 0.26.
+
+
+### Try it out
+
+We encourage you to try out this release and let us know what you think.
+If you run into any issues, please let us know on the [user mailing list and IRC](https://mesos.apache.org/community).
+
+### Thanks!
+
+Thanks to the 45 contributors who made 0.26.0 possible:
+
+Adam B, Alex Clemmer, Alexander Rojas, Alexander Rukletsov, Anand Mazumdar, Andrey Dyatlov, Artem Harutyunyan, Avinash sridharan, Benjamin Bannier,
+Benjamin Hindman, Benjamin Mahler, Bernd Mathiske, Bhuvan Arumugam, Chengwei Yang, Chi Zhang, Connor Doyle, Dave Lester, Elsmore, Felix Abecassis,
+Gastón Kleiman, Gilbert Song, Greg Mann, Guangya Liu, haosdent huang, Isabel Jimenez, James Peach, Jian Qiu, Jie Yu, Joerg Schad, Jojy Varghese,
+Jonathon Rossi, Joris Van Remoortere, Joseph Wu, Kapil Arya, Klaus Ma, Marco Massenzio, Michael Park, Neil Conway, Rossi, Spike Curtis,
+Till Toenshoff, Timothy Chen, Tomasz Janiszewski, Vinod Kone, Yong Qiao Wang
Modified: mesos/site/source/community.html.md
URL: http://svn.apache.org/viewvc/mesos/site/source/community.html.md?rev=1727886&r1=1727885&r2=1727886&view=diff
==============================================================================
--- mesos/site/source/community.html.md (original)
+++ mesos/site/source/community.html.md Mon Feb 1 02:49:25 2016
@@ -51,4 +51,8 @@ layout: community_section
<script>!function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0],p=/^http:/.test(d.location)?'http':'https';if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.src=p+"://platform.twitter.com/widgets.js";fjs.parentNode.insertBefore(js,fjs);}}(document,"script","twitter-wjs");</script>
</div>
+<div class="col-md-12">
+ <h3 name="calendar">Events Calendar</h3>
+ <iframe src="https://calendar.google.com/calendar/embed?src=2hecvndc0mnaqlir34cqnfvtak%40group.calendar.google.com" style="border: 0" width="100%" height="600" frameborder="0" scrolling="no"></iframe>
+</div>
</div>
Modified: mesos/site/source/documentation/latest.html.md
URL: http://svn.apache.org/viewvc/mesos/site/source/documentation/latest.html.md?rev=1727886&r1=1727885&r2=1727886&view=diff
==============================================================================
--- mesos/site/source/documentation/latest.html.md (original)
+++ mesos/site/source/documentation/latest.html.md Mon Feb 1 02:49:25 2016
@@ -12,14 +12,18 @@ layout: documentation
## Running Mesos
* [Getting Started](/documentation/latest/getting-started/) for basic instructions on compiling and installing Mesos.
+* [Upgrades](/documentation/latest/upgrades/) for upgrading a Mesos cluster.
* [Configuration](/documentation/latest/configuration/) for command-line arguments.
-* [Mesos Containerizer](/documentation/latest/containerizer/) default containerizer, supports both Linux and POSIX systems.
-* [Docker Containerizer](/documentation/latest/docker-containerizer/) for launching a Docker image as a Task, or as an Executor.
-* [External Containerizer](/documentation/latest/external-containerizer/) for custom containerization implementations.
+* [Containerizer](/documentation/latest/containerizer/) for containerizer overview and use cases.
+ * [Containerizer Internals](/documentation/latest/containerizer-internals/) for implementation details of containerizers.
+ * [Mesos Containerizer](/documentation/latest/mesos-containerizer/) default containerizer, supports both Linux and POSIX systems.
+ * [Docker Containerizer](/documentation/latest/docker-containerizer/) for launching a Docker image as a Task, or as an Executor.
+ * [External Containerizer](/documentation/latest/external-containerizer/) for custom containerization implementations (deprecated).
+* [Roles](/documentation/latest/roles/)
* [Framework Authentication](/documentation/latest/authentication/)
* [Framework Authorization](/documentation/latest/authorization/)
* [Framework Rate Limiting](/documentation/latest/framework-rate-limiting/)
-* [Logging and Debugging](/documentation/latest/logging-and-debugging/) for viewing Mesos and framework logs.
+* [Logging](/documentation/latest/logging/)
* [High Availability](/documentation/latest/high-availability/) for running multiple masters simultaneously.
* [Operational Guide](/documentation/latest/operational-guide/)
* [Monitoring](/documentation/latest/monitoring/)
@@ -28,28 +32,34 @@ layout: documentation
* [Maintenance](/documentation/latest/maintenance/) for performing maintenance on a Mesos cluster.
* [Tools](/documentation/latest/tools/) for setting up and running a Mesos cluster.
* [SSL](/documentation/latest/ssl/) for enabling and enforcing SSL communication.
