content/documentation/latest/features/mesos-fetcher/index.html - aurora-website - Git at Google

 <!DOCTYPE html>
 <html lang="en">
   <head>
     <meta charset="utf-8">
     <meta name="viewport" content="width=device-width, initial-scale=1">
 	<title>Apache Aurora</title>
     <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.1/css/bootstrap.min.css">
     <link href="/assets/css/main.css" rel="stylesheet">
 	<!-- Analytics -->
 	<script type="text/javascript">
 		  var _gaq = _gaq || [];
 		  _gaq.push(['_setAccount', 'UA-45879646-1']);
 		  _gaq.push(['_setDomainName', 'apache.org']);
 		  _gaq.push(['_trackPageview']);

 		  (function() {
 		    var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
 		    ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
 		    var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
 		  })();
 	</script>
   </head>
   <body>
     <div class="container-fluid section-header">
   <div class="container">
     <div class="nav nav-bar">
     <a href="/"><img src="/assets/img/aurora_logo_dkbkg.svg" width="300" alt="Transparent Apache Aurora logo with dark background"/></a>
     <ul class="nav navbar-nav navbar-right">
       <li><a href="/documentation/latest/">Documentation</a></li>
       <li><a href="/community/">Community</a></li>
       <li><a href="/downloads/">Downloads</a></li>
       <li><a href="/blog/">Blog</a></li>
     </ul>
     </div>
   </div>
 </div>

     <div class="container-fluid">
       <div class="container content">
         <div class="col-md-12 documentation">
 <h5 class="page-header text-uppercase">Documentation
 <select onChange="window.location.href='/documentation/' + this.value + '/features/mesos-fetcher/'"
         value="latest">
   <option value="0.22.0"
     >
     0.22.0
       (latest)
   </option>
   <option value="0.21.0"
     >
     0.21.0
   </option>
   <option value="0.20.0"
     >
     0.20.0
   </option>
   <option value="0.19.1"
     >
     0.19.1
   </option>
   <option value="0.19.0"
     >
     0.19.0
   </option>
   <option value="0.18.1"
     >
     0.18.1
   </option>
   <option value="0.18.0"
     >
     0.18.0
   </option>
   <option value="0.17.0"
     >
     0.17.0
   </option>
   <option value="0.16.0"
     >
     0.16.0
   </option>
   <option value="0.15.0"
     >
     0.15.0
   </option>
   <option value="0.14.0"
     >
     0.14.0
   </option>
   <option value="0.13.0"
     >
     0.13.0
   </option>
   <option value="0.12.0"
     >
     0.12.0
   </option>
   <option value="0.11.0"
     >
     0.11.0
   </option>
   <option value="0.10.0"
     >
     0.10.0
   </option>
   <option value="0.9.0"
     >
     0.9.0
   </option>
   <option value="0.8.0"
     >
     0.8.0
   </option>
   <option value="0.7.0-incubating"
     >
     0.7.0-incubating
   </option>
   <option value="0.6.0-incubating"
     >
     0.6.0-incubating
   </option>
   <option value="0.5.0-incubating"
     >
     0.5.0-incubating
   </option>
 </select>
 </h5>
 <h1 id="mesos-fetcher">Mesos Fetcher</h1>

 <p>Mesos has support for downloading resources into the sandbox through the
 use of the <a href="http://mesos.apache.org/documentation/latest/fetcher/">Mesos Fetcher</a></p>

 <p>Aurora supports passing URIs to the Mesos Fetcher dynamically by including
 a list of URIs in job submissions.</p>

 <h2 id="how-to-use">How to use</h2>

 <p>The scheduler flag <code>-enable_mesos_fetcher</code> must be set to true.</p>

 <p>Currently only the scheduler side of this feature has been implemented
 so a modification to the existing client, or a custom Thrift client are required
 to make use of this feature.</p>

 <p>If using a custom Thrift client, the list of URIs must be included in TaskConfig
 as the <code>mesosFetcherUris</code> field.</p>

 <p>Each Mesos Fetcher URI has the following data members:</p>

 <table><thead>
 <tr>
 <th>Property</th>
 <th>Description</th>
 </tr>
 </thead><tbody>
 <tr>
 <td>value (required)</td>
 <td>Path to the resource needed in the sandbox.</td>
 </tr>
 <tr>
 <td>extract (optional)</td>
 <td>Extract files from packed or compressed archives into the sandbox.</td>
 </tr>
 <tr>
 <td>cache (optional)</td>
 <td>Use caching mechanism provided by Mesos for resources.</td>
 </tr>
 </tbody></table>

 <p>Note that this structure is very similar to the one provided for downloading
 resources needed for a <a href="../../operations/configuration/">custom executor</a>.</p>

 <p>This is because both features use the Mesos fetcher to retrieve resources into
 the sandbox. However, one, the custom executor feature, has a static set of URIs
 set in the server side, and the other, the Mesos Fetcher feature, is a dynamic set
 of URIs set at the time of job submission.</p>

 <h2 id="security-implications">Security Implications</h2>

 <p>There are security implications that must be taken into account when enabling this feature.
 <strong>Enabling this feature may potentially enable any job submitting user to perform a privilege escalation.</strong></p>

 <p>Until a more through solution is created, one step that has been taken to mitigate this issue
 is to statically mark every user submitted URI as non-executable. This is in contrast to the set of URIs
 set in the custom executor feature which may mark any URI as executable.</p>

 <p>If the need arises to mark a downloaded URI as executable, please consider using the custom executor feature.</p>

 </div>

       </div>
     </div>
   	<div class="container-fluid section-footer buffer">
       <div class="container">
         <div class="row">
 		  <div class="col-md-2 col-md-offset-1"><h3>Quick Links</h3>
 		  <ul>
 		    <li><a href="/downloads/">Downloads</a></li>
             <li><a href="/community/">Mailing Lists</a></li>
 			<li><a href="http://issues.apache.org/jira/browse/AURORA">Issue Tracking</a></li>
 			<li><a href="/documentation/latest/contributing/">How To Contribute</a></li>
 		  </ul>
 	      </div>
 		  <div class="col-md-2"><h3>The ASF</h3>
           <ul>
             <li><a href="http://www.apache.org/licenses/">License</a></li>
             <li><a href="http://www.apache.org/foundation/sponsorship.html">Sponsorship</a></li>
             <li><a href="http://www.apache.org/foundation/thanks.html">Thanks</a></li>
             <li><a href="http://www.apache.org/security/">Security</a></li>
           </ul>
 		  </div>
 		  <div class="col-md-6">
 			<p class="disclaimer">&copy; 2014-2017 <a href="http://www.apache.org/">Apache Software Foundation</a>. Licensed under the <a href="http://www.apache.org/licenses/">Apache License v2.0</a>. The <a href="https://www.flickr.com/photos/trondk/12706051375/">Aurora Borealis IX photo</a> displayed on the homepage is available under a <a href="https://creativecommons.org/licenses/by-nc-nd/2.0/">Creative Commons BY-NC-ND 2.0 license</a>. Apache, Apache Aurora, and the Apache feather logo are trademarks of The Apache Software Foundation.</p>
         </div>
       </div>
     </div>

   </body>
 </html>
	<!DOCTYPE html>
	<html lang="en">
	<head>
	<meta charset="utf-8">
	<meta name="viewport" content="width=device-width, initial-scale=1">
	<title>Apache Aurora</title>
	<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.1/css/bootstrap.min.css">
	<link href="/assets/css/main.css" rel="stylesheet">
	<!-- Analytics -->
	<script type="text/javascript">
	var _gaq = _gaq \|\| [];
	_gaq.push(['_setAccount', 'UA-45879646-1']);
	_gaq.push(['_setDomainName', 'apache.org']);
	_gaq.push(['_trackPageview']);

	(function() {
	var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
	ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
	var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
	})();
	</script>
	</head>
	<body>
	<div class="container-fluid section-header">
	<div class="container">
	<div class="nav nav-bar">
	<a href="/"><img src="/assets/img/aurora_logo_dkbkg.svg" width="300" alt="Transparent Apache Aurora logo with dark background"/></a>
	<ul class="nav navbar-nav navbar-right">
	<li><a href="/documentation/latest/">Documentation</a></li>
	<li><a href="/community/">Community</a></li>
	<li><a href="/downloads/">Downloads</a></li>
	<li><a href="/blog/">Blog</a></li>
	</ul>
	</div>
	</div>
	</div>

	<div class="container-fluid">
	<div class="container content">
	<div class="col-md-12 documentation">
	<h5 class="page-header text-uppercase">Documentation
	<select onChange="window.location.href='/documentation/' + this.value + '/features/mesos-fetcher/'"
	value="latest">
	<option value="0.22.0"
	>
	0.22.0
	(latest)
	</option>
	<option value="0.21.0"
	>
	0.21.0
	</option>
	<option value="0.20.0"
	>
	0.20.0
	</option>
	<option value="0.19.1"
	>
	0.19.1
	</option>
	<option value="0.19.0"
	>
	0.19.0
	</option>
	<option value="0.18.1"
	>
	0.18.1
	</option>
	<option value="0.18.0"
	>
	0.18.0
	</option>
	<option value="0.17.0"
	>
	0.17.0
	</option>
	<option value="0.16.0"
	>
	0.16.0
	</option>
	<option value="0.15.0"
	>
	0.15.0
	</option>
	<option value="0.14.0"
	>
	0.14.0
	</option>
	<option value="0.13.0"
	>
	0.13.0
	</option>
	<option value="0.12.0"
	>
	0.12.0
	</option>
	<option value="0.11.0"
	>
	0.11.0
	</option>
	<option value="0.10.0"
	>
	0.10.0
	</option>
	<option value="0.9.0"
	>
	0.9.0
	</option>
	<option value="0.8.0"
	>
	0.8.0
	</option>
	<option value="0.7.0-incubating"
	>
	0.7.0-incubating
	</option>
	<option value="0.6.0-incubating"
	>
	0.6.0-incubating
	</option>
	<option value="0.5.0-incubating"
	>
	0.5.0-incubating
	</option>
	</select>
	</h5>
	<h1 id="mesos-fetcher">Mesos Fetcher</h1>

