Don't know where to start? The Aurora configuration schema is very powerful, and configurations can become quite complex for advanced use cases.
For examples of simple configurations to get something up and running quickly, check out the Tutorial. When you feel comfortable with the basics, move on to the Configuration Tutorial for more in-depth coverage of configuration design.
Process objects consist of required name and cmdline attributes. You can customize Process behavior with its optional attributes. Remember, Processes are handled by Thermos.
| Attribute Name | Type | Description |
|---|---|---|
| name | String | Process name (Required) |
| cmdline | String | Command line (Required) |
| max_failures | Integer | Maximum process failures (Default: 1) |
| daemon | Boolean | When True, this is a daemon process. (Default: False) |
| ephemeral | Boolean | When True, this is an ephemeral process. (Default: False) |
| min_duration | Integer | Minimum duration between process restarts in seconds. (Default: 5) |
| final | Boolean | When True, this process is a finalizing one that should run last. (Default: False) |
| logger | Logger | Struct defining the log behavior for the process. (Default: Empty) |
The name is any valid UNIX filename string (specifically no slashes, NULLs or leading periods). Within a Task object, each Process name must be unique.
The command line run by the process. The command line is invoked in a bash subshell, so can involve fully-blown bash scripts. However, nothing is supplied for command-line arguments so $* is unspecified.
The maximum number of failures (non-zero exit statuses) this process can have before being marked permanently failed and not retried. If a process permanently fails, Thermos looks at the failure limit of the task containing the process (usually 1) to determine if the task has failed as well.
Setting max_failures to 0 makes the process retry indefinitely until it achieves a successful (zero) exit status. It retries at most once every min_duration seconds to prevent an effective denial of service attack on the coordinating Thermos scheduler.
By default, Thermos processes are non-daemon. If daemon is set to True, a successful (zero) exit status does not prevent future process runs. Instead, the process reinvokes after min_duration seconds. However, the maximum failure limit still applies. A combination of daemon=True and max_failures=0 causes a process to retry indefinitely regardless of exit status. This should be avoided for very short-lived processes because of the accumulation of checkpointed state for each process run. When running in Mesos specifically, max_failures is capped at 100.
By default, Thermos processes are non-ephemeral. If ephemeral is set to True, the process' status is not used to determine if its containing task has completed. For example, consider a task with a non-ephemeral webserver process and an ephemeral logsaver process that periodically checkpoints its log files to a centralized data store. The task is considered finished once the webserver process has completed, regardless of the logsaver's current status.
Processes may succeed or fail multiple times during a single task's duration. Each of these is called a process run. min_duration is the minimum number of seconds the scheduler waits before running the same process.
Processes can be grouped into two classes: ordinary processes and finalizing processes. By default, Thermos processes are ordinary. They run as long as the task is considered healthy (i.e., no failure limits have been reached.) But once all regular Thermos processes finish or the task reaches a certain failure threshold, it moves into a “finalization” stage and runs all finalizing processes. These are typically processes necessary for cleaning up the task, such as log checkpointers, or perhaps e-mail notifications that the task completed.
Finalizing processes may not depend upon ordinary processes or vice-versa, however finalizing processes may depend upon other finalizing processes and otherwise run as a typical process schedule.
The default behavior of Thermos is to store stderr/stdout logs in files which grow unbounded. In the event that you have large log volume, you may want to configure Thermos to automatically rotate logs after they grow to a certain size, which can prevent your job from using more than its allocated disk space.
Logger objects specify a destination for Process logs which is, by default, file - a pair of stdout and stderr files. Its also possible to specify console to get logs output to the Process stdout and stderr streams, none to suppress any logs output or both to send logs to files and console streams.
