You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@mesos.apache.org by jp...@apache.org on 2018/05/29 21:59:13 UTC
[1/2] mesos git commit: Added link targets to master and agent flags.
Repository: mesos
Updated Branches:
refs/heads/master dcb80d22a -> 0ffafd47f
Added link targets to master and agent flags.
Added link targets for the master and agent flag reference. This pattern
should be maintained so that documentation authors can link to flags in
a standard way.
Review: https://reviews.apache.org/r/67360/
Project: http://git-wip-us.apache.org/repos/asf/mesos/repo
Commit: http://git-wip-us.apache.org/repos/asf/mesos/commit/c442dfbb
Tree: http://git-wip-us.apache.org/repos/asf/mesos/tree/c442dfbb
Diff: http://git-wip-us.apache.org/repos/asf/mesos/diff/c442dfbb
Branch: refs/heads/master
Commit: c442dfbbf720b0ddf9043c0ffa45a659da67da25
Parents: dcb80d2
Author: James Peach <jp...@apache.org>
Authored: Tue May 29 14:58:33 2018 -0700
Committer: James Peach <jp...@apache.org>
Committed: Tue May 29 14:58:33 2018 -0700
----------------------------------------------------------------------
docs/configuration/agent.md | 313 ++++++++++++++++++----------
docs/configuration/master-and-agent.md | 74 ++++---
docs/configuration/master.md | 135 ++++++++----
3 files changed, 345 insertions(+), 177 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/mesos/blob/c442dfbb/docs/configuration/agent.md
----------------------------------------------------------------------
diff --git a/docs/configuration/agent.md b/docs/configuration/agent.md
index af0c040..e0aaf2c 100644
--- a/docs/configuration/agent.md
+++ b/docs/configuration/agent.md
@@ -7,7 +7,7 @@ layout: documentation
## Required Flags
-<table class="table table-striped">
+<table class=".anchored table table-striped">
<thead>
<tr>
<th width="30%">
@@ -18,7 +18,7 @@ layout: documentation
</th>
</tr>
</thead>
-<tr>
+<tr id="master">
<td>
--master=VALUE
</td>
@@ -30,7 +30,7 @@ May be one of:
<code>file:///path/to/file</code> (where file contains one of the above)
</td>
</tr>
-<tr>
+<tr id="work_dir">
<td>
--work_dir=VALUE
</td>
@@ -47,7 +47,7 @@ occurs. (Example: <code>/var/lib/mesos/agent</code>)
## Optional Flags
-<table class="table table-striped">
+<table class=".anchored table table-striped">
<thead>
<tr>
<th width="30%">
@@ -58,7 +58,7 @@ occurs. (Example: <code>/var/lib/mesos/agent</code>)
</th>
</tr>
</thead>
-<tr>
+<tr id="acls">
<td>
--acls=VALUE
</td>
@@ -86,7 +86,7 @@ Example:
</td>
</tr>
-<tr>
+<tr id="agent_features">
<td>
--agent_features=VALUE
</td>
@@ -107,7 +107,7 @@ Example:
</td>
</tr>
-<tr>
+<tr id="agent_subsystems">
<td>
--agent_subsystems=VALUE,
<p/>
@@ -120,9 +120,9 @@ Present functionality is intended for resource monitoring and
no cgroup limits are set, they are inherited from the root mesos
cgroup.
</td>
-
</tr>
-<tr>
+
+<tr id="effective_capabilities">
<td>
--effective_capabilities=VALUE
</td>
@@ -151,8 +151,7 @@ Example:
</td>
</tr>
-</tr>
-<tr>
+<tr id="bounding_capabilities">
<td>
--bounding_capabilities=VALUE
</td>
@@ -170,7 +169,7 @@ This flag has the same syntax as <code>--effective_capabilities</code>.
</td>
</tr>
-<tr>
+<tr id="appc_simple_discovery_uri_prefix">
<td>
--appc_simple_discovery_uri_prefix=VALUE
</td>
@@ -181,7 +180,8 @@ e.g., <code>http://</code>, <code>https://</code>,
(default: http://)
</td>
</tr>
-<tr>
+
+<tr id="appc_store_dir">
<td>
--appc_store_dir=VALUE
</td>
@@ -190,7 +190,8 @@ Directory the appc provisioner will store images in.
(default: /tmp/mesos/store/appc)
</td>
</tr>
-<tr>
+
+<tr id="attributes">
<td>
--attributes=VALUE
</td>
@@ -199,7 +200,8 @@ Attributes of the agent machine, in the form:
<code>rack:2</code> or <code>rack:2;u:1</code>
</td>
</tr>
-<tr>
+
+<tr id="authenticate_http_executors">
<td>
--[no-]authenticate_http_executors
</td>
@@ -210,7 +212,8 @@ flag is only available when Mesos is built with SSL support.
(default: false)
</td>
</tr>
-<tr>
+
+<tr id="authenticatee">
<td>
--authenticatee=VALUE
</td>
@@ -220,7 +223,8 @@ master. Use the default <code>crammd5</code>, or
load an alternate authenticatee module using <code>--modules</code>. (default: crammd5)
</td>
</tr>
-<tr>
+
+<tr id="authentication_backoff_factor">
<td>
--authentication_backoff_factor=VALUE
</td>
@@ -234,7 +238,8 @@ retry between <code>[0, b * 2^3]</code>, etc up to a maximum of 1mins
(default: 1secs)
</td>
</tr>
-<tr>
+
+<tr id="authorizer">
<td>
--authorizer=VALUE
</td>
@@ -249,7 +254,8 @@ other than the default <code>local</code>, the ACLs
passed through the <code>--acls</code> flag will be ignored.
</td>
</tr>
-<tr>
+
+<tr id="cgroups_cpu_enable_pids_and_tids_count">
<td>
--[no]-cgroups_cpu_enable_pids_and_tids_count
</td>
@@ -258,7 +264,8 @@ Cgroups feature flag to enable counting of processes and threads
inside a container. (default: false)
</td>
</tr>
-<tr>
+
+<tr id="cgroups_enable_cfs">
<td>
--[no]-cgroups_enable_cfs
</td>
@@ -267,7 +274,8 @@ Cgroups feature flag to enable hard limits on CPU resources
via the CFS bandwidth limiting subfeature. (default: false)
</td>
</tr>
-<tr>
+
+<tr id="cgroups_hierarchy">
<td>
--cgroups_hierarchy=VALUE
</td>
@@ -275,7 +283,8 @@ via the CFS bandwidth limiting subfeature. (default: false)
The path to the cgroups hierarchy root. (default: /sys/fs/cgroup)
</td>
</tr>
-<tr>
+
+<tr id="cgroups_limit_swap">
<td>
--[no]-cgroups_limit_swap
</td>
@@ -284,7 +293,8 @@ Cgroups feature flag to enable memory limits on both memory and
swap instead of just memory. (default: false)
</td>
</tr>
-<tr>
+
+<tr id="cgroups_net_cls_primary_handle">
<td>
--cgroups_net_cls_primary_handle
</td>
@@ -293,7 +303,8 @@ A non-zero, 16-bit handle of the form `0xAAAA`. This will be used as
the primary handle for the net_cls cgroup.
