Apache Mesos 1.0.0 发布,集群管理器

发布于 2016年07月28日
收藏 28

今天Apache 社区发布了 Apache Mesos 1.0.0, 这是 Apache Mesos 的一个里程碑事件。相较于前面的版本, 1.0.0首先是改进了与 docker 的集成方式,弃用了 docker daemon;其次,新版本大力推进解决了接口规范化问题,新的 HTTP API 使得开发者能够更容易的开发 Mesos 框架;最后, 为了更好的满足企业用户的多租户,安全,审计等需求,新版本提供了更细粒度的授权验证机制。详细更新列表请点击此处查看。


  * Scheduler and Executor v1 HTTP APIs are now considered stable.

  * [MESOS-4791] - **Experimental** support for v1 Master and Agent APIs. These

    APIs let operators and services (monitoring, load balancers) send HTTP

    requests to '/api/v1' endpoint on master or agent. See

    `docs/operator-http-api.md` for details.

  * [MESOS-4828] - **Experimental** support for a new `disk/xfs' isolator

    has been added to isolate disk resources more efficiently. Please refer to

    docs/mesos-containerizer.md for more details.

  * [MESOS-4355] - **Experimental** support for Docker volume plugin. We added a

    new isolator 'docker/volume' which allows users to use external volumes in

    Mesos containerizer. Currently, the isolator interacts with the Docker

    volume plugins using a tool called 'dvdcli'. By speaking the Docker volume

    plugin API, most of the Docker volume plugins are supported.

  * [MESOS-4641] - **Experimental** A new network isolator, the

    `network/cni` isolator, has been introduced in the `MesosContainerizer`. The

    `network/cni` isolator implements the Container Network Interface (CNI)

    specification proposed by CoreOS.  With CNI the `network/cni` isolator is

    able to allocate a network namespace to Mesos containers and attach the

    container to different types of IP networks by invoking network drivers

    called CNI plugins.

  * [MESOS-2948, MESOS-5403] - The authorizer interface has been refactored in

    order to decouple the ACLs definition language from the interface.

    It additionally includes the option of retrieving `ObjectApprover`. An

    `ObjectApprover` can be used to synchronously check authorizations for a

    given object and is hence useful when authorizing a large number of objects

    and/or large objects (which need to be copied using request based

    authorization). NOTE: This is a **breaking change** for authorizer modules.

  * [MESOS-5405] - The `subject` and `object` fields in authorization::Request

    have been changed from required to optional. If either of these fields is

    not set, the request should only be authorized if any subject/object should

    be allowed.

    NOTE: This is a semantic change for authorizer modules.

  * [MESOS-4931, MESOS-5709, MESOS-5704] - Authorization based HTTP endpoint

    filtering enables operators to restrict what part of the cluster state a

    user is authorized to see.

    Consider for example the `/state` master endpoint: an operator can now

    authorize users to only see a subset of the running frameworks, tasks, or

    executors. The following endpoints support HTTP endpoint filtering:

    '/state', '/state-summary', '/tasks', '/frameworks','/weights',

    and '/roles'. Additonally the following v1 API calls support filtering:


  * [MESOS-4909] - Tasks can now specify a kill policy. They are best-effort,

    because machine failures or forcible terminations may occur. Currently, the

    only available kill policy is how long to wait between graceful and forcible

    task kill. In the future, more policies may be available (e.g. hitting an

    HTTP endpoint, running a command, etc). Note that it is the executor's

    responsibility to enforce kill policies. For executor-less command-based

    tasks, the kill is performed via sending a signal to the task process:

    SIGTERM for the graceful kill and SIGKILL for the forcible kill. For docker

    executor-less tasks the grace period is passed to 'docker stop --time'. This

    feature supersedes the '--docker_stop_timeout', which is now deprecated.

  * [MESOS-4908] - The task kill policy defined within 'TaskInfo' can now be

    overridden when the scheduler kills the task. This can be used by schedulers

    to forcefully kill a task which is already being killed, e.g. if something

    went wrong during a graceful kill and a forcible kill is desired. Note that

    it is the executor's responsibility to honor the 'Event.kill.kill_policy'

    field and override the task's kill policy and kill policy from a previous

    kill task request. To use this feature, schedulers and executors must

    support HTTP API; use the '--http_command_executor' agent flag to ensure

    the agent launches the HTTP API based command executor.

  * [MESOS-4949] - The executor shutdown grace period can now be configured in

    `ExecutorInfo`, which overrides the agent flag. When shutting down an

    executor the agent will wait in a best-effort manner for the grace period

    specified here before forcibly destroying the container. The executor must

    not assume that it will always be allotted the full grace period, as the

    agent may decide to allot a shorter period and failures / forcible

    terminations may occur. Together with kill policies this gives frameworks

    flexibility around how to clean up tasks and executors.

  * [MESOS-3094] - **Experimental** support for launching mesos tasks on

    Windows. Note that there are no isolation guarantees provided yet.

  * [MESOS-4090] - The `mesos.native` python module has been split into two,

    `mesos.executor` and `mesos.scheduler`. This change also removes

    un-necessary 3rd party dependencies from `mesos.executor` and

    `mesos.scheduler`. `mesos.native` still exists, combining both modules for

    backwards compatibility with existing code.

  * [MESOS-1478] - Phase I of the Slave to Agent rename is complete. To support

    the rename, new duplicate flags (e.g., --agent_reregister_timeout), new

    binaries (e.g., mesos-agent) and WebUI sandbox links have been added. All

    the logging output has been updated to use the term 'agent' now. Flags,

    binaries and scripts with 'slave' keyword have been deprecated (see

    "Deprecations section below").

