You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@mesos.apache.org by ka...@apache.org on 2016/02/01 03:49:28 UTC
svn commit: r1727886 [4/16] - in /mesos/site: ./ publish/
publish/assets/img/documentation/ publish/community/ publish/documentation/
publish/documentation/allocation-module/
publish/documentation/app-framework-development-guide/
publish/documentation/...
Modified: mesos/site/publish/documentation/high-availability/index.html
URL: http://svn.apache.org/viewvc/mesos/site/publish/documentation/high-availability/index.html?rev=1727886&r1=1727885&r2=1727886&view=diff
==============================================================================
--- mesos/site/publish/documentation/high-availability/index.html (original)
+++ mesos/site/publish/documentation/high-availability/index.html Mon Feb 1 02:49:25 2016
@@ -81,10 +81,12 @@
<p>See our <a href="/community/">community</a> page for more details.</p>
</div>
<div class="col-md-8">
- <h1>Mesos High Availability Mode</h1>
+ <h1>Mesos High-Availability Mode</h1>
<p>If the Mesos master is unavailable, existing tasks can continue to execute, but new resources cannot be allocated and new tasks cannot be launched. To reduce the chance of this situation occurring, Mesos has a high-availability mode that uses multiple Mesos masters: one active master (called the <em>leader</em> or leading master) and several <em>backups</em> in case it fails. The masters elect the leader, with <a href="http://zookeeper.apache.org/">Apache ZooKeeper</a> both coordinating the election and handling leader detection by masters, slaves, and scheduler drivers. More information regarding <a href="http://zookeeper.apache.org/doc/trunk/recipes.html#sc_leaderElection">how leader election works</a> is available on the Apache Zookeeper website.</p>
+<p>This document describes how to configure Mesos to run in high-availability mode. For more information on developing highly available frameworks, see a <a href="/documentation/latest/high-availability-framework-guide/">companion document</a>.</p>
+
<p><strong>Note</strong>: This document assumes you know how to start, run, and work with ZooKeeper, whose client library is included in the standard Mesos build.</p>
<h2>Usage</h2>
@@ -98,7 +100,7 @@
<ul>
<li><p>Start the mesos-master binaries using the <code>--zk</code> flag, e.g. <code>--zk=zk://host1:port1,host2:port2,.../path</code></p></li>
<li><p>Start the mesos-slave binaries with <code>--master=zk://host1:port1,host2:port2,.../path</code></p></li>
-<li><p>Start any framework schedulers using the same <code>zk</code> path as in the last two steps. The SchedulerDriver must be constructed with this path, as shown in the <a href="http://mesos.apache.org/documentation/latest/app-framework-development-guide/">Framework Development Guide</a>.</p></li>
+<li><p>Start any framework schedulers using the same <code>zk</code> path as in the last two steps. The SchedulerDriver must be constructed with this path, as shown in the <a href="/documentation/latest/app-framework-development-guide/">Framework Development Guide</a>.</p></li>
</ul>
</li>
</ol>
@@ -106,7 +108,7 @@
<p>From now on, the Mesos masters and slaves all communicate with ZooKeeper to find out which master is the current leading master. This is in addition to the usual communication between the leading master and the slaves.</p>
-<p>Refer to the <a href="http://mesos.apache.org/documentation/latest/app-framework-development-guide/">Scheduler API</a> for how to deal with leadership changes.</p>
+<p>Refer to the <a href="/documentation/latest/app-framework-development-guide/">Scheduler API</a> for how to deal with leadership changes.</p>
<h2>Component Disconnection Handling</h2>
@@ -134,7 +136,7 @@
<ul>
<li><p>The slave fails health checks from the leader.</p></li>
-<li><p>The leader marks the slave as deactivated and sends its tasks to the LOST state. The <a href="http://mesos.apache.org/documentation/latest/app-framework-development-guide/">Framework Development Guide</a> describes these various task states.</p></li>
+<li><p>The leader marks the slave as deactivated and sends its tasks to the LOST state. The <a href="/documentation/latest/app-framework-development-guide/">Framework Development Guide</a> describes these various task states.</p></li>
<li><p>Deactivated slaves may not re-register with the leader and are told to shut down upon any post-deactivation communication.</p></li>
</ul>
Modified: mesos/site/publish/documentation/index.html
URL: http://svn.apache.org/viewvc/mesos/site/publish/documentation/index.html?rev=1727886&r1=1727885&r2=1727886&view=diff
==============================================================================
--- mesos/site/publish/documentation/index.html (original)
+++ mesos/site/publish/documentation/index.html Mon Feb 1 02:49:25 2016
@@ -95,15 +95,22 @@
<ul>
<li><a href="/documentation/latest/getting-started/">Getting Started</a> for basic instructions on compiling and installing Mesos.</li>
+<li><a href="/documentation/latest/upgrades/">Upgrades</a> for upgrading a Mesos cluster.</li>
<li><a href="/documentation/latest/configuration/">Configuration</a> for command-line arguments.</li>
-<li><a href="/documentation/latest/containerizer/">Mesos Containerizer</a> default containerizer, supports both Linux and POSIX systems.</li>
+<li><a href="/documentation/latest/containerizer/">Containerizer</a> for containerizer overview and use cases.