The default Logger mode is standard which lets the stdout and stderr streams grow without bound.
| Attribute Name | Type | Description |
|---|---|---|
| destination | LoggerDestination | Destination of logs. (Default: file) |
| mode | LoggerMode | Mode of the logger. (Default: standard) |
| rotate | RotatePolicy | An optional rotation policy. (Default: Empty) |
A RotatePolicy describes log rotation behavior for when mode is set to rotate and it is ignored otherwise. If rotate is Empty or RotatePolicy() when the mode is set to rotate the defaults below are used.
| Attribute Name | Type | Description |
|---|---|---|
| log_size | Integer | Maximum size (in bytes) of an individual log file. (Default: 100 MiB) |
| backups | Integer | The maximum number of backups to retain. (Default: 5) |
An example process configuration is as follows:
process = Process(
name='process',
logger=Logger(
destination=LoggerDestination('both'),
mode=LoggerMode('rotate'),
rotate=RotatePolicy(log_size=5*MB, backups=5)
)
)
Tasks fundamentally consist of a name and a list of Process objects stored as the value of the processes attribute. Processes can be further constrained with constraints. By default, name's value inherits from the first Process in the processes list, so for simple Task objects with one Process, name can be omitted. In Mesos, resources is also required.
| param | type | description |
|---|---|---|
name | String | Process name (Required) (Default: processes0.name) |
processes | List of Process objects | List of Process objects bound to this task. (Required) |
constraints | List of Constraint objects | List of Constraint objects constraining processes. |
resources | Resource object | Resource footprint. (Required) |
max_failures | Integer | Maximum process failures before being considered failed (Default: 1) |
max_concurrency | Integer | Maximum number of concurrent processes (Default: 0, unlimited concurrency.) |
finalization_wait | Integer | Amount of time allocated for finalizing processes, in seconds. (Default: 30) |
name is a string denoting the name of this task. It defaults to the name of the first Process in the list of Processes associated with the processes attribute.
processes is an unordered list of Process objects. To constrain the order in which they run, use constraints.
A list of Constraint objects. Currently it supports only one type, the order constraint. order is a list of process names that should run in the order given. For example,
process = Process(cmdline = "echo hello {{name}}")
task = Task(name = "echoes",
processes = [process(name = "jim"), process(name = "bob")],
constraints = [Constraint(order = ["jim", "bob"]))
Constraints can be supplied ad-hoc and in duplicate. Not all Processes need be constrained, however Tasks with cycles are rejected by the Thermos scheduler.
Use the order function as shorthand to generate Constraint lists. The following:
order(process1, process2)
is shorthand for
[Constraint(order = [process1.name(), process2.name()])]
The order function accepts Process name strings ('foo', 'bar') or the processes themselves, e.g. foo=Process(name='foo', ...), bar=Process(name='bar', ...), constraints=order(foo, bar).
Takes a Resource object, which specifies the amounts of CPU, memory, and disk space resources to allocate to the Task.
max_failures is the number of failed processes needed for the Task to be marked as failed.
For example, assume a Task has two Processes and a max_failures value of 2:
template = Process(max_failures=10)
task = Task(
name = "fail",
processes = [
template(name = "failing", cmdline = "exit 1"),
template(name = "succeeding", cmdline = "exit 0")
],
max_failures=2)
The failing Process could fail 10 times before being marked as permanently failed, and the succeeding Process could succeed on the first run. However, the task would succeed despite only allowing for two failed processes. To be more specific, there would be 10 failed process runs yet 1 failed process. Both processes would have to fail for the Task to fail.
For Tasks with a number of expensive but otherwise independent processes, you may want to limit the amount of concurrency the Thermos scheduler provides rather than artificially constraining it via order constraints. For example, a test framework may generate a task with 100 test run processes, but wants to run it on a machine with only 4 cores. You can limit the amount of parallelism to 4 by setting max_concurrency=4 in your task configuration.