  * [MESOS-4312] - **Experimental** support for building and running mesos on

    IBM PowerPC platform.

  * [MESOS-4189] - Weights for resource roles can now be configured dynamically

    via the new '/weights' endpoint on the master.

  * [MESOS-4424] - Support for using Nvidia GPUs as a resource in the

    Mesos "unified" containerizer. This support includes running containers

    with and without filesystem isolation (i.e. running both imageless

    containers as well as containers using a docker image). Frameworks must

    opt-in to receiving GPU resources via the GPU_RESOURCES framework

    capability (see the scarce resource problem in MESOS-5377). We support

    'nvidia-docker'-style docker containers by injecting a volume that

    contains the Nvidia libraries / binaries when the docker image has

    the 'com.nvidia.volumes.needed' label. Support for the docker

    containerizer will come in a future release.

  * [MESOS-5724] - SSL certificate validation allows for additional IP address

    subject alternative name extension verification.


  * [MESOS-2281] - Deprecated the plain text format for credentials in favor of

    the JSON format.

  * [MESOS-4910] - Deprecate the --docker_stop_timeout agent flag.

  * [MESOS-5001] - The 'allocator/event_queue_dispatches' metric is now

    deprecated in favor 'of allocator/mesos/event_queue_dispatches'.

  * [MESOS-5029] - Deprecated the ExecutorInfo.source field in favor of


  * [MESOS-3781] - Deprecated flags with keyword 'slave' in favor of 'agent'.

  * [MESOS-3779] - Deprecated sandbox links with 'slave' keyword in the WebUI.

  * [MESOS-3784] - Deprecated `slave` subcommand for mesos-cli.

  * [MESOS-5155] - Deprecated `SetQuota` and `RemoveQuota` ACLs. This change is

    applicable to the local authorizer as well as any custom authorizer module.

  * [MESOS-5666] - Deprecated camel cased `taskInfo` and `executorInfo` in

    isolator `ContainerConfig`.

  * [MESOS-5863] - Deprecated `SSL_*` environment variables used by libprocess

    SSL support in favor of using `LIBPROCESS_SSL_*`.

Additional API Changes:

  * [MESOS-4580] - Returning `202` (Accepted) for /reserve and related endpoints.

  * [MESOS-4735] - Added 'output_file' field to CommandInfo.URI in Scheduler API

    and v1 Scheduler HTTP API.

  * [MESOS-5014] - Changed Call and Event Type enums in scheduler.proto

    from required to optional for the purpose of backwards compatibility.

  * [MESOS-5015] - Changed Call and Event Type enums in executor.proto

    from required to optional for the purpose of backwards compatibility.

  * [MESOS-5029] - Added 'labels' to ExecutorInfo.

  * [MESOS-5030] - Added non-terminal task metadata to the container resource

    usage information.

  * [MESOS-5408] - Deleted the /observe HTTP endpoint.

  * [MESOS-4843, MESOS-5150, MESOS-5286, MESOS-5335, MESOS-5336] - Authorization

    has been added to the '/metrics/snapshot', '/logging/toggle', '/quota',

    '/files/browse', '/files/download', '/files/read', '/flags', and

    '/containers' endpoints. If a Mesos cluster has authorization enabled, these

    endpoints now require that ACLs be set to authorize principals to access

    them. Note that the '/metrics/snapshot' and '/files/*' endpoints are used by

    the web UI, and thus using the web UI in a cluster with authorization

    enabled will require that ACLs be set appropriately.

  * [MESOS-5064] - Remove default value for the agent `work_dir`. This flag is

    now required, and the agent will exit immediately if it is not provided.

  * [MESOS-5637] - Authorized endpoints consistently return `503` (Service

    Unavailable) instead of `500` (Internal Server Error) when the authenticator

    or the authorizer fails to process the request.

  * [MESOS-5657] - Executors should not inherit environment variables from the


  * [MESOS-5680] - We should not 'chown -R' on persistent volumes every time

    container tries to use it.

  * [MESOS-5642] - Namespace and header file of `Allocator` has been moved to

    be consistent with other packages.

  * [MESOS-5851] - The flag `--authenticate_http` has been deprecated in favor

    of `--authenticate_http_readwrite`. This new flag enables authentication for

    all HTTP endpoints which support authentication and allow modification of

    the state of the cluster. A new flag has also been added,

    `--authenticate_http_readonly`, which enables authentication for those

    authenticatable endpoints that cannot be used to modify the cluster state.

  * [MESOS-5833] - Disable the experimental `registry_strict` master flag.

3rd Party Upgrades:

  * [MESOS-4805] - Upgraded vendored ry-http-parser-1c3624a to nodejs/http-parser 2.6.1.

  * [MESOS-4678] - Upgraded vendored protobuf 2.5.0 to 2.6.1.

  * [MESOS-4803] - Upgraded vendored libev 4.15 to 4.22.

  * [MESOS-4612] - Upgraded vendored ZooKeeper 3.4.5 to 3.4.8.

Binary API Changes:

  * [MESOS-5055] - Slave/Agent Rename Phase I - Update strings in the log message

    and standard output.

  * [MESOS-3782] - Slave/Agent Rename Phase I - Duplicate/Rename binaries.

  * [MESOS-5057] - Slave/Agent Rename Phase I - Update strings in error messages and

    other strings.

  * [MESOS-5230] - Slave/Agent Rename Phase I: Rename '/include/mesos/slave' folder

转载请注明:文章转载自 开源中国社区 [http://www.oschina.net]
本文标题:Apache Mesos 1.0.0 发布,集群管理器