+* [Mesos Image Provisioner](/documentation/latest/mesos-provisioner/) for provisioning container filesystems from different image formats.
## Advanced Features
-* [Attributes and Resources](/documentation/attributes-resources/) for how to describe the slaves that comprise a cluster.
+* [Attributes and Resources](/documentation/latest/attributes-resources/) for how to describe the slaves that comprise a cluster.
* [Fetcher Cache](/documentation/latest/fetcher/) for how to configure the Mesos fetcher cache.
* [Networking for Mesos-managed Containers](/documentation/latest/networking-for-mesos-managed-containers/)
* [Oversubscription](/documentation/latest/oversubscription/) for how to configure Mesos to take advantage of unused resources to launch "best-effort" tasks.
* [Persistent Volume](/documentation/latest/persistent-volume/) for how to allow tasks to access persistent storage resources.
-* [Reservation](/documentation/latest/reservation/) for how to configure Mesos to allow slaves to reserve resources.
+* [Quota](/documentation/latest/quota/) for how to configure Mesos to provide guaranteed resource allocations for use by a role.
+* [Reservation](/documentation/latest/reservation/) for how operators and frameworks can reserve resources on individual agents for use by a role.
## Running Mesos Frameworks
- * [Mesos frameworks](/documentation/latest/frameworks/) for a list of apps built on top of Mesos and instructions on how to run them.
+* [Mesos frameworks](/documentation/latest/frameworks/) for a list of apps built on top of Mesos and instructions on how to run them.
+* [Sandbox](/documentation/latest/sandbox/) describes a useful debugging arena for most users.
## Developing Mesos Frameworks
* [Framework Development Guide](/documentation/latest/app-framework-development-guide/) describes how to build applications on top of Mesos.
+* [Designing Highly Available Mesos Frameworks](/documentation/latest/high-availability-framework-guide/)
* [Reconciliation](/documentation/latest/reconciliation/) for ensuring a framework's state remains eventually consistent in the face of failures.
* [Scheduler HTTP API](/documentation/latest/scheduler-http-api/) describes the new HTTP API for communication between schedulers and the Mesos master.
+* [Executor HTTP API](/documentation/latest/executor-http-api/) describes the new HTTP API for communication between executors and the Mesos agent.
* [Javadoc](/api/latest/java/) documents the Mesos Java API.
* [Doxygen](/api/latest/c++/namespacemesos.html) documents the Mesos C++ API.
* [Developer Tools](/documentation/latest/tools/) for hacking on Mesos or writing frameworks.
+* [Versioning](/documentation/latest/versioning/) describes how Mesos does API and release versioning.
## Extending Mesos
Modified: mesos/site/source/documentation/latest/allocation-module.md
URL: http://svn.apache.org/viewvc/mesos/site/source/documentation/latest/allocation-module.md?rev=1727886&r1=1727885&r2=1727886&view=diff
==============================================================================
--- mesos/site/source/documentation/latest/allocation-module.md (original)
+++ mesos/site/source/documentation/latest/allocation-module.md Mon Feb 1 02:49:25 2016
@@ -65,4 +65,4 @@ mesos::modules::Module<Allocator> Extern
createExternalAllocator);
~~~
-Refer to the [Mesos Modules documentation](http://mesos.apache.org/documentation/latest/modules/) for instructions how to compile and load a module in Mesos master.
+Refer to the [Mesos Modules documentation](/documentation/latest/modules/) for instructions on how to compile and load a module in Mesos master.
Modified: mesos/site/source/documentation/latest/app-framework-development-guide.md
URL: http://svn.apache.org/viewvc/mesos/site/source/documentation/latest/app-framework-development-guide.md?rev=1727886&r1=1727885&r2=1727886&view=diff
==============================================================================
--- mesos/site/source/documentation/latest/app-framework-development-guide.md (original)
+++ mesos/site/source/documentation/latest/app-framework-development-guide.md Mon Feb 1 02:49:25 2016
@@ -71,7 +71,7 @@ virtual void resourceOffers(SchedulerDri
* whatever reason an offer is never rescinded (e.g., dropped
* message, failing over framework, etc.), a framework that attempts
* to launch tasks using an invalid offer will receive TASK_LOST
- * status updats for those tasks (see Scheduler::resourceOffers).
+ * status updates for those tasks (see Scheduler::resourceOffers).
*/
virtual void offerRescinded(SchedulerDriver* driver,
const OfferID& offerId) = 0;
@@ -114,6 +114,8 @@ virtual void slaveLost(SchedulerDriver*
* Invoked when an executor has exited/terminated. Note that any
* tasks running will have TASK_LOST status updates automagically
* generated.
+ *
+ * NOTE: This callback is not reliably delivered.