For example, the following task spawns 180 Processes (“mappers”) to compute individual elements of a 180 degree sine table, all dependent upon one final Process (“reducer”) to tabulate the results:
def make_mapper(id):
return Process(
name = "mapper%03d" % id,
cmdline = "echo 'scale=50;s(%d\*4\*a(1)/180)' | bc -l >
temp.sine_table.%03d" % (id, id))
def make_reducer():
return Process(name = "reducer", cmdline = "cat temp.\* | nl \> sine\_table.txt
&& rm -f temp.\*")
processes = map(make_mapper, range(180))
task = Task(
name = "mapreduce",
processes = processes + [make\_reducer()],
constraints = [Constraint(order = [mapper.name(), 'reducer']) for mapper
in processes],
max_concurrency = 8)
Process execution is organizued into three active stages: ACTIVE, CLEANING, and FINALIZING. The ACTIVE stage is when ordinary processes run. This stage lasts as long as Processes are running and the Task is healthy. The moment either all Processes have finished successfully or the Task has reached a maximum Process failure limit, it goes into CLEANING stage and send SIGTERMs to all currently running Processes and their process trees. Once all Processes have terminated, the Task goes into FINALIZING stage and invokes the schedule of all Processes with the “final” attribute set to True.
This whole process from the end of ACTIVE stage to the end of FINALIZING must happen within finalization_wait seconds. If it does not finish during that time, all remaining Processes are sent SIGKILLs (or if they depend upon uncompleted Processes, are never invoked.)
When running on Aurora, the finalization_wait is capped at 60 seconds.
Current constraint objects only support a single ordering constraint, order, which specifies its processes run sequentially in the order given. By default, all processes run in parallel when bound to a Task without ordering constraints.
| param | type | description |
|---|---|---|
| order | List of String | List of processes by name (String) that should be run serially. |
Specifies the amount of CPU, Ram, and disk resources the task needs. See the Resource Isolation document for suggested values and to understand how resources are allocated.
| param | type | description |
|---|---|---|
cpu | Float | Fractional number of cores required by the task. |
ram | Integer | Bytes of RAM required by the task. |
disk | Integer | Bytes of disk required by the task. |
gpu | Integer | Number of GPU cores required by the task |
Note: Specifying a Container object as the value of the container property is deprecated in favor of setting its value directly to the appropriate Docker or Mesos container type
Note: Specifying preemption behavior of tasks through production flag is deprecated in favor of electing appropriate task tier via tier attribute.
| name | type | description |
|---|---|---|
task | Task | The Task object to bind to this job. Required. |
name | String | Job name. (Default: inherited from the task attribute's name) |
role | String | Job role account. Required. |
cluster | String | Cluster in which this job is scheduled. Required. |
environment | String | Job environment, default devel. By default must be one of prod, devel, test or staging<number> but it can be changed by the Cluster operator using the scheduler option allowed_job_environments. |
contact | String | Best email address to reach the owner of the job. For production jobs, this is usually a team mailing list. |
instances | Integer | Number of instances (sometimes referred to as replicas or shards) of the task to create. (Default: 1) |
cron_schedule | String | Cron schedule in cron format. May only be used with non-service jobs. See Cron Jobs for more information. Default: None (not a cron job.) |
cron_collision_policy | String | Policy to use when a cron job is triggered while a previous run is still active. KILL_EXISTING Kill the previous run, and schedule the new run CANCEL_NEW Let the previous run continue, and cancel the new run. (Default: KILL_EXISTING) |
update_config | UpdateConfig object | Parameters for controlling the rate and policy of rolling updates. |
constraints | dict | Scheduling constraints for the tasks. See the section on the constraint specification language |
service | Boolean | If True, restart tasks regardless of success or failure. (Default: False) |
max_task_failures | Integer | Maximum number of failures after which the task is considered to have failed (Default: 1) Set to -1 to allow for infinite failures |
priority | Integer | Preemption priority to give the task (Default 0). Tasks with higher priorities may preempt tasks at lower priorities. |
production | Boolean | (Deprecated) Whether or not this is a production task that may preempt other tasks (Default: False). Production job role must have the appropriate quota. |
health_check_config | HealthCheckConfig object | Parameters for controlling a task's health checks. HTTP health check is only used if a health port was assigned with a command line wildcard. |
container | Choice of Container, Docker or Mesos object | An optional container to run all processes inside of. |
lifecycle | LifecycleConfig object | An optional task lifecycle configuration that dictates commands to be executed on startup/teardown. HTTP lifecycle is enabled by default if the “health” port is requested. See LifecycleConfig Objects for more information. |
tier | String | Task tier type. The default scheduler tier configuration allows for 3 tiers: revocable, preemptible, and preferred. If a tier is not elected, Aurora assigns the task to a tier based on its choice of production (that is preferred for production and preemptible for non-production jobs). See the section on Configuration Tiers for more information. |
announce | Announcer object | Optionally enable Zookeeper ServerSet announcements. See [Announcer Objects] for more information. |
enable_hooks | Boolean | Whether to enable Client Hooks for this job. (Default: False) |
Parameters for controlling the rate and policy of rolling updates.