+
+<ul>
+<li><a href="/documentation/latest/containerizer-internals/">Containerizer Internals</a> for implementation details of containerizers.</li>
+<li><a href="/documentation/latest/mesos-containerizer/">Mesos Containerizer</a> default containerizer, supports both Linux and POSIX systems.</li>
<li><a href="/documentation/latest/docker-containerizer/">Docker Containerizer</a> for launching a Docker image as a Task, or as an Executor.</li>
-<li><a href="/documentation/latest/external-containerizer/">External Containerizer</a> for custom containerization implementations.</li>
+<li><a href="/documentation/latest/external-containerizer/">External Containerizer</a> for custom containerization implementations (deprecated).</li>
+</ul>
+</li>
<li><a href="/documentation/latest/roles/">Roles</a></li>
<li><a href="/documentation/latest/authentication/">Framework Authentication</a></li>
<li><a href="/documentation/latest/authorization/">Framework Authorization</a></li>
<li><a href="/documentation/latest/framework-rate-limiting/">Framework Rate Limiting</a></li>
-<li><a href="/documentation/latest/logging-and-debugging/">Logging and Debugging</a> for viewing Mesos and framework logs.</li>
+<li><a href="/documentation/latest/logging/">Logging</a></li>
<li><a href="/documentation/latest/high-availability/">High Availability</a> for running multiple masters simultaneously.</li>
<li><a href="/documentation/latest/operational-guide/">Operational Guide</a></li>
<li><a href="/documentation/latest/monitoring/">Monitoring</a></li>
@@ -112,18 +119,20 @@
<li><a href="/documentation/latest/maintenance/">Maintenance</a> for performing maintenance on a Mesos cluster.</li>
<li><a href="/documentation/latest/tools/">Tools</a> for setting up and running a Mesos cluster.</li>
<li><a href="/documentation/latest/ssl/">SSL</a> for enabling and enforcing SSL communication.</li>
+<li><a href="/documentation/latest/mesos-provisioner/">Mesos Image Provisioner</a> for provisioning container filesystems from different image formats.</li>
</ul>
<h2>Advanced Features</h2>
<ul>
-<li><a href="/documentation/attributes-resources/">Attributes and Resources</a> for how to describe the slaves that comprise a cluster.</li>
+<li><a href="/documentation/latest/attributes-resources/">Attributes and Resources</a> for how to describe the slaves that comprise a cluster.</li>
<li><a href="/documentation/latest/fetcher/">Fetcher Cache</a> for how to configure the Mesos fetcher cache.</li>
<li><a href="/documentation/latest/networking-for-mesos-managed-containers/">Networking for Mesos-managed Containers</a></li>
<li><a href="/documentation/latest/oversubscription/">Oversubscription</a> for how to configure Mesos to take advantage of unused resources to launch “best-effort” tasks.</li>
<li><a href="/documentation/latest/persistent-volume/">Persistent Volume</a> for how to allow tasks to access persistent storage resources.</li>
-<li><a href="/documentation/latest/reservation/">Reservation</a> for how to configure Mesos to allow slaves to reserve resources.</li>
+<li><a href="/documentation/latest/quota/">Quota</a> for how to configure Mesos to provide guaranteed resource allocations for use by a role.</li>
+<li><a href="/documentation/latest/reservation/">Reservation</a> for how operators and frameworks can reserve resources on individual agents for use by a role.</li>
</ul>
@@ -131,6 +140,7 @@
<ul>
<li><a href="/documentation/latest/frameworks/">Mesos frameworks</a> for a list of apps built on top of Mesos and instructions on how to run them.</li>
+<li><a href="/documentation/latest/sandbox/">Sandbox</a> describes a useful debugging arena for most users.</li>
</ul>
@@ -138,11 +148,14 @@
<ul>
<li><a href="/documentation/latest/app-framework-development-guide/">Framework Development Guide</a> describes how to build applications on top of Mesos.</li>
+<li><a href="/documentation/latest/high-availability-framework-guide/">Designing Highly Available Mesos Frameworks</a></li>
<li><a href="/documentation/latest/reconciliation/">Reconciliation</a> for ensuring a framework’s state remains eventually consistent in the face of failures.</li>
<li><a href="/documentation/latest/scheduler-http-api/">Scheduler HTTP API</a> describes the new HTTP API for communication between schedulers and the Mesos master.</li>
+<li><a href="/documentation/latest/executor-http-api/">Executor HTTP API</a> describes the new HTTP API for communication between executors and the Mesos agent.</li>
<li><a href="/api/latest/java/">Javadoc</a> documents the Mesos Java API.</li>
<li><a href="/api/latest/c++/namespacemesos.html">Doxygen</a> documents the Mesos C++ API.</li>
<li><a href="/documentation/latest/tools/">Developer Tools</a> for hacking on Mesos or writing frameworks.</li>
+<li><a href="/documentation/latest/versioning/">Versioning</a> describes how Mesos does API and release versioning.</li>
</ul>
Modified: mesos/site/publish/documentation/latest/allocation-module/index.html
URL: http://svn.apache.org/viewvc/mesos/site/publish/documentation/latest/allocation-module/index.html?rev=1727886&r1=1727885&r2=1727886&view=diff
==============================================================================
--- mesos/site/publish/documentation/latest/allocation-module/index.html (original)
+++ mesos/site/publish/documentation/latest/allocation-module/index.html Mon Feb 1 02:49:25 2016
@@ -146,7 +146,7 @@ mesos::modules::Module<Allocator>
createExternalAllocator);
</code></pre>
-<p>Refer to the <a href="http://mesos.apache.org/documentation/latest/modules/">Mesos Modules documentation</a> for instructions how to compile and load a module in Mesos master.</p>
+<p>Refer to the <a href="/documentation/latest/modules/">Mesos Modules documentation</a> for instructions on how to compile and load a module in Mesos master.</p>
</div>
</div>
Modified: mesos/site/publish/documentation/latest/app-framework-development-guide/index.html
URL: http://svn.apache.org/viewvc/mesos/site/publish/documentation/latest/app-framework-development-guide/index.html?rev=1727886&r1=1727885&r2=1727886&view=diff
==============================================================================
--- mesos/site/publish/documentation/latest/app-framework-development-guide/index.html (original)
+++ mesos/site/publish/documentation/latest/app-framework-development-guide/index.html Mon Feb 1 02:49:25 2016
@@ -149,7 +149,7 @@ virtual void resourceOffers(SchedulerDri
* whatever reason an offer is never rescinded (e.g., dropped
* message, failing over framework, etc.), a framework that attempts
* to launch tasks using an invalid offer will receive TASK_LOST
- * status updats for those tasks (see Scheduler::resourceOffers).
