今天Apache 社区发布了 Apache Mesos 1.0.0， 这是 Apache Mesos 的一个里程碑事件。相较于前面的版本， 1.0.0首先是改进了与 docker 的集成方式，弃用了 docker daemon；其次，新版本大力推进解决了接口规范化问题，新的 HTTP API 使得开发者能够更容易的开发 Mesos 框架；最后， 为了更好的满足企业用户的多租户，安全，审计等需求，新版本提供了更细粒度的授权验证机制。详细更新列表请点击此处查看。
* Scheduler and Executor v1 HTTP APIs are now considered stable.
* [MESOS-4791] - **Experimental** support for v1 Master and Agent APIs. These
APIs let operators and services (monitoring, load balancers) send HTTP
requests to '/api/v1' endpoint on master or agent. See
`docs/operator-http-api.md` for details.
* [MESOS-4828] - **Experimental** support for a new `disk/xfs' isolator
has been added to isolate disk resources more efficiently. Please refer to
docs/mesos-containerizer.md for more details.
* [MESOS-4355] - **Experimental** support for Docker volume plugin. We added a
new isolator 'docker/volume' which allows users to use external volumes in
Mesos containerizer. Currently, the isolator interacts with the Docker
volume plugins using a tool called 'dvdcli'. By speaking the Docker volume
plugin API, most of the Docker volume plugins are supported.
* [MESOS-4641] - **Experimental** A new network isolator, the
`network/cni` isolator, has been introduced in the `MesosContainerizer`. The
`network/cni` isolator implements the Container Network Interface (CNI)
specification proposed by CoreOS. With CNI the `network/cni` isolator is
able to allocate a network namespace to Mesos containers and attach the
container to different types of IP networks by invoking network drivers
called CNI plugins.
* [MESOS-2948, MESOS-5403] - The authorizer interface has been refactored in
order to decouple the ACLs definition language from the interface.
It additionally includes the option of retrieving `ObjectApprover`. An
`ObjectApprover` can be used to synchronously check authorizations for a
given object and is hence useful when authorizing a large number of objects
and/or large objects (which need to be copied using request based
authorization). NOTE: This is a **breaking change** for authorizer modules.
* [MESOS-5405] - The `subject` and `object` fields in authorization::Request
have been changed from required to optional. If either of these fields is
not set, the request should only be authorized if any subject/object should
NOTE: This is a semantic change for authorizer modules.
* [MESOS-4931, MESOS-5709, MESOS-5704] - Authorization based HTTP endpoint
filtering enables operators to restrict what part of the cluster state a
user is authorized to see.
Consider for example the `/state` master endpoint: an operator can now
authorize users to only see a subset of the running frameworks, tasks, or
executors. The following endpoints support HTTP endpoint filtering:
'/state', '/state-summary', '/tasks', '/frameworks','/weights',
and '/roles'. Additonally the following v1 API calls support filtering:
'GET_ROLES','GET_WEIGHTS','GET_FRAMEWORKS', 'GET_STATE', and 'GET_TASKS'.
* [MESOS-4909] - Tasks can now specify a kill policy. They are best-effort,
because machine failures or forcible terminations may occur. Currently, the
only available kill policy is how long to wait between graceful and forcible
task kill. In the future, more policies may be available (e.g. hitting an
HTTP endpoint, running a command, etc). Note that it is the executor's
responsibility to enforce kill policies. For executor-less command-based
tasks, the kill is performed via sending a signal to the task process:
SIGTERM for the graceful kill and SIGKILL for the forcible kill. For docker
executor-less tasks the grace period is passed to 'docker stop --time'. This
feature supersedes the '--docker_stop_timeout', which is now deprecated.
* [MESOS-4908] - The task kill policy defined within 'TaskInfo' can now be
overridden when the scheduler kills the task. This can be used by schedulers
to forcefully kill a task which is already being killed, e.g. if something
went wrong during a graceful kill and a forcible kill is desired. Note that
it is the executor's responsibility to honor the 'Event.kill.kill_policy'
field and override the task's kill policy and kill policy from a previous
kill task request. To use this feature, schedulers and executors must
support HTTP API; use the '--http_command_executor' agent flag to ensure
the agent launches the HTTP API based command executor.
* [MESOS-4949] - The executor shutdown grace period can now be configured in
`ExecutorInfo`, which overrides the agent flag. When shutting down an
executor the agent will wait in a best-effort manner for the grace period
specified here before forcibly destroying the container. The executor must
not assume that it will always be allotted the full grace period, as the
agent may decide to allot a shorter period and failures / forcible
terminations may occur. Together with kill policies this gives frameworks
flexibility around how to clean up tasks and executors.
* [MESOS-3094] - **Experimental** support for launching mesos tasks on
Windows. Note that there are no isolation guarantees provided yet.
* [MESOS-4090] - The `mesos.native` python module has been split into two,
`mesos.executor` and `mesos.scheduler`. This change also removes
un-necessary 3rd party dependencies from `mesos.executor` and
`mesos.scheduler`. `mesos.native` still exists, combining both modules for
backwards compatibility with existing code.
* [MESOS-1478] - Phase I of the Slave to Agent rename is complete. To support
the rename, new duplicate flags (e.g., --agent_reregister_timeout), new
binaries (e.g., mesos-agent) and WebUI sandbox links have been added. All
the logging output has been updated to use the term 'agent' now. Flags,
binaries and scripts with 'slave' keyword have been deprecated (see
"Deprecations section below").