</td>
</tr>
-<tr>
+
+<tr id="cgroups_net_cls_secondary_handles">
<td>
--cgroups_net_cls_secondary_handles
</td>
@@ -303,7 +314,8 @@ handles that can be used with the primary handle. This will take
effect only when the <code>--cgroups_net_cls_primary_handle</code> is set.
</td>
</tr>
-<tr>
+
+<tr id="allowed_devices">
<td>
--allowed_devices
</td>
@@ -345,7 +357,8 @@ Example:
</code></pre>
</td>
</tr>
-<tr>
+
+<tr id="cgroups_root">
<td>
--cgroups_root=VALUE
</td>
@@ -353,7 +366,8 @@ Example:
Name of the root cgroup. (default: mesos)
</td>
</tr>
-<tr>
+
+<tr id="check_agent_port_range_only">
<td>
--[no-]check_agent_port_range_only
</td>
@@ -365,7 +379,8 @@ to only listen on ports for which they have been assigned resources.
(default: false)
</td>
</tr>
-<tr>
+
+<tr id="container_disk_watch_interval">
<td>
--container_disk_watch_interval=VALUE
</td>
@@ -374,7 +389,8 @@ The interval between disk quota checks for containers. This flag is
used for the <code>disk/du</code> isolator. (default: 15secs)
</td>
</tr>
-<tr>
+
+<tr id="container_logger">
<td>
--container_logger=VALUE
</td>
@@ -385,7 +401,8 @@ container logger writes to <code>stdout</code> and <code>stderr</code> files
in the sandbox directory.
</td>
</tr>
-<tr>
+
+<tr id="container_ports_watch_interval">
<td>
--container_ports_watch_interval=VALUE
</td>
@@ -395,7 +412,8 @@ containers listening on ports they don't have resources for.
<td>
</td>
</tr>
-<tr>
+
+<tr id="containerizers">
<td>
--containerizers=VALUE
</td>
@@ -408,7 +426,8 @@ are specified is the order they are tried.
(default: mesos)
</td>
</tr>
-<tr>
+
+<tr id="credential">
<td>
--credential=VALUE
</td>
@@ -423,7 +442,8 @@ Example:
}</code></pre>
</td>
</tr>
-<tr>
+
+<tr id="default_container_dns">
<td>
--default_container_dns=VALUE
</td>
@@ -469,7 +489,8 @@ Example:
}</code></pre>
</td>
</tr>
-<tr>
+
+<tr id="default_container_info">
<td>
--default_container_info=VALUE
</td>
@@ -493,7 +514,8 @@ Example:
}</code></pre>
</td>
</tr>
-<tr>
+
+<tr id="default_role">
<td>
--default_role=VALUE
</td>
@@ -505,7 +527,8 @@ automatically detected, will be assigned to
this role. (default: *)
</td>
</tr>
-<tr>
+
+<tr id="disk_profile_adaptor">
<td>
--disk_profile_adaptor=VALUE
</td>
@@ -518,7 +541,8 @@ resource providers is to only expose resources for pre-existing
volumes and not publish RAW volumes.
</td>
</tr>
-<tr>
+
+<tr id="disk_watch_interval">
<td>
--disk_watch_interval=VALUE
</td>
@@ -529,7 +553,8 @@ This drives the garbage collection of archived
information and sandboxes. (default: 1mins)
</td>
</tr>
-<tr>
+
+<tr id="docker">
<td>
--docker=VALUE
</td>
@@ -539,7 +564,8 @@ containerizer.
(default: docker)
</td>
</tr>
-<tr>
+
+<tr id="docker_config">
<td>
--docker_config=VALUE
</td>
@@ -561,7 +587,8 @@ Example JSON (<code>$HOME/.docker/config.json</code>):
</code></pre>
</td>
</tr>
-<tr>
+
+<tr id="docker_kill_orphans">
<td>
--[no-]docker_kill_orphans
</td>
@@ -573,7 +600,8 @@ removing docker tasks launched by other agents.
(default: true)
</td>
</tr>
-<tr>
+
+<tr id="docker_mesos_image">
<td>
--docker_mesos_image=VALUE
</td>
@@ -585,7 +613,8 @@ docker containers in order to recover them when the agent restarts and
recovers.
</td>
</tr>
-<tr>
+
+<tr id="docker_registry">
<td>
--docker_registry=VALUE
</td>
@@ -598,7 +627,8 @@ that this option won't change the default registry server for Docker
containerizer. (default: https://registry-1.docker.io)
</td>
</tr>
-<tr>
+
+<tr id="docker_remove_delay">
<td>
--docker_remove_delay=VALUE
</td>
@@ -609,7 +639,8 @@ after Mesos regards the container as TERMINATED
This only applies for the Docker Containerizer. (default: 6hrs)
</td>
</tr>
-<tr>
+
+<tr id="docker_socket">
<td>
--docker_socket=VALUE
</td>
@@ -623,7 +654,8 @@ used by the Docker image used to run the agent. (default:
platforms).
</td>
</tr>
-<tr>
+
+<tr id="docker_stop_timeout">
<td>
--docker_stop_timeout=VALUE
</td>
@@ -633,7 +665,8 @@ that container. This flag is deprecated; use task's kill policy instead.
(default: 0ns)
</td>
</tr>
-<tr>
+
+<tr id="docker_store_dir">
<td>
--docker_store_dir=VALUE
</td>
@@ -641,7 +674,8 @@ that container. This flag is deprecated; use task's kill policy instead.
Directory the Docker provisioner will store images in (default: /tmp/mesos/store/docker)
</td>
</tr>
-<tr>
+
+<tr id="docker_volume_checkpoint_dir">
<td>
--docker_volume_checkpoint_dir=VALUE
</td>
@@ -651,7 +685,8 @@ volumes that each container uses.