+ * status updates for those tasks (see Scheduler::resourceOffers).
*/
virtual void offerRescinded(SchedulerDriver* driver,
const OfferID& offerId) = 0;
@@ -192,6 +192,8 @@ virtual void slaveLost(SchedulerDriver*
* Invoked when an executor has exited/terminated. Note that any
* tasks running will have TASK_LOST status updates automagically
* generated.
+ *
+ * NOTE: This callback is not reliably delivered.
*/
virtual void executorLost(SchedulerDriver* driver,
const ExecutorID& executorId,
@@ -206,6 +208,10 @@ virtual void executorLost(SchedulerDrive
virtual void error(SchedulerDriver* driver, const std::string& message) = 0;
</code></pre>
+<h3>Handling Failures</h3>
+
+<p>How to build Mesos frameworks that remain available in the face of failures is discussed in a <a href="/documentation/latest/high-availability-framework-guide/">separate document</a>.</p>
+
<h2>Working with Executors</h2>
<h3>Using the Mesos Command Executor</h3>
Modified: mesos/site/publish/documentation/latest/architecture/index.html
URL: http://svn.apache.org/viewvc/mesos/site/publish/documentation/latest/architecture/index.html?rev=1727886&r1=1727885&r2=1727886&view=diff
==============================================================================
--- mesos/site/publish/documentation/latest/architecture/index.html (original)
+++ mesos/site/publish/documentation/latest/architecture/index.html Mon Feb 1 02:49:25 2016
@@ -83,19 +83,19 @@
<div class="col-md-8">
<h1>Mesos Architecture</h1>
-<p><img src="/assets/img/documentation/architecture3.jpg" alt="Mesos Architecture" /></p>
+<p><img src="images/architecture3.jpg" alt="Mesos Architecture" /></p>
-<p>The above figure shows the main components of Mesos. Mesos consists of a <em>master</em> daemon that manages <em>slave</em> daemons running on each cluster node, and <em>mesos applications</em> (also called <em>frameworks</em>) that run <em>tasks</em> on these slaves.</p>
+<p>The above figure shows the main components of Mesos. Mesos consists of a <em>master</em> daemon that manages <em>slave</em> daemons running on each cluster node, and <em>Mesos frameworks</em> that run <em>tasks</em> on these slaves.</p>
-<p>The master enables fine-grained sharing of resources (cpu, ram, …) across applications by making them <em>resource offers</em>. Each resource offer contains a list of <slave ID, resource1: amount1, resource2, amount2, …>. The master decides <em>how many</em> resources to offer to each framework according to a given organizational policy, such as fair sharing, or strict priority. To support a diverse set of policies, the master employs a modular architecture that makes it easy to add new allocation modules via a plugin mechanism.</p>
+<p>The master enables fine-grained sharing of resources (CPU, RAM, …) across frameworks by making them <em>resource offers</em>. Each resource offer contains a list of <slave ID, resource1: amount1, resource2, amount2, …>. The master decides <em>how many</em> resources to offer to each framework according to a given organizational policy, such as fair sharing or strict priority. To support a diverse set of policies, the master employs a modular architecture that makes it easy to add new allocation modules via a plugin mechanism.</p>
-<p>A framework running on top of Mesos consists of two components: a <em>scheduler</em> that registers with the master to be offered resources, and an <em>executor</em> process that is launched on slave nodes to run the framework’s tasks (see the <a href="/documentation/latest/app-framework-development-guide/">App/Framework development guide</a> for more details about application schedulers and executors). While the master determines <strong>how many</strong> resources are offered to each framework, the frameworks' schedulers select <strong>which</strong> of the offered resources to use. When a frameworks accepts offered resources, it passes to Mesos a description of the tasks it wants to run on them. In turn, Mesos launches the tasks on the corresponding slaves.</p>
+<p>A framework running on top of Mesos consists of two components: a <em>scheduler</em> that registers with the master to be offered resources, and an <em>executor</em> process that is launched on slave nodes to run the framework’s tasks (/documentation/latest/see the <a href="app-framework-development-guide/">App/Framework development guide</a> for more details about framework schedulers and executors). While the master determines <strong>how many</strong> resources are offered to each framework, the frameworks' schedulers select <strong>which</strong> of the offered resources to use. When a frameworks accepts offered resources, it passes to Mesos a description of the tasks it wants to run on them. In turn, Mesos launches the tasks on the corresponding slaves.</p>
<h2>Example of resource offer</h2>
<p>The figure below shows an example of how a framework gets scheduled to run a task.</p>
-<p><img src="/assets/img/documentation/architecture-example.jpg" alt="Mesos Architecture" /></p>
+<p><img src="images/architecture-example.jpg" alt="Mesos Architecture" /></p>
<p>Let’s walk through the events in the figure.</p>
Modified: mesos/site/publish/documentation/latest/attributes-resources/index.html
URL: http://svn.apache.org/viewvc/mesos/site/publish/documentation/latest/attributes-resources/index.html?rev=1727886&r1=1727885&r2=1727886&view=diff
==============================================================================
--- mesos/site/publish/documentation/latest/attributes-resources/index.html (original)
+++ mesos/site/publish/documentation/latest/attributes-resources/index.html Mon Feb 1 02:49:25 2016
@@ -168,7 +168,7 @@ key : text ( "(" resourceRole ")" )?
resourceRole : text | "*"
</code></pre>
-<p>Note that <code>resourceRole</code> must be one of the <a href="/documentation/latest/roles/">roles</a> that was defined when the Mesos master was started.</p>
+<p>Note that <code>resourceRole</code> must be a valid role name; see the <a href="/documentation/latest/roles/">roles</a> documentation for details.</p>
<h2>Predefined Uses & Conventions</h2>
Modified: mesos/site/publish/documentation/latest/authentication/index.html
URL: http://svn.apache.org/viewvc/mesos/site/publish/documentation/latest/authentication/index.html?rev=1727886&r1=1727885&r2=1727886&view=diff
==============================================================================
--- mesos/site/publish/documentation/latest/authentication/index.html (original)
+++ mesos/site/publish/documentation/latest/authentication/index.html Mon Feb 1 02:49:25 2016
@@ -100,7 +100,7 @@
<h2>Configuration</h2>
-<p>The <a href="http://mesos.apache.org/documentation/latest/configuration/">configuration options</a> that are used by the authentication mechanism are as follows:</p>
+<p>The <a href="/documentation/latest/configuration/">configuration options</a> that are used by the authentication mechanism are as follows:</p>
<h3>Masters</h3>
Modified: mesos/site/publish/documentation/latest/authorization/index.html
URL: http://svn.apache.org/viewvc/mesos/site/publish/documentation/latest/authorization/index.html?rev=1727886&r1=1727885&r2=1727886&view=diff
==============================================================================
--- mesos/site/publish/documentation/latest/authorization/index.html (original)
+++ mesos/site/publish/documentation/latest/authorization/index.html Mon Feb 1 02:49:25 2016
@@ -83,27 +83,36 @@
<div class="col-md-8">
<h1>Authorization</h1>
-<p>Mesos 0.20.0 adds support for framework authorization. Authorization allows</p>
+<p>Authorization currently allows</p>
<ol>
-<li>Frameworks to (re-)register with authorized <code>roles</code>.</li>
-<li>Frameworks to launch tasks/executors as authorized <code>users</code>.</li>
-<li>Authorized <code>principals</code> to shutdown framework(s) through “/shutdown” HTTP endpoint.</li>
+<li>Frameworks to (re-)register with authorized <em>roles</em>.</li>
+<li>Frameworks to launch tasks/executors as authorized <em>users</em>.</li>
+<li>Authorized <em>principals</em> to teardown frameworks through the “/teardown” HTTP endpoint.</li>
+<li>Authorized <em>principals</em> to set and remove quotas through the “/quota” HTTP endpoint.</li>
+<li>Authorized <em>principals</em> to reserve and unreserve resources through the “/reserve” and “/unreserve” HTTP endpoints, as well as with the <code>RESERVE</code> and <code>UNRESERVE</code> offer operations.</li>
+<li>Authorized <em>principals</em> to create and destroy persistent volumes through the “/create-volumes” and “/destroy-volumes” HTTP endpoints, as well as with the <code>CREATE</code> and <code>DESTROY</code> offer operations.</li>
</ol>
<h2>ACLs</h2>
-<p>Authorization is implemented via Access Control Lists (ACLs). For each of the 3 cases described above there is a corresponding ACL(s) that can be set to restrict access. Operators can setup ACLs in JSON format. See <a href="https://github.com/apache/mesos/blob/master/include/mesos/mesos.proto">mesos.proto</a> for details.</p>
+<p>Authorization is implemented via Access Control Lists (ACLs). For each of the above cases, ACLs can be used to restrict access. Operators can setup ACLs in JSON format. See <a href="https://github.com/apache/mesos/blob/master/include/mesos/authorizer/authorizer.proto">authorizer.proto</a> for details.</p>
<p>Each ACL specifies a set of <code>Subjects</code> that can perform an <code>Action</code> on a set of <code>Objects</code>.</p>
<p>The currently supported <code>Actions</code> are:</p>
<ol>
-<li>“register_frameworks”: Register Frameworks</li>
+<li>“register_frameworks”: Register frameworks</li>
<li>“run_tasks”: Run tasks/executors</li>
-<li>“shutdown_frameworks”: Shutdown frameworks</li>
+<li>“teardown_frameworks”: Teardown frameworks</li>
+<li>“set_quotas”: Set quotas</li>
+<li>“remove_quotas”: Remove quotas</li>
+<li>“reserve_resources”: Reserve resources</li>
+<li>“unreserve_resources”: Unreserve resources</li>
+<li>“create_volumes”: Create persistent volumes</li>
+<li>“destroy_volumes”: Destroy persistent volumes</li>
</ol>
@@ -113,8 +122,8 @@
<li>“principals”
<ul>
-<li>Framework principals (used by “register_frameworks” and “run_tasks” actions)</li>
-<li>Usernames (used by “shutdown_frameworks” action)</li>
+<li>Framework principals (used by “register_frameworks”, “run_tasks”, “reserve”, “unreserve”, “create_volumes”, and “destroy_volumes” actions)</li>
+<li>Usernames (used by “teardown_frameworks”, “set_quotas”, “remove_quotas”, “reserve”, “unreserve”, “create_volumes”, and “destroy_volumes” actions)</li>
</ul>
</li>
</ol>
@@ -123,29 +132,36 @@
<p>The currently supported <code>Objects</code> are:</p>
<ol>
-<li>“roles”: Resource <a href="/documentation/latest/roles/">roles</a> that framework can register with (used by “register_frameworks” action)</li>
-<li>“users”: Unix user to launch the task/executor as (used by “run_tasks” action)</li>
-<li>“framework_principals”: Framework principals that can be shutdown by HTTP POST (used by “shutdown_frameworks” action).</li>
+<li>“roles”: Resource <a href="/documentation/latest/roles/">roles</a> that framework can register with (used by “register_frameworks” and “set_quotas” actions)</li>
+<li>“users”: Unix user to launch the task/executor as (used by “run_tasks” actions)</li>
+<li>“framework_principals”: Framework principals that can be torn down by HTTP POST (used by “teardown_frameworks” actions).</li>