* [MESOS-4312] - **Experimental** support for building and running mesos on
IBM PowerPC platform.
* [MESOS-4189] - Weights for resource roles can now be configured dynamically
via the new '/weights' endpoint on the master.
* [MESOS-4424] - Support for using Nvidia GPUs as a resource in the
Mesos "unified" containerizer. This support includes running containers
with and without filesystem isolation (i.e. running both imageless
containers as well as containers using a docker image). Frameworks must
opt-in to receiving GPU resources via the GPU_RESOURCES framework
capability (see the scarce resource problem in MESOS-5377). We support
'nvidia-docker'-style docker containers by injecting a volume that
contains the Nvidia libraries / binaries when the docker image has
the 'com.nvidia.volumes.needed' label. Support for the docker
containerizer will come in a future release.
* [MESOS-5724] - SSL certificate validation allows for additional IP address
subject alternative name extension verification.
* [MESOS-2281] - Deprecated the plain text format for credentials in favor of
the JSON format.
* [MESOS-4910] - Deprecate the --docker_stop_timeout agent flag.
* [MESOS-5001] - The 'allocator/event_queue_dispatches' metric is now
deprecated in favor 'of allocator/mesos/event_queue_dispatches'.
* [MESOS-5029] - Deprecated the ExecutorInfo.source field in favor of
* [MESOS-3781] - Deprecated flags with keyword 'slave' in favor of 'agent'.
* [MESOS-3779] - Deprecated sandbox links with 'slave' keyword in the WebUI.
* [MESOS-3784] - Deprecated `slave` subcommand for mesos-cli.
* [MESOS-5155] - Deprecated `SetQuota` and `RemoveQuota` ACLs. This change is
applicable to the local authorizer as well as any custom authorizer module.
* [MESOS-5666] - Deprecated camel cased `taskInfo` and `executorInfo` in
* [MESOS-5863] - Deprecated `SSL_*` environment variables used by libprocess
SSL support in favor of using `LIBPROCESS_SSL_*`.
Additional API Changes:
* [MESOS-4580] - Returning `202` (Accepted) for /reserve and related endpoints.
* [MESOS-4735] - Added 'output_file' field to CommandInfo.URI in Scheduler API
and v1 Scheduler HTTP API.
* [MESOS-5014] - Changed Call and Event Type enums in scheduler.proto
from required to optional for the purpose of backwards compatibility.
* [MESOS-5015] - Changed Call and Event Type enums in executor.proto
from required to optional for the purpose of backwards compatibility.
* [MESOS-5029] - Added 'labels' to ExecutorInfo.
* [MESOS-5030] - Added non-terminal task metadata to the container resource
* [MESOS-5408] - Deleted the /observe HTTP endpoint.
* [MESOS-4843, MESOS-5150, MESOS-5286, MESOS-5335, MESOS-5336] - Authorization
has been added to the '/metrics/snapshot', '/logging/toggle', '/quota',
'/files/browse', '/files/download', '/files/read', '/flags', and
'/containers' endpoints. If a Mesos cluster has authorization enabled, these
endpoints now require that ACLs be set to authorize principals to access
them. Note that the '/metrics/snapshot' and '/files/*' endpoints are used by
the web UI, and thus using the web UI in a cluster with authorization
enabled will require that ACLs be set appropriately.
* [MESOS-5064] - Remove default value for the agent `work_dir`. This flag is
now required, and the agent will exit immediately if it is not provided.
* [MESOS-5637] - Authorized endpoints consistently return `503` (Service
Unavailable) instead of `500` (Internal Server Error) when the authenticator
or the authorizer fails to process the request.
* [MESOS-5657] - Executors should not inherit environment variables from the
* [MESOS-5680] - We should not 'chown -R' on persistent volumes every time
container tries to use it.
* [MESOS-5642] - Namespace and header file of `Allocator` has been moved to
be consistent with other packages.
* [MESOS-5851] - The flag `--authenticate_http` has been deprecated in favor
of `--authenticate_http_readwrite`. This new flag enables authentication for
all HTTP endpoints which support authentication and allow modification of
the state of the cluster. A new flag has also been added,
`--authenticate_http_readonly`, which enables authentication for those
authenticatable endpoints that cannot be used to modify the cluster state.
* [MESOS-5833] - Disable the experimental `registry_strict` master flag.
3rd Party Upgrades:
* [MESOS-4805] - Upgraded vendored ry-http-parser-1c3624a to nodejs/http-parser 2.6.1.
* [MESOS-4678] - Upgraded vendored protobuf 2.5.0 to 2.6.1.
* [MESOS-4803] - Upgraded vendored libev 4.15 to 4.22.
* [MESOS-4612] - Upgraded vendored ZooKeeper 3.4.5 to 3.4.8.
Binary API Changes:
* [MESOS-5055] - Slave/Agent Rename Phase I - Update strings in the log message
and standard output.
* [MESOS-3782] - Slave/Agent Rename Phase I - Duplicate/Rename binaries.
* [MESOS-5057] - Slave/Agent Rename Phase I - Update strings in error messages and
* [MESOS-5230] - Slave/Agent Rename Phase I: Rename '/include/mesos/slave' folder