(default: /var/run/mesos/isolators/docker/volume)
</td>
</tr>
-<tr>
+
+<tr id="enforce_container_disk_quota">
<td>
--[no-]enforce_container_disk_quota
</td>
@@ -660,7 +695,8 @@ Whether to enable disk quota enforcement for containers. This flag
is used by the <code>disk/du</code> and <code>disk/xfs</code> isolators. (default: false)
</td>
</tr>
-<tr>
+
+<tr id="enforce_container_ports">
<td>
--[no-]enforce_container_ports
</td>
@@ -669,7 +705,8 @@ Whether to enable network port enforcement for containers. This flag
is used by the <code>network/ports</code> isolator. (default: false)
</td>
</tr>
-<tr>
+
+<tr id="executor_environment_variables">
<td>
--executor_environment_variables=VALUE
</td>
@@ -684,7 +721,8 @@ Example:
}</code></pre>
</td>
</tr>
-<tr>
+
+<tr id="executor_registration_timeout">
<td>
--executor_registration_timeout=VALUE
</td>
@@ -694,7 +732,8 @@ to register with the agent before considering it hung and
shutting it down (e.g., 60secs, 3mins, etc) (default: 1mins)
</td>
</tr>
-<tr>
+
+<tr id="executor_reregistration_timeout">
<td>
--executor_reregistration_timeout=VALUE
</td>
@@ -705,7 +744,8 @@ it down. Note that currently, the agent will not reregister with the
master until this timeout has elapsed (see MESOS-7539). (default: 2secs)
</td>
</tr>
-<tr>
+
+<tr id="executor_reregistration_retry_interval">
<td>
--executor_reregistration_retry_interval=VALUE
</td>
@@ -730,7 +770,8 @@ This results in "old" executors correctly establishing a link
when processing the second reconnect message. (default: no retries)
</td>
</tr>
-<tr>
+
+<tr id="max_completed_executors_per_framework">
<td>
--max_completed_executors_per_framework=VALUE
</td>
@@ -739,7 +780,8 @@ Maximum number of completed executors per framework to store
in memory. (default: 150)
</td>
</tr>
-<tr>
+
+<tr id="jwt_secret_key">
<td>
--jwt_secret_key=VALUE
</td>
@@ -748,7 +790,8 @@ Path to a file containing the key used when generating JWT secrets.
This flag is only available when Mesos is built with SSL support.
</td>
</tr>
-<tr>
+
+<tr id="executor_shutdown_grace_period">
<td>
--executor_shutdown_grace_period=VALUE
</td>
@@ -762,7 +805,8 @@ terminations may occur.
(default: 5secs)
</td>
</tr>
-<tr>
+
+<tr id="fetcher_cache_dir">
<td>
--fetcher_cache_dir=VALUE
</td>
@@ -781,7 +825,8 @@ for several reasons:
</ul>
</td>
</tr>
-<tr>
+
+<tr id="fetcher_cache_size">
<td>
--fetcher_cache_size=VALUE
</td>
@@ -789,7 +834,8 @@ for several reasons:
Size of the fetcher cache in Bytes. (default: 2GB)
</td>
</tr>
-<tr>
+
+<tr id="fetcher_stall_timeout">
<td>
--fetcher_stall_timeout=VALUE
</td>
@@ -801,7 +847,8 @@ keeps below one byte per second).
does not apply to HDFS. (default: 1mins)
</td>
</tr>
-<tr>
+
+<tr id="frameworks_home">
<td>
--frameworks_home=VALUE
</td>
@@ -809,7 +856,8 @@ does not apply to HDFS. (default: 1mins)
Directory path prepended to relative executor URIs (default: )
</td>
</tr>
-<tr>
+
+<tr id="gc_delay">
<td>
--gc_delay=VALUE
</td>
@@ -820,9 +868,9 @@ Note that this delay may be shorter depending on
the available disk usage. (default: 1weeks)
</td>
</tr>
-<tr>
+
+<tr id="gc_disk_headroom">
<td>
- <a name="gc_disk_headroom"></a>
--gc_disk_headroom=VALUE
</td>
<td>
@@ -833,7 +881,8 @@ every <code>--disk_watch_interval</code> duration. <code>gc_disk_headroom</code>
be a value between 0.0 and 1.0 (default: 0.1)
</td>
</tr>
-<tr>
+
+<tr id="hadoop_home">
<td>
--hadoop_home=VALUE
</td>
@@ -844,7 +893,8 @@ fetching framework executors from HDFS)
environment or find hadoop on <code>PATH</code>) (default: )
</td>
</tr>
-<tr>
+
+<tr id="http_credentials">
<td>
--http_credentials=VALUE
</td>
@@ -865,7 +915,8 @@ Example:
</code></pre>
</td>
</tr>
-<tr>
+
+<tr id="http_command_executor">
<td>
--[no-]http_command_executor
</td>
@@ -878,7 +929,8 @@ the driver based implementation would be used.
production yet. (default: false)
</td>
</tr>
-<tr>
+
+<tr id="http_heartbeat_interval">
<td>
--http_heartbeat_interval=VALUE
</td>
@@ -890,7 +942,8 @@ the agent HTTP API. Currently, this only applies to the
(default: 30secs)
</td>
</tr>
-<tr>
+
+<tr id="image_providers">
<td>
--image_providers=VALUE
</td>
@@ -899,7 +952,8 @@ Comma-separated list of supported image providers,
e.g., <code>APPC,DOCKER</code>.
</td>
</tr>
-<tr>
+
+<tr id="image_provisioner_backend">
<td>
--image_provisioner_backend=VALUE
</td>
@@ -908,7 +962,8 @@ Strategy for provisioning container rootfs from images, e.g., <code>aufs</code>,
<code>bind</code>, <code>copy</code>, <code>overlay</code>.
</td>
</tr>
-<tr>
+
+<tr id="image_gc_config">
<td>
--image_gc_config=VALUE
</td>
@@ -935,7 +990,8 @@ Example:
}</code></pre>
</td>
</tr>
-<tr>
+
+<tr id="ip6">
<td>
--ip6=VALUE
</td>
@@ -948,7 +1004,8 @@ this IPv6 address is only used to advertise IPv6 addresses for
containers running on the host network.
</td>
</tr>
-<tr>
+
+<tr id="ip6_discovery_command">
<td>
--ip6_discovery_command=VALUE
</td>
@@ -962,7 +1019,8 @@ this IPv6 address is only used to advertise IPv6 addresses for
containers running on the host network.
</td>
</tr>
-<tr>
+
+<tr id="isolation">
<td>
--isolation=VALUE
</td>
@@ -976,7 +1034,8 @@ flag is only relevant for the Mesos Containerizer.
(default: posix/cpu,posix/mem)
</td>
</tr>
-<tr>
+
+<tr id="launcher">
<td>
--launcher=VALUE
</td>
@@ -988,7 +1047,8 @@ network, pid, etc. If unspecified, the agent will choose the Linux
launcher if it's running as root on Linux.
</td>
</tr>
-<tr>
+
+<tr id="launcher_dir">
<td>
--launcher_dir=VALUE
</td>
@@ -998,7 +1058,8 @@ fetcher, containerizer, and executor binary files under this
directory. (default: /usr/local/libexec/mesos)
</td>
</tr>
-<tr>
+
+<tr id="master_detector">
<td>
--master_detector=VALUE
</td>
@@ -1008,7 +1069,8 @@ module specified through the <code>--modules</code> flag. Cannot be used in
conjunction with <code>--master</code>.