| object | type | description |
|---|---|---|
batch_size | Integer | Maximum number of shards to be updated in one iteration (Default: 1) |
watch_secs | Integer | Minimum number of seconds a shard must remain in RUNNING state before considered a success (Default: 45) |
max_per_shard_failures | Integer | Maximum number of restarts per shard during update. Increments total failure count when this limit is exceeded. (Default: 0) |
max_total_failures | Integer | Maximum number of shard failures to be tolerated in total during an update. Cannot be greater than or equal to the total number of tasks in a job. (Default: 0) |
rollback_on_failure | boolean | When False, prevents auto rollback of a failed update (Default: True) |
wait_for_batch_completion | boolean | When True, all threads from a given batch will be blocked from picking up new instances until the entire batch is updated. This essentially simulates the legacy sequential updater algorithm. (Default: False) |
pulse_interval_secs | Integer | Indicates a coordinated update. If no pulses are received within the provided interval the update will be blocked. Beta-updater only. Will fail on submission when used with client updater. (Default: None) |
Parameters for controlling a task's health checks via HTTP or a shell command.
| param | type | description |
|---|---|---|
health_checker | HealthCheckerConfig | Configure what kind of health check to use. |
initial_interval_secs | Integer | Initial grace period (during which health-check failures are ignored) while performing health checks. (Default: 15) |
interval_secs | Integer | Interval on which to check the task's health. (Default: 10) |
max_consecutive_failures | Integer | Maximum number of consecutive failures that will be tolerated before considering a task unhealthy (Default: 0) |
min_consecutive_successes | Integer | Minimum number of consecutive successful health checks required before considering a task healthy (Default: 1) |
timeout_secs | Integer | Health check timeout. (Default: 1) |
| param | type | description |
|---|---|---|
http | HttpHealthChecker | Configure health check to use HTTP. (Default) |
shell | ShellHealthChecker | Configure health check via a shell command. |
| param | type | description |
|---|---|---|
endpoint | String | HTTP endpoint to check (Default: /health) |
expected_response | String | If not empty, fail the HTTP health check if the response differs. Case insensitive. (Default: ok) |
expected_response_code | Integer | If not zero, fail the HTTP health check if the response code differs. (Default: 0) |
| param | type | description |
|---|---|---|
shell_command | String | An alternative to HTTP health checking. Specifies a shell command that will be executed. Any non-zero exit status will be interpreted as a health check failure. |
If the announce field in the Job configuration is set, each task will be registered in the ServerSet /aurora/role/environment/jobname in the zookeeper ensemble configured by the executor (which can be optionally overriden by specifying zk_path parameter). If no Announcer object is specified, no announcement will take place. For more information about ServerSets, see the Service Discover documentation.
By default, the hostname in the registered endpoints will be the --hostname parameter that is passed to the mesos agent. To override the hostname value, the executor can be started with --announcer-hostname=<overriden_value>. If you decide to use --announcer-hostname and if the overriden value needs to change for every executor, then the executor has to be started inside a wrapper, see Executor Wrapper.