*/
virtual void executorLost(SchedulerDriver* driver,
const ExecutorID& executorId,
@@ -128,6 +130,9 @@ virtual void executorLost(SchedulerDrive
virtual void error(SchedulerDriver* driver, const std::string& message) = 0;
~~~
+### Handling Failures
+How to build Mesos frameworks that remain available in the face of failures is discussed in a [separate document](/documentation/latest/high-availability-framework-guide/).
+
## Working with Executors
### Using the Mesos Command Executor
Modified: mesos/site/source/documentation/latest/architecture.md
URL: http://svn.apache.org/viewvc/mesos/site/source/documentation/latest/architecture.md?rev=1727886&r1=1727885&r2=1727886&view=diff
==============================================================================
--- mesos/site/source/documentation/latest/architecture.md (original)
+++ mesos/site/source/documentation/latest/architecture.md Mon Feb 1 02:49:25 2016
@@ -6,11 +6,11 @@ layout: documentation
-The above figure shows the main components of Mesos. Mesos consists of a *master* daemon that manages *slave* daemons running on each cluster node, and *mesos applications* (also called *frameworks*) that run *tasks* on these slaves.
+The above figure shows the main components of Mesos. Mesos consists of a *master* daemon that manages *slave* daemons running on each cluster node, and *Mesos frameworks* that run *tasks* on these slaves.
-The master enables fine-grained sharing of resources (cpu, ram, ...) across applications by making them *resource offers*. Each resource offer contains a list of <slave ID, resource1: amount1, resource2, amount2, ...>. The master decides *how many* resources to offer to each framework according to a given organizational policy, such as fair sharing, or strict priority. To support a diverse set of policies, the master employs a modular architecture that makes it easy to add new allocation modules via a plugin mechanism.
+The master enables fine-grained sharing of resources (CPU, RAM, ...) across frameworks by making them *resource offers*. Each resource offer contains a list of <slave ID, resource1: amount1, resource2, amount2, ...>. The master decides *how many* resources to offer to each framework according to a given organizational policy, such as fair sharing or strict priority. To support a diverse set of policies, the master employs a modular architecture that makes it easy to add new allocation modules via a plugin mechanism.
-A framework running on top of Mesos consists of two components: a *scheduler* that registers with the master to be offered resources, and an *executor* process that is launched on slave nodes to run the framework's tasks (see the [App/Framework development guide](app-framework-development-guide.md) for more details about application schedulers and executors). While the master determines **how many** resources are offered to each framework, the frameworks' schedulers select **which** of the offered resources to use. When a frameworks accepts offered resources, it passes to Mesos a description of the tasks it wants to run on them. In turn, Mesos launches the tasks on the corresponding slaves.
+A framework running on top of Mesos consists of two components: a *scheduler* that registers with the master to be offered resources, and an *executor* process that is launched on slave nodes to run the framework's tasks (/documentation/latest/see the [App/Framework development guide](app-framework-development-guide/) for more details about framework schedulers and executors). While the master determines **how many** resources are offered to each framework, the frameworks' schedulers select **which** of the offered resources to use. When a frameworks accepts offered resources, it passes to Mesos a description of the tasks it wants to run on them. In turn, Mesos launches the tasks on the corresponding slaves.
## Example of resource offer
Modified: mesos/site/source/documentation/latest/attributes-resources.md
URL: http://svn.apache.org/viewvc/mesos/site/source/documentation/latest/attributes-resources.md?rev=1727886&r1=1727885&r2=1727886&view=diff
==============================================================================
--- mesos/site/source/documentation/latest/attributes-resources.md (original)
+++ mesos/site/source/documentation/latest/attributes-resources.md Mon Feb 1 02:49:25 2016
@@ -85,7 +85,7 @@ As a list of key:value pairs:
resourceRole : text | "*"
-Note that `resourceRole` must be one of the [roles](roles.md) that was defined when the Mesos master was started.
+Note that `resourceRole` must be a valid role name; see the [roles](/documentation/latest/roles/) documentation for details.
## Predefined Uses & Conventions
Modified: mesos/site/source/documentation/latest/authentication.md
URL: http://svn.apache.org/viewvc/mesos/site/source/documentation/latest/authentication.md?rev=1727886&r1=1727885&r2=1727886&view=diff
==============================================================================
--- mesos/site/source/documentation/latest/authentication.md (original)
+++ mesos/site/source/documentation/latest/authentication.md Mon Feb 1 02:49:25 2016
@@ -18,7 +18,7 @@ Mesos uses the [Cyrus SASL library](http
## Configuration
-The [configuration options](http://mesos.apache.org/documentation/latest/configuration/) that are used by the authentication mechanism are as follows:
+The [configuration options](/documentation/latest/configuration/) that are used by the authentication mechanism are as follows:
### Masters
Modified: mesos/site/source/documentation/latest/authorization.md
URL: http://svn.apache.org/viewvc/mesos/site/source/documentation/latest/authorization.md?rev=1727886&r1=1727885&r2=1727886&view=diff
==============================================================================
--- mesos/site/source/documentation/latest/authorization.md (original)
+++ mesos/site/source/documentation/latest/authorization.md Mon Feb 1 02:49:25 2016
@@ -4,176 +4,203 @@ layout: documentation
# Authorization
-Mesos 0.20.0 adds support for framework authorization. Authorization allows
+Authorization currently allows
- 1. Frameworks to (re-)register with authorized `roles`.
