You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@mesos.apache.org by ji...@apache.org on 2017/07/06 03:05:01 UTC
[1/3] mesos git commit: Add upgrade notes for Linux capabilities
changes.
Repository: mesos
Updated Branches:
refs/heads/master 01fd1355c -> bff703639
Add upgrade notes for Linux capabilities changes.
Review: https://reviews.apache.org/r/60583/
Project: http://git-wip-us.apache.org/repos/asf/mesos/repo
Commit: http://git-wip-us.apache.org/repos/asf/mesos/commit/baf8b4df
Tree: http://git-wip-us.apache.org/repos/asf/mesos/tree/baf8b4df
Diff: http://git-wip-us.apache.org/repos/asf/mesos/diff/baf8b4df
Branch: refs/heads/master
Commit: baf8b4df38e10976737cf53fbf9c9895bb9b9add
Parents: 01fd135
Author: James Peach <jp...@apache.org>
Authored: Wed Jul 5 20:04:51 2017 -0700
Committer: Jie Yu <yu...@gmail.com>
Committed: Wed Jul 5 20:04:51 2017 -0700
----------------------------------------------------------------------
docs/upgrades.md | 58 +++++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 58 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/mesos/blob/baf8b4df/docs/upgrades.md
----------------------------------------------------------------------
diff --git a/docs/upgrades.md b/docs/upgrades.md
index 60d5525..4c4563a 100644
--- a/docs/upgrades.md
+++ b/docs/upgrades.md
@@ -43,6 +43,44 @@ We categorize the changes as follows:
</thead>
<tr>
<td style="word-wrap: break-word; overflow-wrap: break-word;"><!--Version-->
+ 1.4.x
+ </td>
+
+ <td style="word-wrap: break-word; overflow-wrap: break-word;"><!--Mesos Core-->
+ <ul style="padding-left:10px;">
+ <li>A <a href="#1-4-x-ambient-capabilities">Container capabilities are made ambient if supported</a></li>
+ <li>A <a href="#1-4-x-bounding-capabilities">Support for explicit bounding capabilities</a></li>
+ </ul>
+ </td>
+
+ <td style="word-wrap: break-word; overflow-wrap: break-word;"><!--Flags-->
+ <ul style="padding-left:10px;">
+ <li>A <a href="#1-4-x-agent-capabilities-flags">effective_capabilities</a></li>
+ <li>A <a href="#1-4-x-agent-capabilities-flags">bounding-capabilities</a></li>
+ <li>D <a href="#1-4-x-agent-capabilities-flags">allowed-capabilities</a></li>
+ </ul>
+ </td>
+
+ <td style="word-wrap: break-word; overflow-wrap: break-word;"><!--Framework API-->
+ <ul style="padding-left:10px;">
+ <li>A <a href="#1-4-x-bounding-capabilities">Support for explicit setting bounding capabilities</a></li>
+ <li>D <a href="#1-4-x-linuxinfo-capabilities">LinuxInfo.effective_capabilities deprecates LinuxInfo.capabilities</a></li>
+ </ul>
+ </td>
+
+ <td style="word-wrap: break-word; overflow-wrap: break-word;"><!--Module API-->
+ <ul style="padding-left:10px;">
+ </ul>
+ </td>
+
+ <td style="word-wrap: break-word; overflow-wrap: break-word;"><!--Endpoints-->
+ <ul style="padding-left:10px;">
+ </ul>
+ </td>
+
+</tr>
+<tr>
+ <td style="word-wrap: break-word; overflow-wrap: break-word;"><!--Version-->
1.3.x
</td>
<td style="word-wrap: break-word; overflow-wrap: break-word;"><!--Mesos Core-->
@@ -275,6 +313,26 @@ We categorize the changes as follows:
</tr>
</table>
+## Upgrading from 1.3.x to 1.4.x ##
+
+<a name="1-4-x-ambient-capabilities"></a>
+
+* If the `mesos-agent` kernel supports ambient capabilities (Linux 4.3 or later), the capabilities specified in the `LinuxInfo.effective_capabilities` message will be made ambient in the container task.
+
+<a name="1-4-x-bounding-capabilities"></a>
+
+* Explicitly setting the bounding capabilities of a task independently of the effective capabilities is now supported. Frameworks can specifiy the task bounding capabilities by using the `LinuxInfo.bounding_capabilities` message. Operators can specify the default bounding capabilities using the agent `--bounding_capabilities` flag. This flag also specifies the maximum bounding set that a framework is allowed to specify.
+
+<a name="1-4-x-linuxinfo-capabilities"></a>
+
+* The `LinuxInfo.capabilities` field has been deprecated in favor of `LinuxInfo.effective_capabilities`.
+
+<a name="1-4-x-agent-capabilities-flags"></a>
+
+* The agent `--effective_capabilities` flag has been added to specify the default effective capability set for tasks.
+* The agent `--bounding_capabilities` flag has been added to specify the default bounding capability set for tasks.
+* The agent `--allowed-capabilities` flag has been deprecated in favor of `--effective_capabilities`.