</td>
</tr>
-<tr>
+
+<tr id="nvidia_gpu_devices">
<td>
--nvidia_gpu_devices=VALUE
</td>
@@ -1022,7 +1084,8 @@ listed will only be isolated if the <code>--isolation</code> flag contains the
string <code>gpu/nvidia</code>.
</td>
</tr>
-<tr>
+
+<tr id="network_cni_plugins_dir">
<td>
--network_cni_plugins_dir=VALUE
</td>
@@ -1033,7 +1096,8 @@ the plugins to add/delete container from the CNI networks. It is the operator's
responsibility to install the CNI plugin binaries in the specified directory.
</td>
</tr>
-<tr>
+
+<tr id="network_cni_config_dir">
<td>
--network_cni_config_dir=VALUE
</td>
@@ -1043,7 +1107,8 @@ containers launched in Mesos agent can connect to, the operator should install
a network configuration file in JSON format in the specified directory.
</td>
</tr>
-<tr>
+
+<tr id="oversubscribed_resources_interval">
<td>
--oversubscribed_resources_interval=VALUE
</td>
@@ -1054,7 +1119,8 @@ and available. The interval between updates is controlled by this flag.
(default: 15secs)
</td>
</tr>
-<tr>
+
+<tr id="perf_duration">
<td>
--perf_duration=VALUE
</td>
@@ -1063,7 +1129,8 @@ Duration of a perf stat sample. The duration must be less
than the <code>perf_interval</code>. (default: 10secs)
</td>
</tr>
-<tr>
+
+<tr id="perf_events">
<td>
--perf_events=VALUE
</td>
@@ -1076,7 +1143,8 @@ when reported in the PerfStatistics protobuf, e.g., <code>cpu-cycles</code>
becomes <code>cpu_cycles</code>; see the PerfStatistics protobuf for all names.
</td>
</tr>
-<tr>
+
+<tr id="perf_interval">
<td>
--perf_interval=VALUE
</td>
@@ -1088,7 +1156,8 @@ demand. For this reason, <code>perf_interval</code> is independent of the
resource monitoring interval. (default: 60secs)
</td>
</tr>
-<tr>
+
+<tr id="qos_controller">
<td>
--qos_controller=VALUE
</td>
@@ -1096,7 +1165,8 @@ resource monitoring interval. (default: 60secs)
The name of the QoS Controller to use for oversubscription.
</td>
</tr>
-<tr>
+
+<tr id="qos_correction_interval_min">
<td>
--qos_correction_interval_min=VALUE
</td>
@@ -1107,7 +1177,8 @@ The smallest interval between these corrections is controlled by
this flag. (default: 0secs)
</td>
</tr>
-<tr>
+
+<tr id="reconfiguration_policy">
<td>
--reconfiguration_policy=VALUE
</td>
@@ -1125,7 +1196,8 @@ considers unacceptable, which, e.g., currently happens when port or hostname
are changed. (default: equal)
</td>
</tr>
-<tr>
+
+<tr id="recover">
<td>
--recover=VALUE
</td>
@@ -1138,7 +1210,8 @@ cleanup : Kill any old live executors and exit.
or executor upgrade!). (default: reconnect)
</td>
</tr>
-<tr>
+
+<tr id="recovery_timeout">
<td>
--recovery_timeout=VALUE
</td>
@@ -1149,7 +1222,8 @@ waiting to reconnect to the agent will self-terminate.
(default: 15mins)
</td>
</tr>
-<tr>
+
+<tr id="registration_backoff_factor">
<td>
--registration_backoff_factor=VALUE
</td>
@@ -1162,7 +1236,8 @@ interval (e.g., 1st retry uses a random value between <code>[0, b * 2^1]</code>,
etc) up to a maximum of 1mins (default: 1secs)
</td>
</tr>
-<tr>
+
+<tr id="resource_estimator">
<td>
--resource_estimator=VALUE
</td>
@@ -1170,7 +1245,8 @@ etc) up to a maximum of 1mins (default: 1secs)
The name of the resource estimator to use for oversubscription.
</td>
</tr>
-<tr>
+
+<tr id="resources">
<td>
--resources=VALUE
</td>
@@ -1206,7 +1282,8 @@ Example JSON:
]</code></pre>
</td>
</tr>
-<tr>
+
+<tr id="resource_provider_config_dir">
<td>
--resource_provider_config_dir=VALUE
</td>
@@ -1227,7 +1304,8 @@ Example config file in this directory:
}</code></pre>
</td>
</tr>
-<tr>
+
+<tr id="revocable_cpu_low_priority">
<td>
--[no-]revocable_cpu_low_priority
</td>
@@ -1237,7 +1315,8 @@ normal containers (non-revocable cpu). Currently only
supported by the cgroups/cpu isolator. (default: true)
</td>
</tr>
-<tr>
+
+<tr id="runtime_dir">
<td>
--runtime_dir
</td>
@@ -1248,7 +1327,8 @@ not across reboots). This directory will be cleared on reboot.
(Example: <code>/var/run/mesos</code>)
</td>
</tr>
-<tr>
+
+<tr id="sandbox_directory">
<td>
--sandbox_directory=VALUE
</td>
@@ -1258,7 +1338,8 @@ sandbox is mapped to.
(default: /mnt/mesos/sandbox)
</td>
</tr>
-<tr>
+
+<tr id="disallow_sharing_agent_pid_namespace">
<td>
--[no-]disallow_sharing_agent_pid_namespace
</td>
@@ -1272,7 +1353,8 @@ agent if the framework requests it. This flag will be ignored if the
(default: false)
</td>
</tr>
-<tr>
+
+<tr id="strict">
<td>
--[no-]strict
</td>
@@ -1285,7 +1367,8 @@ state as possible is recovered.
(default: true)
</td>
</tr>
-<tr>
+
+<tr id="secret_resolver">
<td>
--secret_resolver=VALUE
</td>
@@ -1297,7 +1380,7 @@ reference-based secrets.
</td>
</tr>
-<tr>
+<tr id="switch_user">
<td>
--[no-]switch_user
</td>
@@ -1351,7 +1434,8 @@ The path to the systemd system run time directory.
</th>
</tr>
</thead>
-<tr>
+
+<tr id="ephemeral_ports_per_container">
<td>
--ephemeral_ports_per_container=VALUE
</td>
@@ -1361,7 +1445,8 @@ isolator. This number has to be a power of 2. This flag is used
for the <code>network/port_mapping</code> isolator. (default: 1024)
</td>
</tr>
-<tr>
+
+<tr id="eth0_name">
<td>
--eth0_name=VALUE
</td>
@@ -1372,7 +1457,8 @@ on the host default gateway. This flag is used for the
<code>network/port_mapping</code> isolator.
</td>
</tr>
-<tr>
+
+<tr id="lo_name">
<td>
--lo_name=VALUE
</td>
@@ -1382,7 +1468,8 @@ not specified, the network isolator will try to guess it. This
flag is used for the <code>network/port_mapping</code> isolator.