- 2. Frameworks to launch tasks/executors as authorized `users`.
- 3. Authorized `principals` to shutdown framework(s) through "/shutdown" HTTP endpoint.
+ 1. Frameworks to (re-)register with authorized _roles_.
+ 2. Frameworks to launch tasks/executors as authorized _users_.
+ 3. Authorized _principals_ to teardown frameworks through the "/teardown" HTTP endpoint.
+ 4. Authorized _principals_ to set and remove quotas through the "/quota" HTTP endpoint.
+ 5. Authorized _principals_ to reserve and unreserve resources through the "/reserve" and "/unreserve" HTTP endpoints, as well as with the `RESERVE` and `UNRESERVE` offer operations.
+ 6. Authorized _principals_ to create and destroy persistent volumes through the "/create-volumes" and "/destroy-volumes" HTTP endpoints, as well as with the `CREATE` and `DESTROY` offer operations.
## ACLs
-Authorization is implemented via Access Control Lists (ACLs). For each of the 3 cases described above there is a corresponding ACL(s) that can be set to restrict access. Operators can setup ACLs in JSON format. See [mesos.proto](https://github.com/apache/mesos/blob/master/include/mesos/mesos.proto) for details.
+Authorization is implemented via Access Control Lists (ACLs). For each of the above cases, ACLs can be used to restrict access. Operators can setup ACLs in JSON format. See [authorizer.proto](https://github.com/apache/mesos/blob/master/include/mesos/authorizer/authorizer.proto) for details.
Each ACL specifies a set of `Subjects` that can perform an `Action` on a set of `Objects`.
The currently supported `Actions` are:
-1. "register_frameworks": Register Frameworks
+1. "register_frameworks": Register frameworks
2. "run_tasks": Run tasks/executors
-3. "shutdown_frameworks": Shutdown frameworks
+3. "teardown_frameworks": Teardown frameworks
+4. "set_quotas": Set quotas
+5. "remove_quotas": Remove quotas
+6. "reserve_resources": Reserve resources
+7. "unreserve_resources": Unreserve resources
+8. "create_volumes": Create persistent volumes
+9. "destroy_volumes": Destroy persistent volumes
The currently supported `Subjects` are:
1. "principals"
- - Framework principals (used by "register_frameworks" and "run_tasks" actions)
- - Usernames (used by "shutdown_frameworks" action)
+ - Framework principals (used by "register_frameworks", "run_tasks", "reserve", "unreserve", "create_volumes", and "destroy_volumes" actions)
+ - Usernames (used by "teardown_frameworks", "set_quotas", "remove_quotas", "reserve", "unreserve", "create_volumes", and "destroy_volumes" actions)
The currently supported `Objects` are:
-1. "roles": Resource [roles](roles.md) that framework can register with (used by "register_frameworks" action)
-2. "users": Unix user to launch the task/executor as (used by "run_tasks" action)
-3. "framework_principals": Framework principals that can be shutdown by HTTP POST (used by "shutdown_frameworks" action).
+1. "roles": Resource [roles](/documentation/latest/roles/) that framework can register with (used by "register_frameworks" and "set_quotas" actions)
+2. "users": Unix user to launch the task/executor as (used by "run_tasks" actions)
+3. "framework_principals": Framework principals that can be torn down by HTTP POST (used by "teardown_frameworks" actions).
+4. "resources": Resources that can be reserved. Currently the only types considered by the default authorizer are `ANY` and `NONE` (used by "reserves" action).
+5. "reserver_principals": Framework principals whose reserved resources can be unreserved (used by "unreserves" action).
+6. "volume_types": Types of volumes that can be created by a given principal. Currently the only types considered by the default authorizer are `ANY` and `NONE` (used by "create_volumes" action).
+7. "creator_principals": Principals whose persistent volumes can be destroyed (used by "destroy_volumes" action).
+8. "quota_principals": Principals that set the quota to be removed (used by "remove_quotas" action)
-> NOTE: Both `Subjects` and `Objects` can take a list of strings or special values (`ANY` or `NONE`).
+> NOTE: Both `Subjects` and `Objects` can be either an array of strings or one of the special values `ANY` or `NONE`.
## How does it work?
The Mesos master checks the ACLs to verify whether a request is authorized or not.
-For example, when a framework (re-)registers with the master, the "register_frameworks" ACLs are checked to see if the framework (`FrameworkInfo.principal`) is authorized to receive offers for the given resource role (`FrameworkInfo.role`). If not authorized, the framework is not allowed to (re-)register and gets an `Error` message back (which aborts the scheduler driver).