+
## Upgrading from 1.2.x to 1.3.x ##
<a name="1-3-x-disallow-old-agents"></a>
[3/3] mesos git commit: Add Linux capabilities changes to the
CHANGELOG.
Posted by ji...@apache.org.
Add Linux capabilities changes to the CHANGELOG.
Review: https://reviews.apache.org/r/60585/
Project: http://git-wip-us.apache.org/repos/asf/mesos/repo
Commit: http://git-wip-us.apache.org/repos/asf/mesos/commit/bff70363
Tree: http://git-wip-us.apache.org/repos/asf/mesos/tree/bff70363
Diff: http://git-wip-us.apache.org/repos/asf/mesos/diff/bff70363
Branch: refs/heads/master
Commit: bff7036393c1a75bebd9a38800ad7fec1353ceed
Parents: ee6ba67
Author: James Peach <jp...@apache.org>
Authored: Wed Jul 5 20:04:58 2017 -0700
Committer: Jie Yu <yu...@gmail.com>
Committed: Wed Jul 5 20:04:58 2017 -0700
----------------------------------------------------------------------
CHANGELOG | 22 ++++++++++++++++++++++
1 file changed, 22 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/mesos/blob/bff70363/CHANGELOG
----------------------------------------------------------------------
diff --git a/CHANGELOG b/CHANGELOG
index 23f12a8..abfded9 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,3 +1,25 @@
+Release Notes - Mesos - Version 1.4.0 (WIP)
+-------------------------------------------
+This release contains the following new features:
+
+
+ * [MESOS-7477] - Linux ambient capabilites are now supported, so
+ frameworks can run tasks that use ambient capabilites to grant
+ limited additional privileged to tasks.
+
+ * [MESOS-7476, MESOS-7671] - Support for frameworks and operators
+ specifying Linux bounding capabilities in order to limit the
+ maximum privileges that a task may acquire.
+
+Deprecations/Removals:
+
+ * [MESOS-7671] - LinuxInfo.capabilities is deprecated in favor
+ of LinuxInfo.effective_capabilities.
+
+ * [MESOS-7477] - The agent `--allowed_capabilities` flag is
+ deprecated in favor of `--effective_capabilities`
+
+
Release Notes - Mesos - Version 1.3.1 (WIP)
-------------------------------------------
* This is a bug fix release.
[2/3] mesos git commit: Fix bullet-point formatting.
Posted by ji...@apache.org.
Fix bullet-point formatting.
Markdown bullet-points need a blank like after the link target so
they render as bullets rather than asterisks.
Review: https://reviews.apache.org/r/60584/
Project: http://git-wip-us.apache.org/repos/asf/mesos/repo
Commit: http://git-wip-us.apache.org/repos/asf/mesos/commit/ee6ba674
Tree: http://git-wip-us.apache.org/repos/asf/mesos/tree/ee6ba674
Diff: http://git-wip-us.apache.org/repos/asf/mesos/diff/ee6ba674
Branch: refs/heads/master
Commit: ee6ba6749376ada63a0252a1f0ec758709b4925e
Parents: baf8b4d
Author: James Peach <jp...@apache.org>
Authored: Wed Jul 5 20:04:54 2017 -0700
Committer: Jie Yu <yu...@gmail.com>
Committed: Wed Jul 5 20:04:54 2017 -0700
----------------------------------------------------------------------
docs/upgrades.md | 21 +++++++++++++++++++++
1 file changed, 21 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/mesos/blob/ee6ba674/docs/upgrades.md
----------------------------------------------------------------------
diff --git a/docs/upgrades.md b/docs/upgrades.md
index 4c4563a..5511880 100644
--- a/docs/upgrades.md
+++ b/docs/upgrades.md
@@ -336,24 +336,31 @@ We categorize the changes as follows:
## Upgrading from 1.2.x to 1.3.x ##
<a name="1-3-x-disallow-old-agents"></a>
+
* The master will no longer allow 0.x agents to register. Interoperability between 1.1+ masters and 0.x agents has never been supported; however, it was not explicitly disallowed, either. Starting with this release of Mesos, registration attempts by 0.x agents will be ignored.
<a name="1-3-x-setquota-removequota-acl"></a>
+
* Support for deprecated ACLs `set_quotas` and `remove_quotas` has been removed from the local authorizer. Before upgrading the Mesos binaries, consolidate the ACLs used under `set_quotas` and `remove_quotes` under their replacement ACL `update_quotas`. After consolidation of the ACLs, the binaries could be safely replaced.
<a name="1-3-x-shutdown-framework-acl"></a>
+
* Support for deprecated ACL `shutdown_frameworks` has been removed from the local authorizer. Before upgrading the Mesos binaries, replace all instances of the ACL `shutdown_frameworks` with the newer ACL `teardown_frameworks`. After updating the ACLs, the binaries can be safely replaced.
<a name="1-3-x-framework-info-role"></a>
+
* Support for multi-role frameworks deprecates the `FrameworkInfo.role` field in favor of `FrameworkInfo.roles` and the `MULTI_ROLE` capability. Frameworks using the new field can continue to use a single role.