</td>
</tr>
-<tr>
+
+<tr id="egress_rate_limit_per_container">
<td>
--egress_rate_limit_per_container=VALUE
</td>
@@ -1394,7 +1481,8 @@ This flag uses the Bytes type (defined in stout) and is used for
the <code>network/port_mapping</code> isolator.
</td>
</tr>
-<tr>
+
+<tr id="egress_unique_flow_per_container">
<td>
--[no-]egress_unique_flow_per_container
</td>
@@ -1404,7 +1492,8 @@ egress traffic. This flag is used for the <code>network/port_mapping</code>
isolator. (default: false)
</td>
</tr>
-<tr>
+
+<tr id="egress_flow_classifier_parent">
<td>
--egress_flow_classifier_parent=VALUE
</td>
@@ -1414,7 +1503,8 @@ a flow classifier (fq_codel) qdisc on egress side. This flag specifies
where to install it in the hierarchy. By default, we install it at root.
</td>
</tr>
-<tr>
+
+<tr id="network_enable_socket_statistics_summary">
<td>
--[no-]network_enable_socket_statistics_summary
</td>
@@ -1424,7 +1514,8 @@ This flag is used for the <code>network/port_mapping</code> isolator.
(default: false)
</td>
</tr>
-<tr>
+
+<tr id="network_enable_socket_statistics_details">
<td>
--[no-]network_enable_socket_statistics_details
</td>
@@ -1434,7 +1525,8 @@ each container. This flag is used for the <code>network/port_mapping</code>
isolator. (default: false)
</td>
</tr>
-<tr>
+
+<tr id="network_enable_snmp_statistics">
<td>
--[no-]network_enable_snmp_statistics
</td>
@@ -1444,6 +1536,7 @@ each container. This flag is used for the 'network/port_mapping'
isolator. (default: false)
</td>
</tr>
+
</table>
## XFS Disk Isolator flags
@@ -1461,7 +1554,8 @@ isolator. (default: false)
</th>
</tr>
</thead>
-<tr>
+
+<tr id="xfs_project_range">
<td>
--xfs_project_range=VALUE
</td>
@@ -1471,4 +1565,5 @@ quotas for container sandbox directories. Valid project IDs range from
1 to max(uint32). (default `[5000-10000]`)
</td>
</tr>
+
</table>
http://git-wip-us.apache.org/repos/asf/mesos/blob/c442dfbb/docs/configuration/master-and-agent.md
----------------------------------------------------------------------
diff --git a/docs/configuration/master-and-agent.md b/docs/configuration/master-and-agent.md
index df18681..aaee8b9 100644
--- a/docs/configuration/master-and-agent.md
+++ b/docs/configuration/master-and-agent.md
@@ -18,7 +18,8 @@ layout: documentation
</th>
</tr>
</thead>
-<tr>
+
+<tr id="advertise_ip">
<td>
--advertise_ip=VALUE
</td>
@@ -28,7 +29,8 @@ The master/agent does not bind to this IP address.
However, this IP address may be used to access this master/agent.
</td>
</tr>
-<tr>
+
+<tr id="advertise_port">
<td>
--advertise_port=VALUE
</td>
@@ -39,7 +41,8 @@ However, this port (along with <code>advertise_ip</code>) may be used to
access Mesos master/agent.
</td>
</tr>
-<tr>
+
+<tr id="authenticate_http_readonly">
<td>
--[no-]authenticate_http_readonly
</td>
@@ -49,7 +52,8 @@ supporting authentication are allowed. If <code>false</code>, unauthenticated
requests to such HTTP endpoints are also allowed.
</td>
</tr>
-<tr>
+
+<tr id="authenticate_http_readwrite">
<td>
--[no-]authenticate_http_readwrite
</td>
@@ -59,7 +63,8 @@ supporting authentication are allowed. If <code>false</code>, unauthenticated
requests to such HTTP endpoints are also allowed.
</td>
</tr>
-<tr>
+
+<tr id="firewall_rules">
<td>
--firewall_rules=VALUE
</td>
@@ -82,7 +87,8 @@ Example:
}</code></pre>
</td>
</tr>
-<tr>
+
+<tr id="domain">
<td>
--domain=VALUE
</td>
@@ -115,7 +121,8 @@ Example:
}</code></pre>
</td>
</tr>
-<tr>
+
+<tr id="help">
<td>
--[no-]help
</td>
@@ -123,7 +130,8 @@ Example:
Show the help message and exit. (default: false)
</td>
</tr>
-<tr>
+
+<tr id="hooks">
<td>
--hooks=VALUE
</td>
@@ -131,7 +139,8 @@ Show the help message and exit. (default: false)
A comma-separated list of hook modules to be installed inside master/agent.
</td>
</tr>
-<tr>
+
+<tr id="hostname">
<td>
--hostname=VALUE
</td>
@@ -144,7 +153,8 @@ that, using <code>--no-hostname_lookup</code>, in which case the IP itself
is used.
</td>
</tr>
-<tr>
+
+<tr id="hostname_lookup">
<td>
--[no-]hostname_lookup
</td>
@@ -155,7 +165,8 @@ True by default; if set to <code>false</code> it will cause Mesos
to use the IP address, unless the hostname is explicitly set. (default: true)
</td>
</tr>
-<tr>
+
+<tr id="http_authenticators">
<td>
--http_authenticators=VALUE
</td>
@@ -166,7 +177,8 @@ alternate HTTP authenticator module using <code>--modules</code>.
(default: basic, or basic and JWT if executor authentication is enabled)
</td>
</tr>
-<tr>
+
+<tr id="ip">
<td>
--ip=VALUE
</td>
@@ -175,7 +187,8 @@ IP address to listen on. This cannot be used in conjunction
with <code>--ip_discovery_command</code>.
</td>
</tr>
-<tr>
+
+<tr id="ip_discovery_command">
<td>
--ip_discovery_command=VALUE
</td>
@@ -185,7 +198,8 @@ the IP address which the master/agent will try to bind to.
Cannot be used in conjunction with <code>--ip</code>.
</td>
</tr>
-<tr>
+
+<tr id="modules">
<td>
--modules=VALUE
</td>
@@ -232,7 +246,8 @@ Example:
<p/> Cannot be used in conjunction with --modules_dir.
</td>
</tr>
-<tr>
+
+<tr id="modules_dir">
<td>
--modules_dir=VALUE
</td>
@@ -242,7 +257,8 @@ alphabetical order. (See <code>--modules</code> for more information on module
manifest files). Cannot be used in conjunction with <code>--modules</code>.
</td>
</tr>
-<tr>
+
+<tr id="port">
<td>
--port=VALUE
</td>
@@ -250,7 +266,8 @@ manifest files). Cannot be used in conjunction with <code>--modules</code>.