+For example, when a framework (re-)registers with the master, "register_frameworks" ACLs are checked to see if the framework (`FrameworkInfo.principal`) is authorized to receive offers for the given resource role (`FrameworkInfo.role`). If not authorized, the framework is not allowed to (re-)register and gets an `Error` message back (which aborts the scheduler driver).
-Similarly, when a framework launches a task(s), "run_tasks" ACLs are checked to see if the framework (`FrameworkInfo.principal`) is authorized to run the task/executor as the given `user`. If not authorized, the launch is rejected and the framework gets a TASK_LOST.
+Similarly, when a framework launches a task, "run_tasks" ACLs are checked to see if the framework (`FrameworkInfo.principal`) is authorized to run the task/executor as the given user. If not authorized, the launch is rejected and the framework gets a TASK_LOST.
-In the same vein, when a user/principal attempts to shutdown a framework through the "/teardown" HTTP endpoint on the master, "shutdown_frameworks" ACLs are checked to see if the `principal` is authorized to shutdown the given framework. If not authorized, the shutdown is rejected and the user receives an `Unauthorized` HTTP response.
+In the same vein, when a user/principal attempts to teardown a framework using the "/teardown" HTTP endpoint on the master, "teardown_frameworks" ACLs are checked to see if the principal is authorized to teardown the given framework. If not authorized, the teardown is rejected and the user receives a `Forbidden` HTTP response.
+If no user/principal is provided in a request to an HTTP endpoint and authentication is disabled, the `ANY` subject is used in the authorization.
There are couple of important things to note:
-1. ACLs are matched in the order that they are setup. In other words, the first matching ACL determines whether a request is authorized or not.
+1. ACLs are matched in the order that they are specified. In other words, the first matching ACL determines whether a request is authorized or not.
-2. If none of the specified ACLs match the given request, whether the request is authorized or not is defined by `ACLs.permissive` field. By default this is "true" i.e., a non-matching request is authorized.
+2. If no ACLs match a request, whether the request is authorized or not is determined by the `ACLs.permissive` field. This is "true" by default -- i.e., non-matching requests are authorized.
## Examples
1. Frameworks `foo` and `bar` can run tasks as user `alice`.
- {
- "run_tasks": [
- {
- "principals": { "values": ["foo", "bar"] },
- "users": { "values": ["alice"] }
- }
- ]
- }
+ {
+ "run_tasks": [
+ {
+ "principals": { "values": ["foo", "bar"] },
+ "users": { "values": ["alice"] }
+ }
+ ]
+ }
2. Any framework can run tasks as user `guest`.
- {
- "run_tasks": [
- {
- "principals": { "type": "ANY" },
- "users": { "values": ["guest"] }
- }
- ]
- }
+ {
+ "run_tasks": [
+ {
+ "principals": { "type": "ANY" },
+ "users": { "values": ["guest"] }
+ }
+ ]
+ }
3. No framework can run tasks as `root`.
- {
- "run_tasks": [
- {
- "principals": { "type": "NONE" },
- "users": { "values": ["root"] }
- }
- ]
- }
-
+ {
+ "run_tasks": [
+ {
+ "principals": { "type": "NONE" },
+ "users": { "values": ["root"] }
+ }
+ ]
+ }
4. Framework `foo` can run tasks only as user `guest` and no other user.
- {
- "run_tasks": [
- {
- "principals": { "values": [ "foo" ] },
- "users": { "values": ["guest"] }
- },
- {
- "principals": { "values": [ "foo" ] },
- "users": { "type": "NONE" }
- }
- ]
- }
-
-
-
-
-5. Framework `foo` can register with `analytics` and `ads` roles.
-
- {
- "register_frameworks": [
- {
- "principals": { "values": ["foo"] },
- "roles": { "values": ["analytics", "ads"] }
- }
- ]
- }
-
-
-6. Only framework `foo` and no one else can register with `analytics` role.
-
- {
- "register_frameworks": [
- {
- "principals": { "values": ["foo"] },
- "roles": { "values": ["analytics"] }
- },
- {
- "principals": { "type": "NONE" },
- "roles": { "values": ["analytics"] }
- }
- ]
- }
-
-7. Framework `foo` can only register with `analytics` role but no other roles. Also, no other framework can register with any roles.
-
- {
- "permissive" : false,
-
- "register_frameworks": [
- {
- "principals": { "values": ["foo"] },
- "roles": { "values": ["analytics"] }
- }
- ]
- }
-
-
-8. Only `ops` principal can shutdown any frameworks through "/teardown" HTTP endpoint.
-
- {
- "permissive" : false,
-
- "shutdown_frameworks": [
- {
- "principals": { "values": ["ops"] },
- "framework_principals": { "type": "ANY" }
- }
- ]
- }
-
-
-## Enabling authorization
-
-As part of this feature, a new flag was added to the master.
-
-* `acls` : The value could be a JSON-formatted string of ACLs
- or a file path containing the JSON-formatted ACLs used
- for authorization. Path could be of the form 'file:///path/to/file'
- or '/path/to/file'.
- See the ACLs protobuf in mesos.proto for the expected format.
-
+ {
+ "run_tasks": [
+ {
+ "principals": { "values": ["foo"] },
+ "users": { "values": ["guest"] }
+ },
+ {
+ "principals": { "values": ["foo"] },
+ "users": { "type": "NONE" }
+ }
+ ]
+ }
+
+5. Framework `foo` can register with the `analytics` and `ads` roles.
+
+ {
+ "register_frameworks": [
+ {
+ "principals": {
+ "values": ["foo"]
+ },
+ "roles": {
+ "values": ["analytics", "ads"]
+ }
+ }
+ ]
+ }
+
+6. Only framework `foo` and no one else can register with the `analytics` role.
+
+ {
+ "register_frameworks": [
+ {
+ "principals": {
+ "values": ["foo"]
+ },
+ "roles": {
+ "values": ["analytics"]
+ }
+ },
+ {
+ "principals": {
+ "type": "NONE"
+ },
+ "roles": {
+ "values": ["analytics"]
+ }
+ }
+ ]
+ }
+
+7. Framework `foo` can only register with the `analytics` role but no other roles. Also, no other framework can register with any roles or run tasks.
+
+ {
+ "permissive": false,
+ "register_frameworks": [
+ {
+ "principals": {
+ "values": ["foo"]
+ },
+ "roles": {
+ "values": ["analytics"]
+ }
+ }
+ ]
+ }
+
+8. The `ops` principal can teardown any framework using the "/teardown" HTTP endpoint. No other framework can register with any roles or run tasks.
+
+ {
+ "permissive": false,
+ "teardown_frameworks": [
+ {
+ "principals": {
+ "values": ["ops"]
+ },
+ "framework_principals": {
+ "type": "ANY"
+ }
+ }
+ ]
+ }
+
+
+## Configuring authorization
+
+Authorization is configured by specifying the `--acls` flag when starting the master:
+
+* `acls`: The value could be a JSON-formatted string of ACLs
+ or a file path containing the JSON-formatted ACLs used
+ for authorization. Path could be of the form 'file:///path/to/file'
+ or '/path/to/file'.
+ See the ACLs protobuf in authorizer.proto for the expected format.
-**For the complete list of master options: ./mesos-master.sh --help**
+For more information on master command-line flags, see the
+[configuration](/documentation/latest/configuration/) page.
Modified: mesos/site/source/documentation/latest/c++-style-guide.md
URL: http://svn.apache.org/viewvc/mesos/site/source/documentation/latest/c%2B%2B-style-guide.md?rev=1727886&r1=1727885&r2=1727886&view=diff
==============================================================================
--- mesos/site/source/documentation/latest/c++-style-guide.md (original)
+++ mesos/site/source/documentation/latest/c++-style-guide.md Mon Feb 1 02:49:25 2016
@@ -4,7 +4,7 @@ layout: documentation
# Mesos C++ Style Guide
-The Mesos codebase follows the [Google C++ Style Guide](http://google-styleguide.googlecode.com/svn/trunk/cppguide.xml) with some notable differences, as described below. Note that the [clang-format](/documentation/latest/clang-format/) tool can be helpful to ensure that some of the mechanical style rules are obeyed.
+The Mesos codebase follows the [Google C++ Style Guide](/documentation/latest/http://google-styleguide.googlecode.com/svn/trunk/cppguide.xml) with some notable differences, as described below. Note that the [clang-format](clang-format/) tool can be helpful to ensure that some of the mechanical style rules are obeyed.
## Scoping
@@ -50,6 +50,20 @@ void Slave::statusUpdate(StatusUpdate up
## Comments
* End each sentence within a comment with a punctuation mark (please note that we generally prefer periods); this applies to incomplete sentences as well.
* For trailing comments, leave one space.
+* Use backticks when quoting code excerpts or object/variable/function names. For example:
+
+~~~{.cpp}
+// Use `SchedulerDriver::acceptOffers()` to send several offer
+// operations. This makes use of the `RESERVE()` and `UNRESERVE()`
+// helpers, which take a `Resources` object as input and produce
+// appropriate offer operations. Note that we are unreserving the
+// resources contained in `dynamicallyReserved1`.
+driver.acceptOffers({offer.id()},
+ {UNRESERVE(dynamicallyReserved1),
+ RESERVE(dynamicallyReserved2),
+ RESERVE(dynamicallyReserved3)},
+ filters);
+~~~
## Breaks
* Break before braces on enum, function, and record (i.e. struct, class, union) definitions.
@@ -58,13 +72,13 @@ void Slave::statusUpdate(StatusUpdate up
### Class Format
* Access modifiers are not indented (Google uses one space indentation).
-* Constructor initializers are indented by 2 spaces (Google indents by 4).
+* Constructor initializers are indented by two spaces (Google indents by four).
### Templates
* Leave one space after the `template` keyword, e.g. `template <typename T>` rather than `template<typename T>`.
### Function Definition/Invocation
-* Newline when calling or defining a function: indent with 4 spaces.
+* Newline when calling or defining a function: indent with four spaces.
* We do not follow Google's style of wrapping on the open parenthesis, the general goal is to reduce visual "jaggedness" in the code. Prefer (1), (4), (5), sometimes (3), never (2):
~~~{.cpp}
@@ -99,7 +113,7 @@ allocator->resourcesRecovered(
~~~
### Continuation
-* Newline for an assignment statement: indent with 2 spaces.
+* Newline for an assignment statement: indent with two spaces.
~~~{.cpp}
Try<Duration> failoverTimeout =
@@ -107,9 +121,22 @@ Try<Duration> failoverTimeout =
~~~
## Empty Lines
-* 1 blank line at the end of the file.
-* Elements outside classes (classes, structs, global functions, etc.) should be spaced apart by 2 blank lines.
-* Elements inside classes (member variables and functions) should not be spaced apart by more than 1 blank line.
+* One empty line at the end of the file.
+* Inside a code block, every multi-line statement should be followed by one empty line.
+
+~~~{.cpp}
+Try<very_very_long_type> long_name =
+ ::protobuf::parse<very_very_long_type>(
+ request);
+
+for (int i = 0; i < very_very_long_expression();
+ i++) {
+ // No empty line here for control constructs.
+}
+~~~
+
+* Elements outside classes (classes, structs, global functions, etc.) should be spaced apart by two empty lines.
+* Elements inside classes (member variables and functions) should not be spaced apart by more than one empty line.
## Capture by Reference
@@ -194,40 +221,73 @@ s += "world"; // THIS IS A DANGLING REFE
* Mesos source files must contain the "ASF" header:
- /**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
+ // Licensed to the Apache Software Foundation (ASF) under one
+ // or more contributor license agreements. See the NOTICE file
+ // distributed with this work for additional information
+ // regarding copyright ownership. The ASF licenses this file
+ // to you under the Apache License, Version 2.0 (the
+ // "License"); you may not use this file except in compliance
+ // with the License. You may obtain a copy of the License at
+ //
+ // http://www.apache.org/licenses/LICENSE-2.0
+ //
+ // Unless required by applicable law or agreed to in writing, software
+ // distributed under the License is distributed on an "AS IS" BASIS,
+ // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ // See the License for the specific language governing permissions and
+ // limitations under the License.
* Stout and libprocess source files must contain the "Apache License Version 2.0" header:
- /**
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License
- */
+ // Licensed under the Apache License, Version 2.0 (the "License");
+ // you may not use this file except in compliance with the License.
+ // You may obtain a copy of the License at
+ //
+ // http://www.apache.org/licenses/LICENSE-2.0
+ //
+ // Unless required by applicable law or agreed to in writing, software
+ // distributed under the License is distributed on an "AS IS" BASIS,
+ // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ // See the License for the specific language governing permissions and
+ // limitations under the License
+
+## Order of includes
+
+In addition to the ordering rules from the Google style guide, Mesos related headers are separated into sections. Newline to separate each section.
+Mesos related headers in `include` directories are partitioned by their subfolders, sorted alphabetically, and included using brackets.
+Header in `src` directories are included afterwards, using the same rules but with quotes instead of brackets.
+
+Example for `src/common/foo.cpp`:
+
+~~~{.cpp}
+#include "common/foo.hpp"
+
+#include <stdint.h>
+
+#include <string>
+#include <vector>
+
+#include <boost/circular_buffer.hpp>
+
+#include <mesos/mesos.hpp>
+#include <mesos/type_utils.hpp>
+
+#include <mesos/module/authenticator.hpp>
+
+#include <mesos/scheduler/scheduler.hpp>
+
+#include <process/http.hpp>
+#include <process/protobuf.hpp>
+
+#include <stout/foreach.hpp>
+#include <stout/hashmap.hpp>
+
+#include "common/build.hpp"
+#include "common/protobuf_utils.hpp"
+
+#include "master/flags.hpp"
+~~~
## C++11
Modified: mesos/site/source/documentation/latest/clang-format.md
URL: http://svn.apache.org/viewvc/mesos/site/source/documentation/latest/clang-format.md?rev=1727886&r1=1727885&r2=1727886&view=diff
==============================================================================
--- mesos/site/source/documentation/latest/clang-format.md (original)
+++ mesos/site/source/documentation/latest/clang-format.md Mon Feb 1 02:49:25 2016
@@ -6,7 +6,7 @@ layout: documentation
[ClangFormat](http://llvm.org/releases/3.5.1/tools/clang/docs/ClangFormat.html) is an automatic source code formatting tool which helps us focus on the code rather than the formatting.
