You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@mesos.apache.org by qi...@apache.org on 2019/09/16 00:42:37 UTC

[mesos] branch master updated (2e26323 -> f99ffab)

This is an automated email from the ASF dual-hosted git repository.

qianzhang pushed a change to branch master
in repository https://gitbox.apache.org/repos/asf/mesos.git.


    from 2e26323  Added MESOS-9965 to the 1.9.1 CHANGELOG.
     new d512dc2  Updated site information for the 1.9.0 release.
     new f99ffab  Added the Mesos 1.9.0 release blog post.

The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


Summary of changes:
 docs/building.md                                   |  4 +-
 site/data/releases.yml                             | 10 ++-
 .../source/blog/2019-09-05-mesos-1-9-0-released.md | 75 ++++++++++++++++++++++
 3 files changed, 85 insertions(+), 4 deletions(-)
 create mode 100644 site/source/blog/2019-09-05-mesos-1-9-0-released.md

[mesos] 02/02: Added the Mesos 1.9.0 release blog post.

Posted by qi...@apache.org.

This is an automated email from the ASF dual-hosted git repository.

qianzhang pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/mesos.git

commit f99ffab06694dcfcf62bf7250c56690a25d4d912
Author: Qian Zhang <zh...@gmail.com>
AuthorDate: Tue Sep 10 14:13:32 2019 +0800

    Added the Mesos 1.9.0 release blog post.
---
 .../source/blog/2019-09-05-mesos-1-9-0-released.md | 75 ++++++++++++++++++++++
 1 file changed, 75 insertions(+)

diff --git a/site/source/blog/2019-09-05-mesos-1-9-0-released.md b/site/source/blog/2019-09-05-mesos-1-9-0-released.md
new file mode 100644
index 0000000..a556e4b
--- /dev/null
+++ b/site/source/blog/2019-09-05-mesos-1-9-0-released.md
@@ -0,0 +1,75 @@
+---
+layout: post
+title: "Apache Mesos 1.9: Agent Draining, Quota Limit and Security Improvements"
+permalink: /blog/mesos-1-9-0-released/
+published: true
+post_author:
+  display_name: Qian Zhang & Gilbert Song
+tags: Release
+---
+
+We are excited to announce that Apache Mesos 1.9.0 is now available for [download](/downloads). Please take a look at what's new in this release!
+
+# New Features and Improvements
+
+## Agent Draining
+
+Automatic agent draining was added to allow operators to prepare agent nodes for maintenance without requiring schedulers to implement support for the feature. Since the pre-existing maintenance primitives offered by Mesos require that schedulers make changes, some operators have had difficulty using them effectively in clusters containing frameworks which have not done so. When automatic draining is initiated on an agent, all tasks are gracefully killed, and operators can monitor the ma [...]
+
+Agent deactivation and reactivation primitives were also added to the master API, allowing operators to stop and resume offers from particular agents. Used in concert with framework-specific APIs, this new functionality enables operators to perform manual draining of agent nodes in cases where greater control is desired.
+
+## Resource Management
+
+Prior to Mesos 1.9, the quota related APIs only exposed quota "guarantees" which ensured a minimum amount of resources would be available to a role. Setting guarantees also set implicit quota limits. In Mesos 1.9.0, quota limits are now exposed directly.
+
+* Quota guarantees are now deprecated in favor of using only quota limits. Enforcement of quota guarantees required that Mesos holds back enough resources to meet all of the unsatisfied quota guarantees. Since Mesos is moving towards an optimistic offer model (to improve multi-role / multi- scheduler scalability, see MESOS-1607), it will become no longer possible to enforce quota guarantees by holding back resources. In such a model, quota limits are simple to enforce, but quota guarante [...]
+
+* For these reasons, quota guarantees, while still functional in Mesos 1.9, are now deprecated. A combination of limits and priority based preemption will be simpler in an optimistic offer model.
+
+## Containerization
+
+A number of containerization-related improvements have landed in Mesos 1.9.0:
+
+* The Mesos containerizer now supports configurable IPC namespace and /dev/shm. Container can be configured to have a private IPC namespace and /dev/shm or share them from its parent, and the size of its private /dev/shm is also configurable.
+
+* A new `/containerizer/debug` HTTP endpoint has been added. This endpoint exposes debug information for the Mesos containerizer. At the moment, it returns a list of pending operations related to isolators and launchers.
+
+* A new Linux NNP (No New Privs) isolator has been added to the Mesos Containerizer. The isolator allows configuration of the [no_new_privs](https://www.kernel.org/doc/Documentation/prctl/no_new_privs.txt) flag for launched containers. The `no_new_privs` flag disables the ability of container tasks to acquire additional privileges by means of executing a child process e.g. through invocation of `setuid` or `setgid` programs. The flag is configurable on the agent and provides additional d [...]
+
+* A new `--docker_ignore_runtime` flag has been added. This causes the agent to ignore any runtime configuration present in Docker images.
+
+* The Mesos containerizer now includes ephemeral overlayfs storage in the task disk quota as well as sandbox storage.
+
+## Improved Security for TLS Connections
+
+Since Mesos 0.23, Mesos had support for using TLS [1] to encrypt the communication to and from Mesos components - the same protocol that secures `https`, `smtps`, and many others. Roughly speaking, every time a TLS client connects to a TLS server, that server will present a certificate signed by a trusted certificate authority which is used to verify the identity of the server.
+
+In Mesos, this behaviour is controlled by the environment variables `LIBPROCESS_SSL_VERIFY_CERT` and `LIBPROCESS_SSL_REQUIRE_CERT`. The former would do the cryptographic verification **if** a certificate was supplied, and the latter would reject all connections where no certificate was presented. This may sound straightforward, but this behaviour has proven challenging for Mesos operators, with many leaving TLS verification disabled in practice. The reason for that is that Mesos componen [...]
+
+Enabling server certificate validation in this scenario had the effect of requiring **all** incoming connections to present valid client certificates. This put an additional burden on operators to build infrastructure to distribute valid client certificates to all users of Mesos endpoints.
+
+With Mesos 1.9, we updated the semantics of both flags to be more aligned with the needs of Mesos operators:
+
+* `LIBPROCESS_SSL_VERIFY_CERT` now only applies to *server certificates*, which are always required for TLS connections. If it is set to true, the server certificate is verified for all outgoing connections.
+
+* `LIBPROCESS_SSL_REQUIRE_CERT` now only applies to *client certificates*: If it is set to true, all incoming connections must present a valid client certificate.
+
+By switching to the OpenSSL-provided API for hostname validation [2], we are able to improve security and make the behaviour more uniform across different platforms. We were also able to eliminate reverse DNS lookups while establishing a connection which improves reliability and performance.
+
+[1] https://en.wikipedia.org/wiki/Transport_Layer_Security
+
+[2] http://mesos.apache.org/documentation/latest/ssl/#libprocess_ssl_hostname_validation_scheme-legacy-openssl-default
+
+# Upgrade
+
+Upgrades from Mesos 1.8.0 to Mesos 1.9.0 should be straightforward. Please refer to the [upgrade guide](http://mesos.apache.org/documentation/latest/upgrades/) for detailed information on upgrading to Mesos 1.9.0.
+
+# Community
+
+Inspired by the work that went into this release? Want to get involved? Have feedback? We'd love to hear from you! Join a [working group](http://mesos.apache.org/community/#working-groups) or start a conversation in the [community](http://mesos.apache.org/community/)!
+
+# Thank you!
+
+Thanks to the 28 contributors who made Mesos 1.9.0 possible:
+
+Alexander Rukletsov, Andrei Budnik, Andrei Sekretenko, Armand Grillet, Bartosz Galek, Benjamin Bannier, Benjamin Mahler, Benno Evers, Bilal Amarni, Chun-Hung Hsiao, Gastón Kleiman, Gilbert Song, Greg Mann, Hans Beck, Jacob Janco, James Peach, James Wright, Jan Schlicht, Joseph Wu, Meng Zhu, Pavel Kirillov, Qian Zhang, Stéphane Cottin, Till Toenshoff, Tomasz Janiszewski, Vinod Kone, Zhitao Li, Fei Long