	<p>Mesos has support for downloading resources into the sandbox through the
	use of the <a href="http://mesos.apache.org/documentation/latest/fetcher/">Mesos Fetcher</a></p>

	<p>Aurora supports passing URIs to the Mesos Fetcher dynamically by including
	a list of URIs in job submissions.</p>

	<h2 id="how-to-use">How to use</h2>

	<p>The scheduler flag <code>-enable_mesos_fetcher</code> must be set to true.</p>

	<p>Currently only the scheduler side of this feature has been implemented
	so a modification to the existing client, or a custom Thrift client are required
	to make use of this feature.</p>

	<p>If using a custom Thrift client, the list of URIs must be included in TaskConfig
	as the <code>mesosFetcherUris</code> field.</p>

	<p>Each Mesos Fetcher URI has the following data members:</p>

	<table><thead>
	<tr>
	<th>Property</th>
	<th>Description</th>
	</tr>
	</thead><tbody>
	<tr>
	<td>value (required)</td>
	<td>Path to the resource needed in the sandbox.</td>
	</tr>
	<tr>
	<td>extract (optional)</td>
	<td>Extract files from packed or compressed archives into the sandbox.</td>
	</tr>
	<tr>
	<td>cache (optional)</td>
	<td>Use caching mechanism provided by Mesos for resources.</td>
	</tr>
	</tbody></table>

	<p>Note that this structure is very similar to the one provided for downloading
	resources needed for a <a href="../../operations/configuration/">custom executor</a>.</p>

	<p>This is because both features use the Mesos fetcher to retrieve resources into
	the sandbox. However, one, the custom executor feature, has a static set of URIs
	set in the server side, and the other, the Mesos Fetcher feature, is a dynamic set
	of URIs set at the time of job submission.</p>

	<h2 id="security-implications">Security Implications</h2>

	<p>There are security implications that must be taken into account when enabling this feature.
	<strong>Enabling this feature may potentially enable any job submitting user to perform a privilege escalation.</strong></p>

	<p>Until a more through solution is created, one step that has been taken to mitigate this issue
	is to statically mark every user submitted URI as non-executable. This is in contrast to the set of URIs
	set in the custom executor feature which may mark any URI as executable.</p>

	<p>If the need arises to mark a downloaded URI as executable, please consider using the custom executor feature.</p>

	</div>

	</div>
	</div>
	<div class="container-fluid section-footer buffer">
	<div class="container">
	<div class="row">
	<div class="col-md-2 col-md-offset-1"><h3>Quick Links</h3>
	<ul>
	<li><a href="/downloads/">Downloads</a></li>
	<li><a href="/community/">Mailing Lists</a></li>
	<li><a href="http://issues.apache.org/jira/browse/AURORA">Issue Tracking</a></li>
	<li><a href="/documentation/latest/contributing/">How To Contribute</a></li>
	</ul>
	</div>
	<div class="col-md-2"><h3>The ASF</h3>
	<ul>
	<li><a href="http://www.apache.org/licenses/">License</a></li>
	<li><a href="http://www.apache.org/foundation/sponsorship.html">Sponsorship</a></li>
	<li><a href="http://www.apache.org/foundation/thanks.html">Thanks</a></li>
	<li><a href="http://www.apache.org/security/">Security</a></li>
	</ul>
	</div>
	<div class="col-md-6">
	<p class="disclaimer">© 2014-2017 <a href="http://www.apache.org/">Apache Software Foundation</a>. Licensed under the <a href="http://www.apache.org/licenses/">Apache License v2.0</a>. The <a href="https://www.flickr.com/photos/trondk/12706051375/">Aurora Borealis IX photo</a> displayed on the homepage is available under a <a href="https://creativecommons.org/licenses/by-nc-nd/2.0/">Creative Commons BY-NC-ND 2.0 license</a>. Apache, Apache Aurora, and the Apache feather logo are trademarks of The Apache Software Foundation.</p>
	</div>
	</div>
	</div>

	</body>
	</html>