+<li>“resources”: Resources that can be reserved. Currently the only types considered by the default authorizer are <code>ANY</code> and <code>NONE</code> (used by “reserves” action).</li>
+<li>“reserver_principals”: Framework principals whose reserved resources can be unreserved (used by “unreserves” action).</li>
+<li>“volume_types”: Types of volumes that can be created by a given principal. Currently the only types considered by the default authorizer are <code>ANY</code> and <code>NONE</code> (used by “create_volumes” action).</li>
+<li>“creator_principals”: Principals whose persistent volumes can be destroyed (used by “destroy_volumes” action).</li>
+<li>“quota_principals”: Principals that set the quota to be removed (used by “remove_quotas” action)</li>
</ol>
-<blockquote><p>NOTE: Both <code>Subjects</code> and <code>Objects</code> can take a list of strings or special values (<code>ANY</code> or <code>NONE</code>).</p></blockquote>
+<blockquote><p>NOTE: Both <code>Subjects</code> and <code>Objects</code> can be either an array of strings or one of the special values <code>ANY</code> or <code>NONE</code>.</p></blockquote>
<h2>How does it work?</h2>
<p>The Mesos master checks the ACLs to verify whether a request is authorized or not.</p>
-<p>For example, when a framework (re-)registers with the master, the “register_frameworks” ACLs are checked to see if the framework (<code>FrameworkInfo.principal</code>) is authorized to receive offers for the given resource role (<code>FrameworkInfo.role</code>). If not authorized, the framework is not allowed to (re-)register and gets an <code>Error</code> message back (which aborts the scheduler driver).</p>
+<p>For example, when a framework (re-)registers with the master, “register_frameworks” ACLs are checked to see if the framework (<code>FrameworkInfo.principal</code>) is authorized to receive offers for the given resource role (<code>FrameworkInfo.role</code>). If not authorized, the framework is not allowed to (re-)register and gets an <code>Error</code> message back (which aborts the scheduler driver).</p>
-<p>Similarly, when a framework launches a task(s), “run_tasks” ACLs are checked to see if the framework (<code>FrameworkInfo.principal</code>) is authorized to run the task/executor as the given <code>user</code>. If not authorized, the launch is rejected and the framework gets a TASK_LOST.</p>
+<p>Similarly, when a framework launches a task, “run_tasks” ACLs are checked to see if the framework (<code>FrameworkInfo.principal</code>) is authorized to run the task/executor as the given user. If not authorized, the launch is rejected and the framework gets a TASK_LOST.</p>
-<p>In the same vein, when a user/principal attempts to shutdown a framework through the “/teardown” HTTP endpoint on the master, “shutdown_frameworks” ACLs are checked to see if the <code>principal</code> is authorized to shutdown the given framework. If not authorized, the shutdown is rejected and the user receives an <code>Unauthorized</code> HTTP response.</p>
+<p>In the same vein, when a user/principal attempts to teardown a framework using the “/teardown” HTTP endpoint on the master, “teardown_frameworks” ACLs are checked to see if the principal is authorized to teardown the given framework. If not authorized, the teardown is rejected and the user receives a <code>Forbidden</code> HTTP response.</p>
+
+<p>If no user/principal is provided in a request to an HTTP endpoint and authentication is disabled, the <code>ANY</code> subject is used in the authorization.</p>
<p>There are couple of important things to note:</p>
<ol>
-<li><p>ACLs are matched in the order that they are setup. In other words, the first matching ACL determines whether a request is authorized or not.</p></li>
-<li><p>If none of the specified ACLs match the given request, whether the request is authorized or not is defined by <code>ACLs.permissive</code> field. By default this is “true” i.e., a non-matching request is authorized.</p></li>
+<li><p>ACLs are matched in the order that they are specified. In other words, the first matching ACL determines whether a request is authorized or not.</p></li>
+<li><p>If no ACLs match a request, whether the request is authorized or not is determined by the <code>ACLs.permissive</code> field. This is “true” by default – i.e., non-matching requests are authorized.</p></li>
</ol>
@@ -154,121 +170,140 @@
<ol>
<li><p>Frameworks <code>foo</code> and <code>bar</code> can run tasks as user <code>alice</code>.</p>
-<pre><code> {
- "run_tasks": [
- {
- "principals": { "values": ["foo", "bar"] },
- "users": { "values": ["alice"] }
- }
- ]
- }
+<pre><code> {
+ "run_tasks": [
+ {
+ "principals": { "values": ["foo", "bar"] },
+ "users": { "values": ["alice"] }
+ }
+ ]
+ }
</code></pre></li>
<li><p>Any framework can run tasks as user <code>guest</code>.</p>
-<pre><code> {
- "run_tasks": [
- {
- "principals": { "type": "ANY" },
- "users": { "values": ["guest"] }
- }
- ]
- }
+<pre><code> {
+ "run_tasks": [
+ {
+ "principals": { "type": "ANY" },
+ "users": { "values": ["guest"] }
+ }
+ ]
+ }
</code></pre></li>
<li><p>No framework can run tasks as <code>root</code>.</p>
-<pre><code> {
- "run_tasks": [
- {
- "principals": { "type": "NONE" },
- "users": { "values": ["root"] }
- }
- ]
- }
+<pre><code> {
+ "run_tasks": [
+ {
+ "principals": { "type": "NONE" },
+ "users": { "values": ["root"] }
+ }
+ ]
+ }
</code></pre></li>
<li><p>Framework <code>foo</code> can run tasks only as user <code>guest</code> and no other user.</p>
-<pre><code> {
- "run_tasks": [
- {
- "principals": { "values": [ "foo" ] },
- "users": { "values": ["guest"] }
- },
- {
- "principals": { "values": [ "foo" ] },
- "users": { "type": "NONE" }
- }
- ]
- }
-</code></pre></li>
-<li><p>Framework <code>foo</code> can register with <code>analytics</code> and <code>ads</code> roles.</p>
-
-<pre><code> {