For example, if you want the hostname in the endpoint to be an IP address instead of the hostname, the --hostname parameter to the mesos agent can be set to the machine IP or the executor can be started with --announcer-hostname=<host_ip> while wrapping the executor inside a script.
| object | type | description |
|---|---|---|
primary_port | String | Which named port to register as the primary endpoint in the ServerSet (Default: http) |
portmap | dict | A mapping of additional endpoints to be announced in the ServerSet (Default: { 'aurora': '{{primary_port}}' }) |
zk_path | String | Zookeeper serverset path override (executor must be started with the --announcer-allow-custom-serverset-path parameter) |
portmapThe primary endpoint registered in the ServerSet is the one allocated to the port specified by the primary_port in the Announcer object, by default the http port. This port can be referenced from anywhere within a configuration as {{thermos.ports[http]}}.
Without the port map, each named port would be allocated a unique port number. The portmap allows two different named ports to be aliased together. The default portmap aliases the aurora port (i.e. {{thermos.ports[aurora]}}) to the http port. Even though the two ports can be referenced independently, only one port is allocated by Mesos. Any port referenced in a Process object but which is not in the portmap will be allocated dynamically by Mesos and announced as well.
It is possible to use the portmap to alias names to static port numbers, e.g. {'http': 80, 'https': 443, 'aurora': 'http'}. In this case, referencing {{thermos.ports[aurora]}} would look up {{thermos.ports[http]}} then find a static port 80. No port would be requested of or allocated by Mesos.
Static ports should be used cautiously as Aurora does nothing to prevent two tasks with the same static port allocations from being co-scheduled. External constraints such as agent attributes should be used to enforce such guarantees should they be needed.
Describes the container the job's processes will run inside. If not using Docker or the Mesos unified-container, the container can be omitted from your job config.
| param | type | description |
|---|---|---|
mesos | Mesos | A native Mesos container to use. |
docker | Docker | A Docker container to use (via Docker engine) |
| param | type | description |
|---|---|---|
image | Choice(AppcImage, DockerImage) | An optional filesystem image to use within this container. |
volumes | List(Volume) | An optional list of volume mounts for this container. |
| param | type | description |
|---|---|---|
container_path | String | Path on the host to mount. |
host_path | String | Mount point in the container. |
mode | Enum | Mode of the mount, can be ‘RW’ or ‘RO’. |
Describes an AppC filesystem image.
| param | type | description |
|---|---|---|
name | String | The name of the appc image. |
image_id | String | The image id of the appc image. |
Describes a Docker filesystem image.
| param | type | description |
|---|---|---|
name | String | The name of the docker image. |
tag | String | The tag that identifies the docker image. |
Note: In order to correctly execute processes inside a job, the Docker container must have Python 2.7 installed. Note: For private docker registry, mesos mandates the docker credential file to be named as .dockercfg, even though docker may create a credential file with a different name on various platforms. Also, the .dockercfg file needs to be copied into the sandbox using the -thermos_executor_resources flag, specified while starting Aurora.
| param | type | description |
|---|---|---|
image | String | The name of the docker image to execute. If the image does not exist locally it will be pulled with docker pull. |
parameters | List(Parameter) | Additional parameters to pass to the Docker engine. |
Docker CLI parameters. This needs to be enabled by the scheduler -allow_docker_parameters option. See Docker Command Line Reference for valid parameters.
| param | type | description |
|---|---|---|
name | String | The name of the docker parameter. E.g. volume |
value | String | The value of the parameter. E.g. /usr/local/bin:/usr/bin:rw |
Note: The only lifecycle configuration supported is the HTTP lifecycle via the HttpLifecycleConfig.