[mesos] 01/02: Updated site information for the 1.9.0 release.

Posted by qi...@apache.org.

This is an automated email from the ASF dual-hosted git repository.

qianzhang pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/mesos.git

commit d512dc2e11a27d12c438d31b6d18670eb9ddd615
Author: Qian Zhang <zh...@gmail.com>
AuthorDate: Mon Sep 9 14:45:28 2019 +0800

    Updated site information for the 1.9.0 release.
---
 docs/building.md       |  4 ++--
 site/data/releases.yml | 10 ++++++++--
 2 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/docs/building.md b/docs/building.md
index 4ee739a..fbcec23 100644
--- a/docs/building.md
+++ b/docs/building.md
@@ -11,8 +11,8 @@ There are different ways you can get Mesos:
 
 1\. Download the latest stable release from [Apache](http://mesos.apache.org/downloads/) (***Recommended***)
 
-    $ wget http://www.apache.org/dist/mesos/1.8.0/mesos-1.8.0.tar.gz
-    $ tar -zxf mesos-1.8.0.tar.gz
+    $ wget http://www.apache.org/dist/mesos/1.9.0/mesos-1.9.0.tar.gz
+    $ tar -zxf mesos-1.9.0.tar.gz
 
 2\. Clone the Mesos git [repository](https://gitbox.apache.org/repos/asf/mesos.git) (***Advanced Users Only***)
 
diff --git a/site/data/releases.yml b/site/data/releases.yml
index 79b2193..56146f0 100644
--- a/site/data/releases.yml
+++ b/site/data/releases.yml
@@ -3,8 +3,8 @@
 #   `versions` below.
 # * When publishing a new blog post, we need to append an item to `news` below.
 latest_stable:
-  version: 1.8.1
-  jira_version: 12345342
+  version: 1.9.0
+  jira_version: 12345244
 news:
 ## * If the news is used to announce a release version, the item structure is
 ##   - title: (required)
@@ -15,6 +15,10 @@ news:
 ##   - title: (required)
 ##     date: (required)
 ##     blog: (required)
+  - title: Mesos 1.9.0 is released!
+    date: September 5, 2019
+    target_version: 1.9.0
+    blog: mesos-1-9-0-released
   - title: Mesos 1.8.1 is released!
     date: July 29, 2019
     target_version: 1.8.1
@@ -204,6 +208,8 @@ versions:
 ##                 after we create the ReleaseNote for 0.28.1, we get the link:
 ##                 https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311242&version=12335359.
 ##                 At here, 12335359 is the jira_version of 0.28.1.
+  - version: 1.9.0
+    jira_version: 12345244
   - version: 1.8.0
     jira_version: 12343862
   - version: 1.5.3