- "register_frameworks": [
- {
- "principals": { "values": ["foo"] },
- "roles": { "values": ["analytics", "ads"] }
- }
- ]
- }
-</code></pre></li>
-<li><p>Only framework <code>foo</code> and no one else can register with <code>analytics</code> role.</p>
-
-<pre><code> {
- "register_frameworks": [
- {
- "principals": { "values": ["foo"] },
- "roles": { "values": ["analytics"] }
- },
- {
- "principals": { "type": "NONE" },
- "roles": { "values": ["analytics"] }
- }
- ]
- }
-</code></pre></li>
-<li><p>Framework <code>foo</code> can only register with <code>analytics</code> role but no other roles. Also, no other framework can register with any roles.</p>
-
-<pre><code> {
- "permissive" : false,
-
- "register_frameworks": [
- {
- "principals": { "values": ["foo"] },
- "roles": { "values": ["analytics"] }
- }
- ]
- }
-</code></pre></li>
-<li><p>Only <code>ops</code> principal can shutdown any frameworks through “/teardown” HTTP endpoint.</p>
-
-<pre><code> {
- "permissive" : false,
-
- "shutdown_frameworks": [
- {
- "principals": { "values": ["ops"] },
- "framework_principals": { "type": "ANY" }
- }
- ]
- }
+<pre><code> {
+ "run_tasks": [
+ {
+ "principals": { "values": ["foo"] },
+ "users": { "values": ["guest"] }
+ },
+ {
+ "principals": { "values": ["foo"] },
+ "users": { "type": "NONE" }
+ }
+ ]
+ }
+</code></pre></li>
+<li><p>Framework <code>foo</code> can register with the <code>analytics</code> and <code>ads</code> roles.</p>
+
+<pre><code> {
+ "register_frameworks": [
+ {
+ "principals": {
+ "values": ["foo"]
+ },
+ "roles": {
+ "values": ["analytics", "ads"]
+ }
+ }
+ ]
+ }
+</code></pre></li>
+<li><p>Only framework <code>foo</code> and no one else can register with the <code>analytics</code> role.</p>
+
+<pre><code> {
+ "register_frameworks": [
+ {
+ "principals": {
+ "values": ["foo"]
+ },
+ "roles": {
+ "values": ["analytics"]
+ }
+ },
+ {
+ "principals": {
+ "type": "NONE"
+ },
+ "roles": {
+ "values": ["analytics"]
+ }
+ }
+ ]
+ }
+</code></pre></li>
+<li><p>Framework <code>foo</code> can only register with the <code>analytics</code> role but no other roles. Also, no other framework can register with any roles or run tasks.</p>
+
+<pre><code> {
+ "permissive": false,
+ "register_frameworks": [
+ {
+ "principals": {
+ "values": ["foo"]
+ },
+ "roles": {
+ "values": ["analytics"]
+ }
+ }
+ ]
+ }
+</code></pre></li>
+<li><p>The <code>ops</code> principal can teardown any framework using the “/teardown” HTTP endpoint. No other framework can register with any roles or run tasks.</p>
+
+<pre><code> {
+ "permissive": false,
+ "teardown_frameworks": [
+ {
+ "principals": {
+ "values": ["ops"]
+ },
+ "framework_principals": {
+ "type": "ANY"
+ }
+ }
+ ]
+ }
</code></pre></li>
</ol>
-<h2>Enabling authorization</h2>
+<h2>Configuring authorization</h2>
-<p>As part of this feature, a new flag was added to the master.</p>
+<p>Authorization is configured by specifying the <code>--acls</code> flag when starting the master:</p>
<ul>
-<li><code>acls</code> : The value could be a JSON-formatted string of ACLs
- or a file path containing the JSON-formatted ACLs used
- for authorization. Path could be of the form ‘file:///path/to/file’
- or ‘/path/to/file’.
- See the ACLs protobuf in mesos.proto for the expected format.</li>
+<li><code>acls</code>: The value could be a JSON-formatted string of ACLs
+ or a file path containing the JSON-formatted ACLs used
+ for authorization. Path could be of the form ‘file:///path/to/file’
+ or ‘/path/to/file’.
+ See the ACLs protobuf in authorizer.proto for the expected format.</li>
</ul>
-<p><strong>For the complete list of master options: ./mesos-master.sh –help</strong></p>
+<p>For more information on master command-line flags, see the
+<a href="/documentation/latest/configuration/">configuration</a> page.</p>
</div>
</div>
Modified: mesos/site/publish/documentation/latest/c++-style-guide/index.html
URL: http://svn.apache.org/viewvc/mesos/site/publish/documentation/latest/c%2B%2B-style-guide/index.html?rev=1727886&r1=1727885&r2=1727886&view=diff
==============================================================================
--- mesos/site/publish/documentation/latest/c++-style-guide/index.html (original)
+++ mesos/site/publish/documentation/latest/c++-style-guide/index.html Mon Feb 1 02:49:25 2016
@@ -83,7 +83,7 @@
<div class="col-md-8">
<h1>Mesos C++ Style Guide</h1>
-<p>The Mesos codebase follows the <a href="http://google-styleguide.googlecode.com/svn/trunk/cppguide.xml">Google C++ Style Guide</a> with some notable differences, as described below. Note that the <a href="/documentation/latest/clang-format/">clang-format</a> tool can be helpful to ensure that some of the mechanical style rules are obeyed.</p>
+<p>The Mesos codebase follows the <a href="/documentation/latest/http://google-styleguide.googlecode.com/svn/trunk/cppguide.xml">Google C++ Style Guide</a> with some notable differences, as described below. Note that the <a href="clang-format/">clang-format</a> tool can be helpful to ensure that some of the mechanical style rules are obeyed.</p>
<h2>Scoping</h2>
@@ -151,9 +151,22 @@ void Slave::statusUpdate(StatusUpdate up
<ul>
<li>End each sentence within a comment with a punctuation mark (please note that we generally prefer periods); this applies to incomplete sentences as well.</li>
<li>For trailing comments, leave one space.</li>
+<li>Use backticks when quoting code excerpts or object/variable/function names. For example:</li>
</ul>
+<pre><code class="{.cpp}">// Use `SchedulerDriver::acceptOffers()` to send several offer
+// operations. This makes use of the `RESERVE()` and `UNRESERVE()`
+// helpers, which take a `Resources` object as input and produce
+// appropriate offer operations. Note that we are unreserving the
+// resources contained in `dynamicallyReserved1`.