Port to listen on. (master default: 5050; agent default: 5051)
</td>
</tr>
-<tr>
+
+<tr id="version">
<td>
--[no-]version
</td>
@@ -258,7 +275,8 @@ Port to listen on. (master default: 5050; agent default: 5051)
Show version and exit. (default: false)
</td>
</tr>
-<tr>
+
+<tr id="zk_session_timeout">
<td>
--zk_session_timeout=VALUE
</td>
@@ -266,6 +284,7 @@ Show version and exit. (default: false)
ZooKeeper session timeout. (default: 10secs)
</td>
</tr>
+
</table>
## Logging Options
@@ -284,7 +303,8 @@ For more about logging, see the [logging documentation](../logging.md).
</th>
</tr>
</thead>
-<tr>
+
+<tr id="quiet">
<td>
--[no-]quiet
</td>
@@ -292,7 +312,8 @@ For more about logging, see the [logging documentation](../logging.md).
Disable logging to stderr. (default: false)
</td>
</tr>
-<tr>
+
+<tr id="log_dir">
<td>
--log_dir=VALUE
</td>
@@ -304,7 +325,8 @@ If specified, the log file will appear in the Mesos WebUI.
only written to stderr!
</td>
</tr>
-<tr>
+
+<tr id="logbufsecs">
<td>
--logbufsecs=VALUE
</td>
@@ -313,7 +335,8 @@ Maximum number of seconds that logs may be buffered for.
By default, logs are flushed immediately. (default: 0)
</td>
</tr>
-<tr>
+
+<tr id="logging_level">
<td>
--logging_level=VALUE
</td>
@@ -324,7 +347,8 @@ If <code>--quiet</code> is specified, this will only affect the logs
written to <code>--log_dir</code>, if specified. (default: INFO)
</td>
</tr>
-<tr>
+
+<tr id="initialize_driver_logging">
<td>
--[no-]initialize_driver_logging
</td>
@@ -338,7 +362,8 @@ This option has no effect when using the HTTP scheduler/executor APIs.
(default: true)
</td>
</tr>
-<tr>
+
+<tr id="external_log_file">
<td>
--external_log_file=VALUE
</td>
@@ -355,4 +380,5 @@ However, logs will still be written to the <code>--log_dir</code> if
that option is specified.
</td>
</tr>
+
</table>
http://git-wip-us.apache.org/repos/asf/mesos/blob/c442dfbb/docs/configuration/master.md
----------------------------------------------------------------------
diff --git a/docs/configuration/master.md b/docs/configuration/master.md
index 6f55ad9..2ba612b 100644
--- a/docs/configuration/master.md
+++ b/docs/configuration/master.md
@@ -18,7 +18,8 @@ layout: documentation
</th>
</tr>
</thead>
-<tr>
+
+<tr id="quorum">
<td>
--quorum=VALUE
</td>
@@ -29,7 +30,8 @@ masters i.e., <code>quorum > (number of masters)/2</code>.
<b>NOTE</b>: Not required if master is run in standalone mode (non-HA).
</td>
</tr>
-<tr>
+
+<tr id="work_dir">
<td>
--work_dir=VALUE
</td>
@@ -41,7 +43,8 @@ directory when running in production, since long-running masters could
lose data when cleanup occurs. (Example: <code>/var/lib/mesos/master</code>)
</td>
</tr>
-<tr>
+
+<tr id="zk">
<td>
--zk=VALUE
</td>
@@ -54,6 +57,7 @@ file:///path/to/file (where file contains one of the above)</code></pre>
<b>NOTE</b>: Not required if master is run in standalone mode (non-HA).
</td>
</tr>
+
</table>
## Optional Flags
@@ -69,7 +73,8 @@ file:///path/to/file (where file contains one of the above)</code></pre>
</th>
</tr>
</thead>
-<tr>
+
+<tr id="acls">
<td>
--acls=VALUE
</td>
@@ -126,7 +131,8 @@ Example:
}</code></pre>
</td>
</tr>
-<tr>
+
+<tr id="agent_ping_timeout">
<td>
--agent_ping_timeout=VALUE,
<p/>
@@ -142,7 +148,8 @@ session timeout to prevent useless re-registration attempts.
(default: 15secs)
</td>
</tr>
-<tr>
+
+<tr id="agent_removal_rate_limit">
<td>
--agent_removal_rate_limit=VALUE
<p/>
@@ -155,7 +162,8 @@ By default, agents will be removed as soon as they fail the health
checks. The value is of the form <code>(Number of agents)/(Duration)</code>.
</td>
</tr>
-<tr>
+
+<tr id="agent_reregister_timeout">
<td>
--agent_reregister_timeout=VALUE
<p/>
@@ -171,7 +179,8 @@ non-partition-aware tasks running on the agent will be terminated.
<b>NOTE</b>: This value has to be at least 10mins. (default: 10mins)
</td>
</tr>
-<tr>
+
+<tr id="allocation_interval">
<td>
--allocation_interval=VALUE
</td>
@@ -180,7 +189,8 @@ Amount of time to wait between performing
(batch) allocations (e.g., 500ms, 1sec, etc). (default: 1secs)
</td>
</tr>
-<tr>
+
+<tr id="allocator">
<td>
--allocator=VALUE
</td>
@@ -191,7 +201,8 @@ load an alternate allocator module using <code>--modules</code>.
(default: HierarchicalDRF)
</td>
</tr>
-<tr>
+
+<tr id="authenticate_agents">
<td>
--[no-]authenticate_agents,
<p/>
@@ -202,7 +213,8 @@ If <code>true</code> only authenticated agents are allowed to register.
If <code>false</code> unauthenticated agents are also allowed to register. (default: false)
</td>
</tr>
-<tr>
+
+<tr id="authenticate_frameworks">
<td>
--[no-]authenticate_frameworks,
<p/>
@@ -214,7 +226,8 @@ If <code>true</code>, only authenticated frameworks are allowed to register. If
HTTP based frameworks use the <code>--authenticate_http_frameworks</code> flag. (default: false)
</td>
</tr>
-<tr>
+
+<tr id="authenticate_http_frameworks">
<td>
--[no-]authenticate_http_frameworks
</td>
@@ -223,7 +236,8 @@ If <code>true</code>, only authenticated HTTP based frameworks are allowed to
register. If <code>false</code>, HTTP frameworks are not authenticated. (default: false)
</td>
</tr>
-<tr>
+
+<tr id="authenticators">
<td>
--authenticators=VALUE
</td>
@@ -233,7 +247,8 @@ and/or agents. Use the default <code>crammd5</code>, or
load an alternate authenticator module using <code>--modules</code>. (default: crammd5)
</td>
</tr>
-<tr>
+
+<tr id="authorizers">
<td>
--authorizers=VALUE
</td>
@@ -250,7 +265,8 @@ passed through the <code>--acls</code> flag will be ignored.
Currently there is no support for multiple authorizers. (default: local)
</td>
</tr>
-<tr>
+
+<tr id="cluster">
<td>
--cluster=VALUE
</td>
@@ -258,7 +274,8 @@ Currently there is no support for multiple authorizers. (default: local)
Human readable name for the cluster, displayed in the webui.
