| <!DOCTYPE html> |
| <html lang="en"> |
| <head> |
| <meta charset="utf-8"> |
| <meta name="viewport" content="width=device-width, initial-scale=1"> |
| <title>Apache Aurora</title> |
| <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.1/css/bootstrap.min.css"> |
| <link href="/assets/css/main.css" rel="stylesheet"> |
| <!-- Analytics --> |
| <script type="text/javascript"> |
| var _gaq = _gaq || []; |
| _gaq.push(['_setAccount', 'UA-45879646-1']); |
| _gaq.push(['_setDomainName', 'apache.org']); |
| _gaq.push(['_trackPageview']); |
| |
| (function() { |
| var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true; |
| ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js'; |
| var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s); |
| })(); |
| </script> |
| </head> |
| <body> |
| <div class="container-fluid section-header"> |
| <div class="container"> |
| <div class="nav nav-bar"> |
| <a href="/"><img src="/assets/img/aurora_logo_dkbkg.svg" width="300" alt="Transparent Apache Aurora logo with dark background"/></a> |
| <ul class="nav navbar-nav navbar-right"> |
| <li><a href="/documentation/latest/">Documentation</a></li> |
| <li><a href="/community/">Community</a></li> |
| <li><a href="/downloads/">Downloads</a></li> |
| <li><a href="/blog/">Blog</a></li> |
| </ul> |
| </div> |
| </div> |
| </div> |
| |
| <div class="container-fluid"> |
| <div class="container content"> |
| <div class="col-md-12 documentation"> |
| <h5 class="page-header text-uppercase">Documentation |
| <select onChange="window.location.href='/documentation/' + this.value + '/features/mesos-fetcher/'" |
| value="0.22.0"> |
| <option value="0.22.0" |
| selected="selected"> |
| 0.22.0 |
| (latest) |
| </option> |
| <option value="0.21.0" |
| > |
| 0.21.0 |
| </option> |
| <option value="0.20.0" |
| > |
| 0.20.0 |
| </option> |
| <option value="0.19.1" |
| > |
| 0.19.1 |
| </option> |
| <option value="0.19.0" |
| > |
| 0.19.0 |
| </option> |
| <option value="0.18.1" |
| > |
| 0.18.1 |
| </option> |
| <option value="0.18.0" |
| > |
| 0.18.0 |
| </option> |
| <option value="0.17.0" |
| > |
| 0.17.0 |
| </option> |
| <option value="0.16.0" |
| > |
| 0.16.0 |
| </option> |
| <option value="0.15.0" |
| > |
| 0.15.0 |
| </option> |
| <option value="0.14.0" |
| > |
| 0.14.0 |
| </option> |
| <option value="0.13.0" |
| > |
| 0.13.0 |
| </option> |
| <option value="0.12.0" |
| > |
| 0.12.0 |
| </option> |
| <option value="0.11.0" |
| > |
| 0.11.0 |
| </option> |
| <option value="0.10.0" |
| > |
| 0.10.0 |
| </option> |
| <option value="0.9.0" |
| > |
| 0.9.0 |
| </option> |
| <option value="0.8.0" |
| > |
| 0.8.0 |
| </option> |
| <option value="0.7.0-incubating" |
| > |
| 0.7.0-incubating |
| </option> |
| <option value="0.6.0-incubating" |
| > |
| 0.6.0-incubating |
| </option> |
| <option value="0.5.0-incubating" |
| > |
| 0.5.0-incubating |
| </option> |
| </select> |
| </h5> |
| <h1 id="mesos-fetcher">Mesos Fetcher</h1> |
| |
| <p>Mesos has support for downloading resources into the sandbox through the |
| use of the <a href="http://mesos.apache.org/documentation/latest/fetcher/">Mesos Fetcher</a></p> |
| |
| <p>Aurora supports passing URIs to the Mesos Fetcher dynamically by including |
| a list of URIs in job submissions.</p> |
| |
| <h2 id="how-to-use">How to use</h2> |
| |
| <p>The scheduler flag <code>-enable_mesos_fetcher</code> must be set to true.</p> |
| |
| <p>Currently only the scheduler side of this feature has been implemented |