+driver.acceptOffers({offer.id()},
+ {UNRESERVE(dynamicallyReserved1),
+ RESERVE(dynamicallyReserved2),
+ RESERVE(dynamicallyReserved3)},
+ filters);
+</code></pre>
+
<h2>Breaks</h2>
<ul>
@@ -167,7 +180,7 @@ void Slave::statusUpdate(StatusUpdate up
<ul>
<li>Access modifiers are not indented (Google uses one space indentation).</li>
-<li>Constructor initializers are indented by 2 spaces (Google indents by 4).</li>
+<li>Constructor initializers are indented by two spaces (Google indents by four).</li>
</ul>
@@ -181,7 +194,7 @@ void Slave::statusUpdate(StatusUpdate up
<h3>Function Definition/Invocation</h3>
<ul>
-<li>Newline when calling or defining a function: indent with 4 spaces.</li>
+<li>Newline when calling or defining a function: indent with four spaces.</li>
<li>We do not follow Google’s style of wrapping on the open parenthesis, the general goal is to reduce visual “jaggedness” in the code. Prefer (1), (4), (5), sometimes (3), never (2):</li>
</ul>
@@ -219,7 +232,7 @@ allocator->resourcesRecovered(
<h3>Continuation</h3>
<ul>
-<li>Newline for an assignment statement: indent with 2 spaces.</li>
+<li>Newline for an assignment statement: indent with two spaces.</li>
</ul>
@@ -230,9 +243,24 @@ allocator->resourcesRecovered(
<h2>Empty Lines</h2>
<ul>
-<li>1 blank line at the end of the file.</li>
-<li>Elements outside classes (classes, structs, global functions, etc.) should be spaced apart by 2 blank lines.</li>
-<li>Elements inside classes (member variables and functions) should not be spaced apart by more than 1 blank line.</li>
+<li>One empty line at the end of the file.</li>
+<li>Inside a code block, every multi-line statement should be followed by one empty line.</li>
+</ul>
+
+
+<pre><code class="{.cpp}">Try<very_very_long_type> long_name =
+ ::protobuf::parse<very_very_long_type>(
+ request);
+
+for (int i = 0; i < very_very_long_expression();
+ i++) {
+ // No empty line here for control constructs.
+}
+</code></pre>
+
+<ul>
+<li>Elements outside classes (classes, structs, global functions, etc.) should be spaced apart by two empty lines.</li>
+<li>Elements inside classes (member variables and functions) should not be spaced apart by more than one empty line.</li>
</ul>
@@ -321,43 +349,75 @@ s += "world"; // THIS IS A DANGLING REFE
<ul>
<li><p>Mesos source files must contain the “ASF” header:</p>
-<pre><code> /**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
+<pre><code> // Licensed to the Apache Software Foundation (ASF) under one
+ // or more contributor license agreements. See the NOTICE file
+ // distributed with this work for additional information
+ // regarding copyright ownership. The ASF licenses this file
+ // to you under the Apache License, Version 2.0 (the
+ // "License"); you may not use this file except in compliance
+ // with the License. You may obtain a copy of the License at
+ //
+ // http://www.apache.org/licenses/LICENSE-2.0
+ //
+ // Unless required by applicable law or agreed to in writing, software
+ // distributed under the License is distributed on an "AS IS" BASIS,
+ // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ // See the License for the specific language governing permissions and
+ // limitations under the License.
</code></pre></li>
<li><p>Stout and libprocess source files must contain the “Apache License Version 2.0” header:</p>
-<pre><code> /**
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License
- */
+<pre><code> // Licensed under the Apache License, Version 2.0 (the "License");
+ // you may not use this file except in compliance with the License.
+ // You may obtain a copy of the License at
+ //
+ // http://www.apache.org/licenses/LICENSE-2.0
+ //
+ // Unless required by applicable law or agreed to in writing, software
+ // distributed under the License is distributed on an "AS IS" BASIS,
+ // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ // See the License for the specific language governing permissions and
+ // limitations under the License
</code></pre></li>
</ul>
+<h2>Order of includes</h2>
+
+<p>In addition to the ordering rules from the Google style guide, Mesos related headers are separated into sections. Newline to separate each section.
+Mesos related headers in <code>include</code> directories are partitioned by their subfolders, sorted alphabetically, and included using brackets.