</td>
</tr>
-<tr>
+
+<tr id="credentials">
<td>
--credentials=VALUE
</td>
@@ -276,7 +293,8 @@ Example:
}</code></pre>
</td>
</tr>
-<tr>
+
+<tr id="fair_sharing_excluded_resource_names">
<td>
--fair_sharing_excluded_resource_names=VALUE
</td>
@@ -289,7 +307,8 @@ sharing implementation currently has limitations. E.g. See the problem of
<a href="https://issues.apache.org/jira/browse/MESOS-5377">MESOS-5377</a>
</td>
</tr>
-<tr>
+
+<tr id="filter_gpu_resources">
<td>
--[no_]filter_gpu_resources
</td>
@@ -306,7 +325,8 @@ the following for more information:
<a href="https://issues.apache.org/jira/browse/MESOS-7576">MESOS-7576</a>
</td>
</tr>
-<tr>
+
+<tr id="framework_sorter">
<td>
--framework_sorter=VALUE
</td>
@@ -316,7 +336,8 @@ frameworks. Options are the same as for <code>--user_sorter</code>.
(default: drf)
</td>
</tr>
-<tr>
+
+<tr id="http_framework_authenticators">
<td>
--http_framework_authenticators=VALUE
</td>
@@ -329,7 +350,8 @@ module using <code>--modules</code>. This must be used in conjunction with
Currently there is no support for multiple HTTP authenticators.
</td>
</tr>
-<tr>
+
+<tr id="log_auto_initialize">
<td>
--[no-]log_auto_initialize
</td>
@@ -339,7 +361,8 @@ used for the registry. If this is set to false, the log has to be manually
initialized when used for the very first time. (default: true)
</td>
</tr>
-<tr>
+
+<tr id="master_contender">
<td>
--master_contender=VALUE
</td>
@@ -350,7 +373,8 @@ conjunction with <code>--zk</code>. Must be used in conjunction with
<code>--master_detector</code>.
</td>
</tr>
-<tr>
+
+<tr id="master_detector">
<td>
--master_detector=VALUE
</td>
@@ -361,7 +385,8 @@ conjunction with <code>--zk</code>. Must be used in conjunction with
<code>--master_contender</code>.
</td>
</tr>
-<tr>
+
+<tr id="max_agent_ping_timeouts">
<td>
--max_agent_ping_timeouts=VALUE,
<p/>
@@ -374,7 +399,8 @@ ping from the master. Agents that do not respond within
(default: 5)
</td>
</tr>
-<tr>
+
+<tr id="max_completed_frameworks">
<td>
--max_completed_frameworks=VALUE
</td>
@@ -382,7 +408,8 @@ ping from the master. Agents that do not respond within
Maximum number of completed frameworks to store in memory. (default: 50)
</td>
</tr>
-<tr>
+
+<tr id="max_completed_tasks_per_framework">
<td>
--max_completed_tasks_per_framework=VALUE
</td>
@@ -390,7 +417,8 @@ Maximum number of completed frameworks to store in memory. (default: 50)
Maximum number of completed tasks per framework to store in memory. (default: 1000)
</td>
</tr>
-<tr>
+
+<tr id="max_unreachable_tasks_per_framework">
<td>
--max_unreachable_tasks_per_framework=VALUE
</td>
@@ -398,7 +426,8 @@ Maximum number of completed tasks per framework to store in memory. (default: 10
Maximum number of unreachable tasks per framework to store in memory. (default: 1000)
</td>
</tr>
-<tr>
+
+<tr id="offer_timeout">
<td>
--offer_timeout=VALUE
</td>
@@ -409,7 +438,8 @@ or frameworks that accidentally drop offers.
If not set, offers do not timeout.
</td>
</tr>
-<tr>
+
+<tr id="rate_limits">
<td>
--rate_limits=VALUE
</td>
@@ -437,7 +467,8 @@ Example:
}</code></pre>
</td>
</tr>
-<tr>
+
+<tr id="recovery_agent_removal_limit">
<td>
--recovery_agent_removal_limit=VALUE,
<p/>
@@ -458,7 +489,8 @@ in the cluster.
Values: [0%-100%] (default: 100%)
</td>
</tr>
-<tr>
+
+<tr id="registry">
<td>
--registry=VALUE
</td>
@@ -467,7 +499,8 @@ Persistence strategy for the registry; available options are
<code>replicated_log</code>, <code>in_memory</code> (for testing). (default: replicated_log)
</td>
</tr>
-<tr>
+
+<tr id="registry_fetch_timeout">
<td>
--registry_fetch_timeout=VALUE
</td>
@@ -476,7 +509,8 @@ Duration of time to wait in order to fetch data from the registry
after which the operation is considered a failure. (default: 1mins)
</td>
</tr>
-<tr>
+
+<tr id="registry_gc_interval">
<td>
--registry_gc_interval=VALUE
</td>
@@ -490,7 +524,8 @@ how often the master will examine the registry to see if data
should be discarded. (default: 15mins)
</td>
</tr>
-<tr>
+
+<tr id="registry_max_agent_age">
<td>
--registry_max_agent_age=VALUE
</td>
@@ -505,7 +540,8 @@ information may be discarded from the registry sooner than indicated
by this parameter. (default: 2weeks)
</td>
</tr>
-<tr>
+
+<tr id="registry_max_agent_count">
<td>
--registry_max_agent_count=VALUE
</td>
@@ -517,7 +553,8 @@ information about all connected agents. See also the
<code>registry_max_agent_age</code> flag. (default: 102400)
</td>
</tr>
-<tr>
+
+<tr id="registry_store_timeout">
<td>
--registry_store_timeout=VALUE
</td>
@@ -526,7 +563,8 @@ Duration of time to wait in order to store data in the registry
after which the operation is considered a failure. (default: 20secs)
</td>
</tr>
-<tr>
+
+<tr id="require_agent_domain">
<td>
--[no-]require_agent_domain
</td>
@@ -534,7 +572,8 @@ after which the operation is considered a failure. (default: 20secs)
If true, only agents with a configured domain can register. (default: false)
</td>
</tr>
-<tr>
+
+<tr id="roles">
<td>
--roles=VALUE
</td>
@@ -544,7 +583,8 @@ in this cluster may belong to. This flag is deprecated;
if it is not specified, any role name can be used.
</td>
</tr>
-<tr>
+
+<tr id="root_submissions">
<td>
--[no-]root_submissions
</td>
@@ -552,7 +592,8 @@ if it is not specified, any role name can be used.