| param | type | description |
|---|---|---|
http | HttpLifecycleConfig | Configure the lifecycle manager to send lifecycle commands to the task via HTTP. |
Note: The combined graceful_shutdown_wait_secs and shutdown_wait_secs is implicitly upper bounded by the --stop_timeout_in_secs flag exposed by the executor (see options here, default is 2 minutes). Therefore, if the user specifies values that add up to more than --stop_timeout_in_secs, the task will be killed earlier than the user anticipates (see the termination lifecycle here). Furthermore, stop_timeout_in_secs itself is implicitly upper bounded by two scheduler options: transient_task_state_timeout and preemption_slot_hold_time (see reference here. If the stop_timeout_in_secs exceeds either of these scheduler options, tasks could be designated as LOST or tasks utilizing preemption could lose their desired slot respectively. Cluster operators should be aware of these timings should they change the defaults.
| param | type | description |
|---|---|---|
port | String | The named port to send POST commands. (Default: health) |
graceful_shutdown_endpoint | String | Endpoint to hit to indicate that a task should gracefully shutdown. (Default: /quitquitquit) |
shutdown_endpoint | String | Endpoint to hit to give a task its final warning before being killed. (Default: /abortabortabort) |
graceful_shutdown_wait_secs | Integer | The amount of time (in seconds) to wait after hitting the graceful_shutdown_endpoint before proceeding with the task termination lifecycle. (Default: 5) |
shutdown_wait_secs | Integer | The amount of time (in seconds) to wait after hitting the shutdown_endpoint before proceeding with the task termination lifecycle. (Default: 5) |
If the Job is listening on the port as specified by the HttpLifecycleConfig (default: health), a HTTP POST request will be sent over localhost to this endpoint to request that the task gracefully shut itself down. This is a courtesy call before the shutdown_endpoint is invoked graceful_shutdown_wait_secs seconds later.
If the Job is listening on the port as specified by the HttpLifecycleConfig (default: health), a HTTP POST request will be sent over localhost to this endpoint to request as a final warning before being shut down. If the task does not shut down on its own after shutdown_wait_secs seconds, it will be forcefully killed.
In the Job object there is a map constraints from String to String allowing the user to tailor the schedulability of tasks within the job.
The constraint map's key value is the attribute name in which we constrain Tasks within our Job. The value is how we constrain them. There are two types of constraints: limit constraints and value constraints.
| constraint | description |
|---|---|
| Limit | A string that specifies a limit for a constraint. Starts with 'limit: followed by an Integer and closing single quote, such as 'limit:1'. |
| Value | A string that specifies a value for a constraint. To include a list of values, separate the values using commas. To negate the values of a constraint, start with a ! . |
Further details can be found in the Scheduling Constraints feature description.
Currently, a few Pystachio namespaces have special semantics. Using them in your configuration allow you to tailor application behavior through environment introspection or interact in special ways with the Aurora client or Aurora-provided services.
The mesos namespace contains variables which relate to the mesos agent which launched the task. The instance variable can be used to distinguish between Task replicas.
| variable name | type | description |
|---|---|---|
instance | Integer | The instance number of the created task. A job with 5 replicas has instance numbers 0, 1, 2, 3, and 4. |
hostname | String | The instance hostname that the task was launched on. |
Please note, there is no uniqueness guarantee for instance in the presence of network partitions. If that is required, it should be baked in at the application level using a distributed coordination service such as Zookeeper.
The thermos namespace contains variables that work directly on the Thermos platform in addition to Aurora. This namespace is fully compatible with Tasks invoked via the thermos CLI.
| variable | type | description |
|---|---|---|
ports | map of string to Integer | A map of names to port numbers |
task_id | string | The task ID assigned to this task. |
The thermos.ports namespace is automatically populated by Aurora when invoking tasks on Mesos. When running the thermos command directly, these ports must be explicitly mapped with the -P option.
For example, if ‘{{thermos.ports[http]}}’ is specified in a Process configuration, it is automatically extracted and auto-populated by Aurora, but must be specified with, for example, thermos -P http:12345 to map http to port 12345 when running via the CLI.