| so a modification to the existing client, or a custom Thrift client are required |
| to make use of this feature.</p> |
| |
| <p>If using a custom Thrift client, the list of URIs must be included in TaskConfig |
| as the <code>mesosFetcherUris</code> field.</p> |
| |
| <p>Each Mesos Fetcher URI has the following data members:</p> |
| |
| <table><thead> |
| <tr> |
| <th>Property</th> |
| <th>Description</th> |
| </tr> |
| </thead><tbody> |
| <tr> |
| <td>value (required)</td> |
| <td>Path to the resource needed in the sandbox.</td> |
| </tr> |
| <tr> |
| <td>extract (optional)</td> |
| <td>Extract files from packed or compressed archives into the sandbox.</td> |
| </tr> |
| <tr> |
| <td>cache (optional)</td> |
| <td>Use caching mechanism provided by Mesos for resources.</td> |
| </tr> |
| </tbody></table> |
| |
| <p>Note that this structure is very similar to the one provided for downloading |
| resources needed for a <a href="../../operations/configuration/">custom executor</a>.</p> |
| |
| <p>This is because both features use the Mesos fetcher to retrieve resources into |
| the sandbox. However, one, the custom executor feature, has a static set of URIs |
| set in the server side, and the other, the Mesos Fetcher feature, is a dynamic set |
| of URIs set at the time of job submission.</p> |
| |
| <h2 id="security-implications">Security Implications</h2> |
| |
| <p>There are security implications that must be taken into account when enabling this feature. |
| <strong>Enabling this feature may potentially enable any job submitting user to perform a privilege escalation.</strong></p> |
| |
| <p>Until a more through solution is created, one step that has been taken to mitigate this issue |
| is to statically mark every user submitted URI as non-executable. This is in contrast to the set of URIs |
| set in the custom executor feature which may mark any URI as executable.</p> |
| |
| <p>If the need arises to mark a downloaded URI as executable, please consider using the custom executor feature.</p> |
| |
| </div> |
| |
| </div> |
| </div> |
| <div class="container-fluid section-footer buffer"> |
| <div class="container"> |
| <div class="row"> |
| <div class="col-md-2 col-md-offset-1"><h3>Quick Links</h3> |
| <ul> |
| <li><a href="/downloads/">Downloads</a></li> |
| <li><a href="/community/">Mailing Lists</a></li> |
| <li><a href="http://issues.apache.org/jira/browse/AURORA">Issue Tracking</a></li> |
| <li><a href="/documentation/latest/contributing/">How To Contribute</a></li> |
| </ul> |
| </div> |
| <div class="col-md-2"><h3>The ASF</h3> |
| <ul> |
| <li><a href="http://www.apache.org/licenses/">License</a></li> |
| <li><a href="http://www.apache.org/foundation/sponsorship.html">Sponsorship</a></li> |
| <li><a href="http://www.apache.org/foundation/thanks.html">Thanks</a></li> |
| <li><a href="http://www.apache.org/security/">Security</a></li> |
| </ul> |
| </div> |
| <div class="col-md-6"> |
| <p class="disclaimer">© 2014-2017 <a href="http://www.apache.org/">Apache Software Foundation</a>. Licensed under the <a href="http://www.apache.org/licenses/">Apache License v2.0</a>. The <a href="https://www.flickr.com/photos/trondk/12706051375/">Aurora Borealis IX photo</a> displayed on the homepage is available under a <a href="https://creativecommons.org/licenses/by-nc-nd/2.0/">Creative Commons BY-NC-ND 2.0 license</a>. Apache, Apache Aurora, and the Apache feather logo are trademarks of The Apache Software Foundation.</p> |
| </div> |
| </div> |
| </div> |
| |
| </body> |
| </html> |