Can root submit frameworks? (default: true)
</td>
</tr>
-<tr>
+
+<tr id="user_sorter">
<td>
--user_sorter=VALUE
</td>
@@ -561,7 +602,8 @@ Policy to use for allocating resources between users. May be one of:
dominant_resource_fairness (drf) (default: drf)
</td>
</tr>
-<tr>
+
+<tr id="webui_dir">
<td>
--webui_dir=VALUE
</td>
@@ -569,7 +611,8 @@ Policy to use for allocating resources between users. May be one of:
Directory path of the webui files/assets (default: /usr/local/share/mesos/webui)
</td>
</tr>
-<tr>
+
+<tr id="weights">
<td>
--weights=VALUE
</td>
@@ -581,7 +624,8 @@ flag is deprecated. Instead, operators should configure weights dynamically
using the <code>/weights</code> HTTP endpoint.
</td>
</tr>
-<tr>
+
+<tr id="whitelist">
<td>
--whitelist=VALUE
</td>
@@ -593,6 +637,7 @@ machines are accepted. Path can be of the form
<code>file:///path/to/file</code> or <code>/path/to/file</code>.
</td>
</tr>
+
</table>
## Network Isolator Flags
@@ -610,7 +655,8 @@ machines are accepted. Path can be of the form
</th>
</tr>
</thead>
-<tr>
+
+<tr id="max_executors_per_agent">
<td>
--max_executors_per_agent=VALUE,
<p/>
@@ -623,4 +669,5 @@ acquisition on each executor (# ephemeral ports), as a result
one can only run a certain number of executors on each agent.
</td>
</tr>
+
</table>
[2/2] mesos git commit: Documented the `linux/devices` isolator.
Posted by jp...@apache.org.
Documented the `linux/devices` isolator.
Documented the `linux/devices` isolator in the Mesos containerizer
documentation, upgrade guide and CHANGELOG.
Review: https://reviews.apache.org/r/67331/
Project: http://git-wip-us.apache.org/repos/asf/mesos/repo
Commit: http://git-wip-us.apache.org/repos/asf/mesos/commit/0ffafd47
Tree: http://git-wip-us.apache.org/repos/asf/mesos/tree/0ffafd47
Diff: http://git-wip-us.apache.org/repos/asf/mesos/diff/0ffafd47
Branch: refs/heads/master
Commit: 0ffafd47f0598fea978030f75035db5517cd1638
Parents: c442dfb
Author: James Peach <jp...@apache.org>
Authored: Tue May 29 14:58:38 2018 -0700
Committer: James Peach <jp...@apache.org>
Committed: Tue May 29 14:58:38 2018 -0700
----------------------------------------------------------------------
CHANGELOG | 4 ++++
docs/isolators/linux-devices.md | 32 ++++++++++++++++++++++++++++++++
docs/mesos-containerizer.md | 1 +
docs/upgrades.md | 7 +++++++
4 files changed, 44 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/mesos/blob/0ffafd47/CHANGELOG
----------------------------------------------------------------------
diff --git a/CHANGELOG b/CHANGELOG
index e7c2904..52c7fc3 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -2,6 +2,10 @@ Release Notes - Mesos - Version 1.7.0 (WIP)
-------------------------------------------
This release contains the following new features:
+ * [MESOS-8792] - Added a new `linux/devices` isolator that automatically
+ populates containers with devices that have been whitelisted with the
+ `--allowed_devices` agent flag.
+
Additional API Changes:
* Container logger module interface has been changed. The `prepare()` method
now takes `ContainerID` and `ContainerConfig` instead.
http://git-wip-us.apache.org/repos/asf/mesos/blob/0ffafd47/docs/isolators/linux-devices.md
----------------------------------------------------------------------
diff --git a/docs/isolators/linux-devices.md b/docs/isolators/linux-devices.md
new file mode 100644
index 0000000..6472772
--- /dev/null
+++ b/docs/isolators/linux-devices.md
@@ -0,0 +1,32 @@
+---
+title: Apache Mesos - Linux Devices Isolator in Mesos Containerizer
+layout: documentation
+---
+
+# Linux Devices in Mesos Containerizer
+
+While the `cgroups/devices` isolator allows operators to control
+container access to host devices, the container might still need
+additional privileges to create a device node to actually use the
+device. The `linux/devices` isolator ensures that containers that
+are granted access to host devices are populated with the the correct
+set of device nodes. Access to host devices is granted by using the
+[`--allowed_devices`](../configuration/agent.md#allowed_devices) flag
+on the agent.
+
+To enable the `linux/devices` isolator, append `linux/devices` to the
+[`--isolation`](../configuration/agent.md#isolation) flag when starting
+the Mesos agent.
+
+## Security Considerations
+
+Device access is configured at container
+granularity. For example, this means that if the
+[`--allowed_devices`](../configuration/agent.md#allowed_devices) flag
+specifies read access for a device, then every process in the container
+will be able to read from the specified device.
+
+The `linux/devices` isolator does not require the
+[`--allowed_devices`](../configuration/agent.md#allowed_devices) entry
+to grant `mknod` access, since it creates device nodes from outside
+the container.
http://git-wip-us.apache.org/repos/asf/mesos/blob/0ffafd47/docs/mesos-containerizer.md
----------------------------------------------------------------------
diff --git a/docs/mesos-containerizer.md b/docs/mesos-containerizer.md
index 42a0977..d15e825 100644
--- a/docs/mesos-containerizer.md
+++ b/docs/mesos-containerizer.md
@@ -48,6 +48,7 @@ Mesos supports the following built-in isolators.
- filesystem/windows
- [gpu/nvidia](gpu-support.md)
- [linux/capabilities](isolators/linux-capabilities.md)
+- [linux/devices](isolators/linux-devices.md)
- [namespaces/ipc](isolators/namespaces-ipc.md)
- [namespaces/pid](isolators/namespaces-pid.md)
- [network/cni](cni.md)
http://git-wip-us.apache.org/repos/asf/mesos/blob/0ffafd47/docs/upgrades.md
----------------------------------------------------------------------
diff --git a/docs/upgrades.md b/docs/upgrades.md
index fb6b865..1a1705c 100644
--- a/docs/upgrades.md
+++ b/docs/upgrades.md
@@ -48,6 +48,7 @@ We categorize the changes as follows:
<td style="word-wrap: break-word; overflow-wrap: break-word;"><!--Mesos Core-->
<ul style="padding-left:10px;">
+ <li>A <a href="#1-7-x-linux-devices-isolator">Linux devices isolator</a></li>
</ul>
</td>
@@ -430,6 +431,12 @@ We categorize the changes as follows:
## Upgrading from 1.6.x to 1.7.x ##
+<a name="1-7-x-linux-devices-isolator"></a>
+
+* A new [`linux/devices`](isolators/linux-devices.md) isolator has been
+ added. This isolator automatically populates containers with devices
+ that have been whitelisted with the `--allowed_devices` agent flag.
+
<a name="1-7-x-container-logger"></a>
* `ContainerLogger` module interface has been changed. The `prepare()` method now takes `ContainerID` and `ContainerConfig` instead.