-> The provided configurations try to honor the [Mesos C++ Style Guide](http://mesos.apache.org/documentation/latest/c++-style-guide/) as much as possible, but there are some limitations which require manual attention. Even with these limitations however, ClangFormat will be extremely useful for your workflow!
+> The provided configurations try to honor the [Mesos C++ Style Guide](/documentation/latest/c++-style-guide/) as much as possible, but there are some limitations which require manual attention. Even with these limitations however, ClangFormat will be extremely useful for your workflow!
## Setup
Modified: mesos/site/source/documentation/latest/committers.md
URL: http://svn.apache.org/viewvc/mesos/site/source/documentation/latest/committers.md?rev=1727886&r1=1727885&r2=1727886&view=diff
==============================================================================
--- mesos/site/source/documentation/latest/committers.md (original)
+++ mesos/site/source/documentation/latest/committers.md Mon Feb 1 02:49:25 2016
@@ -8,7 +8,7 @@ An Apache Mesos committer is a contribut
## Becoming a committer
-Every new committer has to be proposed by a current committer and then voted in by the members of the Mesos PMC. For details about this process and for candidate requirements see the general [Apache guidelines for assessing new candidates for committership](https://community.apache.org/newcommitter.html). Candidates prepare for their nomination as committer by contributing to the Mesos project and its community, by acting according to the [Apache Way](http://theapacheway.com), and by generally following the path [from contributor to committer](https://community.apache.org/contributors/) for Apache projects. Specifically for the Mesos project, you can make use of the [Apache Mesos Committer Candidate Checklist](/documentation/latest/committer-candidate-checklist/) for suggestions of what kind of contributions and demonstrated behaviors can be instrumental, and to keep track of your progress.
+Every new committer has to be proposed by a current committer and then voted in by the members of the Mesos PMC. For details about this process and for candidate requirements see the general [Apache guidelines for assessing new candidates for committership](/documentation/latest/https://community.apache.org/newcommitter.html). Candidates prepare for their nomination as committer by contributing to the Mesos project and its community, by acting according to the [Apache Way](http://theapacheway.com), and by generally following the path [from contributor to committer](https://community.apache.org/contributors/) for Apache projects. Specifically for the Mesos project, you can make use of the [Apache Mesos Committer Candidate Checklist](committer-candidate-checklist/) for suggestions of what kind of contributions and demonstrated behaviors can be instrumental, and to keep track of your progress.
## Current Committers
@@ -28,7 +28,7 @@ We'd like to thank the following committ
<tr>
<td>-8</td>
<td>Ross Allen</td>
- <td></td>
+ <td>Facebook</td>
<td></td>
<td>ssorallen@apache.org</td>
</tr>
@@ -43,7 +43,7 @@ We'd like to thank the following committ
<td>-8</td>
<td>Adam B</td>
<td>Mesosphere</td>
- <td></td>
+ <td>adam-mesos</td>
<td>me@apache.org</td>
</tr>
<tr>
@@ -70,7 +70,7 @@ We'd like to thank the following committ
<tr>
<td>-8</td>
<td>Dominic Hamon</td>
- <td></td>
+ <td>YouTube</td>
<td></td>
<td>dma@apache.org</td>
</tr>
@@ -91,14 +91,14 @@ We'd like to thank the following committ
<tr>
<td>-8</td>
<td>Vinod Kone</td>
- <td>Twitter</td>
+ <td>Mesosphere</td>
<td>vinodkone</td>
<td>vinodkone@apache.org</td>
</tr>
<tr>
<td>-8</td>
<td>Andy Konwinski</td>
- <td>UC Berkeley</td>
+ <td>Databricks</td>
<td></td>
<td>andrew@apache.org</td>
</tr>
@@ -112,7 +112,7 @@ We'd like to thank the following committ
<tr>
<td>-8</td>
<td>Benjamin Mahler</td>
- <td>Twitter</td>
+ <td>Mesosphere</td>
<td>bmahler</td>
<td>bmahler@apache.org</td>
</tr>
@@ -147,11 +147,18 @@ We'd like to thank the following committ
<tr>
<td>-8</td>
<td>Niklas Quarfot Nielsen</td>
- <td>Mesosphere</td>
+ <td>Intel</td>
<td>niq_</td>
<td>nnielsen@apache.org</td>
</tr>
<tr>
+ <td>-5</td>
+ <td>Michael Park</td>
+ <td>Mesosphere</td>
+ <td>mpark</td>
+ <td>mpark@apache.org</td>
+ </tr>
+ <tr>
<td>-8</td>
<td>Charles Reiss</td>
<td>UC Berkeley</td>
@@ -189,7 +196,7 @@ We'd like to thank the following committ
<tr>
<td>-8</td>
<td>Jie Yu</td>
- <td>Twitter</td>
+ <td>Mesosphere</td>
<td>jieyu</td>
<td>jieyu@apache.org</td>
</tr>