+Header in <code>src</code> directories are included afterwards, using the same rules but with quotes instead of brackets.</p>
+
+<p>Example for <code>src/common/foo.cpp</code>:</p>
+
+<pre><code class="{.cpp}">#include "common/foo.hpp"
+
+#include <stdint.h>
+
+#include <string>
+#include <vector>
+
+#include <boost/circular_buffer.hpp>
+
+#include <mesos/mesos.hpp>
+#include <mesos/type_utils.hpp>
+
+#include <mesos/module/authenticator.hpp>
+
+#include <mesos/scheduler/scheduler.hpp>
+
+#include <process/http.hpp>
+#include <process/protobuf.hpp>
+
+#include <stout/foreach.hpp>
+#include <stout/hashmap.hpp>
+
+#include "common/build.hpp"
+#include "common/protobuf_utils.hpp"
+
+#include "master/flags.hpp"
+</code></pre>
+
<h2>C++11</h2>
<p>We support C++11 and require GCC 4.8+ or Clang 3.5+ compilers. The whitelist of supported C++11 features is:</p>
Modified: mesos/site/publish/documentation/latest/clang-format/index.html
URL: http://svn.apache.org/viewvc/mesos/site/publish/documentation/latest/clang-format/index.html?rev=1727886&r1=1727885&r2=1727886&view=diff
==============================================================================
--- mesos/site/publish/documentation/latest/clang-format/index.html (original)
+++ mesos/site/publish/documentation/latest/clang-format/index.html Mon Feb 1 02:49:25 2016
@@ -85,7 +85,7 @@
<p><a href="http://llvm.org/releases/3.5.1/tools/clang/docs/ClangFormat.html">ClangFormat</a> is an automatic source code formatting tool which helps us focus on the code rather than the formatting.</p>
-<blockquote><p>The provided configurations try to honor the <a href="http://mesos.apache.org/documentation/latest/c++-style-guide/">Mesos C++ Style Guide</a> as much as possible, but there are some limitations which require manual attention. Even with these limitations however, ClangFormat will be extremely useful for your workflow!</p></blockquote>
+<blockquote><p>The provided configurations try to honor the <a href="/documentation/latest/c++-style-guide/">Mesos C++ Style Guide</a> as much as possible, but there are some limitations which require manual attention. Even with these limitations however, ClangFormat will be extremely useful for your workflow!</p></blockquote>
<h2>Setup</h2>
Modified: mesos/site/publish/documentation/latest/committers/index.html
URL: http://svn.apache.org/viewvc/mesos/site/publish/documentation/latest/committers/index.html?rev=1727886&r1=1727885&r2=1727886&view=diff
==============================================================================
--- mesos/site/publish/documentation/latest/committers/index.html (original)
+++ mesos/site/publish/documentation/latest/committers/index.html Mon Feb 1 02:49:25 2016
@@ -87,7 +87,7 @@
<h2>Becoming a committer</h2>
-<p>Every new committer has to be proposed by a current committer and then voted in by the members of the Mesos PMC. For details about this process and for candidate requirements see the general <a href="https://community.apache.org/newcommitter.html">Apache guidelines for assessing new candidates for committership</a>. Candidates prepare for their nomination as committer by contributing to the Mesos project and its community, by acting according to the <a href="http://theapacheway.com">Apache Way</a>, and by generally following the path <a href="https://community.apache.org/contributors/">from contributor to committer</a> for Apache projects. Specifically for the Mesos project, you can make use of the <a href="/documentation/latest/committer-candidate-checklist/">Apache Mesos Committer Candidate Checklist</a> for suggestions of what kind of contributions and demonstrated behaviors can be instrumental, and to keep track of your progress.</p>
+<p>Every new committer has to be proposed by a current committer and then voted in by the members of the Mesos PMC. For details about this process and for candidate requirements see the general <a href="/documentation/latest/https://community.apache.org/newcommitter.html">Apache guidelines for assessing new candidates for committership</a>. Candidates prepare for their nomination as committer by contributing to the Mesos project and its community, by acting according to the <a href="http://theapacheway.com">Apache Way</a>, and by generally following the path <a href="https://community.apache.org/contributors/">from contributor to committer</a> for Apache projects. Specifically for the Mesos project, you can make use of the <a href="committer-candidate-checklist/">Apache Mesos Committer Candidate Checklist</a> for suggestions of what kind of contributions and demonstrated behaviors can be instrumental, and to keep track of your progress.</p>
<h2>Current Committers</h2>
@@ -107,7 +107,7 @@
<tr>
<td>-8</td>
<td>Ross Allen</td>
- <td></td>
+ <td>Facebook</td>
<td></td>
<td>ssorallen@apache.org</td>
</tr>
@@ -122,7 +122,7 @@
<td>-8</td>
<td>Adam B</td>
<td>Mesosphere</td>
- <td></td>
+ <td>adam-mesos</td>
<td>me@apache.org</td>
</tr>
<tr>
@@ -149,7 +149,7 @@
<tr>
<td>-8</td>
<td>Dominic Hamon</td>
- <td></td>
+ <td>YouTube</td>
<td></td>
<td>dma@apache.org</td>
</tr>
@@ -170,14 +170,14 @@
<tr>
<td>-8</td>
<td>Vinod Kone</td>
- <td>Twitter</td>
+ <td>Mesosphere</td>
<td>vinodkone</td>
<td>vinodkone@apache.org</td>
</tr>
<tr>
<td>-8</td>
<td>Andy Konwinski</td>
- <td>UC Berkeley</td>
+ <td>Databricks</td>
<td></td>
<td>andrew@apache.org</td>
</tr>
@@ -191,7 +191,7 @@
<tr>
<td>-8</td>
<td>Benjamin Mahler</td>
- <td>Twitter</td>
+ <td>Mesosphere</td>
<td>bmahler</td>
<td>bmahler@apache.org</td>
</tr>
@@ -226,11 +226,18 @@
<tr>
<td>-8</td>
<td>Niklas Quarfot Nielsen</td>
- <td>Mesosphere</td>
+ <td>Intel</td>
<td>niq_</td>
<td>nnielsen@apache.org</td>
</tr>
<tr>
+ <td>-5</td>
+ <td>Michael Park</td>
+ <td>Mesosphere</td>
+ <td>mpark</td>
+ <td>mpark@apache.org</td>
+ </tr>
+ <tr>
<td>-8</td>
<td>Charles Reiss</td>
<td>UC Berkeley</td>
@@ -268,7 +275,7 @@
<tr>
<td>-8</td>
<td>Jie Yu</td>
- <td>Twitter</td>
+ <td>Mesosphere</td>
<td>jieyu</td>
<td>jieyu@apache.org</td>
</tr>