<a name="1-3-x-endpoints-roles"></a>
+
* Support for multi-role frameworks means that the framework `role` field in the master and agent endpoints is deprecated in favor of `roles`. Any tooling parsing endpoint information and relying on the role field needs to be updated before multi-role frameworks can be safely run in the cluster.
<a name="1-3-x-allocator-interface-change"></a>
+
* Implementors of allocator modules have to provide new implementation functionality to satisfy the `MULTI_ROLE` framework capability. Also, the interface has changed.
<a name="1-3-x-executor-authentication"></a>
+
* New Agent flags `authenticate_http_executors` and `executor_secret_key`: Used to enable required HTTP executor authentication and set the key file used for generation and authentication of HTTP executor tokens. Note that enabling these flags after upgrade is disruptive to HTTP executors that were launched before the upgrade. For more information on the recommended upgrade procedure when enabling these flags, see the [authentication documentation](authentication.md).
In order to upgrade a running cluster:
@@ -368,45 +375,59 @@ In order to upgrade a running cluster:
## Upgrading from 1.1.x to 1.2.x ##
<a name="1-2-1-disallow-old-agents"></a>
+
* In Mesos 1.2.1, the master will no longer allow 0.x agents to register. Interoperability between 1.1+ masters and 0.x agents has never been supported; however, it was not explicitly disallowed, either. Starting with Mesos 1.2.1, registration attempts by 0.x agents will be ignored. **NOTE:** This applies only when upgrading to Mesos 1.2.1. Mesos 1.2.0 does not implement this behavior.
<a name="1-2-x-heartbeat-flag"></a>
+
* New Agent flag http_heartbeat_interval: This flag sets a heartbeat interval for messages to be sent over persistent connections made against the agent HTTP API. Currently, this only applies to the LAUNCH_NESTED_CONTAINER_SESSION and ATTACH_CONTAINER_OUTPUT calls. (default: 30secs)
<a name="1-2-x-backend-flag"></a>
+
* New Agent flag image_provisioner_backend: Strategy for provisioning container rootfs from images, e.g., aufs, bind, copy, overlay.
<a name="1-2-x-unreachable-flag"></a>
+
* New Master flag max_unreachable_tasks_per_framework: Maximum number of unreachable tasks per framework to store in memory. (default: 1000)
<a name="1-2-x-revive-suppress"></a>
+
* New Revive and Suppress v1 scheduler Calls: Revive or Suppress offers for a specified role. If role is unset, the call will revive/suppress offers for all of the roles the framework is subscribed to. (Especially for multi-role frameworks.)
<a name="1-2-x-container-logger-interface"></a>
+
* Mesos 1.2 modifies the `ContainerLogger`'s `prepare()` method. The method now takes an additional argument for the `user` the logger should run a subprocess as. Please see [MESOS-5856](https://issues.apache.org/jira/browse/MESOS-5856) for more information.
<a name="1-2-x-allocator-module-changes"></a>
+
* Allocator module changes to support inactive frameworks, multi-role frameworks, and suppress/revive. See `allocator.hpp` for interface changes.
<a name="1-2-x-new-authz-actions"></a>
+
* New Authorizer module actions: LAUNCH_NESTED_CONTAINER, KILL_NESTED_CONTAINER, WAIT_NESTED_CONTAINER, LAUNCH_NESTED_CONTAINER_SESSION, ATTACH_CONTAINER_INPUT, ATTACH_CONTAINER_OUTPUT, VIEW_CONTAINER, and SET_LOG_LEVEL. See `authorizer.proto` for module interface changes, and `acls.proto` for corresponding LocalAuthorizer ACL changes.
<a name="1-2-x-renamed-authz-actions"></a>
+
* Renamed Authorizer module actions (and deprecated old aliases): REGISTER_FRAMEWORK, TEARDOWN_FRAMEWORK, RESERVE_RESOURCES, UNRESERVE_RESOURCES, CREATE_VOLUME, DESTROY_VOLUME, UPDATE_WEIGHT, GET_QUOTA. See `authorizer.proto` for interface changes.
<a name="1-2-x-removed-hooks"></a>
+
* Removed slavePreLaunchDockerEnvironmentDecorator and slavePreLaunchDockerHook in favor of slavePreLaunchDockerTaskExecutorDecorator.
<a name="1-2-x-debug-endpoints"></a>
+
* New Agent v1 operator API calls: LAUNCH_NESTED_CONTAINER_SESSION, ATTACH_CONTAINER_INPUT, ATTACH_CONTAINER_OUTPUT for debugging into running containers (Mesos containerizer only).
<a name="1-2-x-recovered-frameworks"></a>
+
* Deprecated `recovered_frameworks` in v1 GetFrameworks call. Now it will be empty.
<a name="1-2-x-orphan-executors"></a>
+
* Deprecated `orphan_executors` in v1 GetExecutors call. Now it will be empty.
<a name="1-2-x-orphan-tasks"></a>
+
* Deprecated `orphan_tasks` in v1 GetTasks call. Now it will be empty.
In order to upgrade a running cluster: