| <!DOCTYPE html> |
| <html> |
| <head> |
| <meta charset="utf-8"> |
| <title>Apache Mesos - Roles</title> |
| <meta name="viewport" content="width=device-width, initial-scale=1.0"> |
| |
| <meta property="og:locale" content="en_US"/> |
| <meta property="og:type" content="website"/> |
| <meta property="og:title" content="Apache Mesos"/> |
| <meta property="og:site_name" content="Apache Mesos"/> |
| <meta property="og:url" content="http://mesos.apache.org/"/> |
| <meta property="og:image" content="http://mesos.apache.org/assets/img/mesos_logo_fb_preview.png"/> |
| <meta property="og:description" |
| content="Apache Mesos abstracts resources away from machines, |
| enabling fault-tolerant and elastic distributed systems |
| to easily be built and run effectively."/> |
| |
| <meta name="twitter:card" content="summary"/> |
| <meta name="twitter:site" content="@ApacheMesos"/> |
| <meta name="twitter:title" content="Apache Mesos"/> |
| <meta name="twitter:image" content="http://mesos.apache.org/assets/img/mesos_logo_fb_preview.png"/> |
| <meta name="twitter:description" |
| content="Apache Mesos abstracts resources away from machines, |
| enabling fault-tolerant and elastic distributed systems |
| to easily be built and run effectively."/> |
| |
| <link href="//netdna.bootstrapcdn.com/bootstrap/3.1.1/css/bootstrap.min.css" rel="stylesheet"> |
| <link rel="alternate" type="application/atom+xml" title="Apache Mesos Blog" href="/blog/feed.xml"> |
| <link href="../../../assets/css/main.css" media="screen" rel="stylesheet" type="text/css" /> |
| |
| |
| |
| <!-- Google Analytics Magic --> |
| <script type="text/javascript"> |
| var _gaq = _gaq || []; |
| _gaq.push(['_setAccount', 'UA-20226872-1']); |
| _gaq.push(['_setDomainName', 'apache.org']); |
| _gaq.push(['_trackPageview']); |
| |
| (function() { |
| var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true; |
| ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js'; |
| var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s); |
| })(); |
| </script> |
| |
| </head> |
| <body> |
| <!-- magical breadcrumbs --> |
| <div class="topnav"> |
| <div class="container"> |
| <ul class="breadcrumb"> |
| <li> |
| <div class="dropdown"> |
| <a data-toggle="dropdown" href="#">Apache Software Foundation <span class="caret"></span></a> |
| <ul class="dropdown-menu" role="menu" aria-labelledby="dLabel"> |
| <li><a href="http://www.apache.org">Apache Homepage</a></li> |
| <li><a href="http://www.apache.org/licenses/">License</a></li> |
| <li><a href="http://www.apache.org/foundation/sponsorship.html">Sponsorship</a></li> |
| <li><a href="http://www.apache.org/foundation/thanks.html">Thanks</a></li> |
| <li><a href="http://www.apache.org/security/">Security</a></li> |
| </ul> |
| </div> |
| </li> |
| |
| <li><a href="http://mesos.apache.org">Apache Mesos</a></li> |
| |
| |
| <li><a href="/documentation |
| /">Documentation |
| </a></li> |
| |
| |
| </ul><!-- /.breadcrumb --> |
| </div><!-- /.container --> |
| </div><!-- /.topnav --> |
| |
| <!-- navbar excitement --> |
| <div class="navbar navbar-default navbar-static-top" role="navigation"> |
| <div class="container"> |
| <div class="navbar-header"> |
| <button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#mesos-menu" aria-expanded="false"> |
| <span class="sr-only">Toggle navigation</span> |
| <span class="icon-bar"></span> |
| <span class="icon-bar"></span> |
| <span class="icon-bar"></span> |
| </button> |
| <a class="navbar-brand" href="/"><img src="/assets/img/mesos_logo.png" alt="Apache Mesos logo"/></a> |
| </div><!-- /.navbar-header --> |
| |
| <div class="navbar-collapse collapse" id="mesos-menu"> |
| <ul class="nav navbar-nav navbar-right"> |
| <li><a href="/gettingstarted/">Getting Started</a></li> |
| <li><a href="/blog/">Blog</a></li> |
| <li><a href="/documentation/latest/">Documentation</a></li> |
| <li><a href="/downloads/">Downloads</a></li> |
| <li><a href="/community/">Community</a></li> |
| </ul> |
| </div><!-- /#mesos-menu --> |
| </div><!-- /.container --> |
| </div><!-- /.navbar --> |
| |
| <div class="content"> |
| <div class="container"> |
| <div class="row-fluid"> |
| <div class="col-md-4"> |
| <h4>If you're new to Mesos</h4> |
| <p>See the <a href="/gettingstarted/">getting started</a> page for more |
| information about downloading, building, and deploying Mesos.</p> |
| |
| <h4>If you'd like to get involved or you're looking for support</h4> |
| <p>See our <a href="/community/">community</a> page for more details.</p> |
| </div> |
| <div class="col-md-8"> |
| <h1>Roles</h1> |
| |
| <p>In Mesos, <strong>roles</strong> can be used to specify that certain |
| <a href="/documentation/latest/./attributes-resources/">resources</a> are reserved for the use of one or more |
| frameworks. Roles can be used to enable a variety of restrictions on how |
| resources are offered to frameworks. Some use-cases for roles include:</p> |
| |
| <ul> |
| <li>arranging for all the resources on a particular agent to only be offered to a |
| particular framework.</li> |
| <li>dividing a cluster between two organizations: resources reserved for use by |
| organization <em>A</em> will only be offered to frameworks that have registered |
| using organization <em>A</em>’s role (see the |
| <a href="/documentation/latest/./reservation/">reservation documentation</a>).</li> |
| <li>ensuring that <a href="/documentation/latest/./persistent-volume/">persistent volumes</a> created by one |
| framework are not offered to frameworks registered with a different role.</li> |
| <li>expressing that one group of frameworks should be considered “higher priority” |
| (and offered more resources) than another group of frameworks.</li> |
| <li>setting a guaranteed resource allocation for one or more frameworks belonging |
| to a role (see the <a href="/documentation/latest/./quota/">quota documentation</a>).</li> |
| </ul> |
| |
| |
| <h2>Roles and access control</h2> |
| |
| <p>There are two ways to control which roles a framework is allowed to register |
| as. First, ACLs can be used to specify which framework principals can register |
| as which roles. For more information, see the <a href="/documentation/latest/./authorization/">authorization</a> |
| documentation.</p> |
| |
| <p>Second, a <em>role whitelist</em> can be configured by passing the <code>--roles</code> flag to |
| the Mesos master at startup. This flag specifies a comma-separated list of role |
| names. If the whitelist is specified, only roles that appear in the whitelist |
| can be used. To change the whitelist, the Mesos master must be restarted. Note |
| that in a high-availability deployment of Mesos, you should take care to ensure |
| that all Mesos masters are configured with the same whitelist.</p> |
| |
| <p>In Mesos 0.26 and earlier, you should typically configure <em>both</em> ACLs and the |
| whitelist, because in these versions of Mesos, any role that does not appear in |
| the whitelist cannot be used.</p> |
| |
| <p>In Mesos 0.27, this behavior has changed: if <code>--roles</code> is not specified, the |
| whitelist permits <em>any role name</em> to be used. Hence, in Mesos 0.27, the |
| recommended practice is to only use ACLs to define which roles can be used; the |
| <code>--roles</code> command-line flag is deprecated.</p> |
| |
| <h2>Associating frameworks with roles</h2> |
| |
| <p>A framework can optionally specify the role it would like to use when it |
| registers with the master.</p> |
| |
| <p>As a developer, you can specify the role your framework will use via the <code>role</code> |
| field of the <code>FrameworkInfo</code> message.</p> |
| |
| <p>As a user, you can typically specify which role a framework will use when you |
| start the framework. How to do this depends on the user interface of the |
| framework you’re using; for example, Marathon takes a <code>--mesos_role</code> |
| command-line flag.</p> |
| |
| <p><a id="roles-multiple-frameworks"></a></p> |
| |
| <h3>Multiple frameworks in the same role</h3> |
| |
| <p>Multiple frameworks can use the same role. This can be useful: for example, one |
| framework can create a persistent volume and write data to it. Once the task |
| that writes data to the persistent volume has finished, the volume will be |
| offered to other frameworks in the same role; this might give a second |
| (“consumer”) framework the opportunity to launch a task that reads the data |
| produced by the first (“producer”) framework.</p> |
| |
| <p>However, configuring multiple frameworks to use the same role should be done |
| with caution, because all the frameworks will have access to any resources that |
| have been reserved for that role. For example, if a framework stores sensitive |
| information on a persistent volume, that volume might be offered to a different |
| framework in the same role. Similarly, if one framework creates a persistent |
| volume, another framework in the same role might “steal” the volume and use it |
| to launch a task of its own. In general, multiple frameworks sharing the same |
| role should be prepared to collaborate with one another to ensure that |
| role-specific resources are used appropriately.</p> |
| |
| <h2>Associating resources with roles</h2> |
| |
| <p>A resource is assigned to a role using a <em>reservation</em>. Resources can either be |
| reserved <em>statically</em> (when the agent that hosts the resource is started) or |
| <em>dynamically</em>: frameworks and operators can specify that a certain resource |
| should subsequently be reserved for use by a given role. For more information, |
| see the <a href="/documentation/latest/./reservation/">reservation</a> documentation.</p> |
| |
| <h2>The default role</h2> |
| |
| <p>The role named <code>*</code> is special. Resources that are assigned to the <code>*</code> role are |
| considered “unreserved”; similarly, when a framework registers without providing |
| a role, it is assigned to the <code>*</code> role. By default, all the resources at an |
| agent node are initially assigned to the <code>*</code> role (this can be changed via the |
| <code>--default_role</code> command-line flag when starting the agent).</p> |
| |
| <p>The <code>*</code> role behaves differently from non-default roles. For example, dynamic |
| reservations can be used to reassign resources from the <code>*</code> role to a specific |
| role, but not from one specific role to another specific role (without first |
| unreserving the resource, e.g., using the <a href="/documentation/latest/./endpoints/master/unreserve/">/unreserve</a> |
| operator HTTP endpoint). Similarly, persistent volumes cannot be created on |
| unreserved resources.</p> |
| |
| <h2>Invalid role</h2> |
| |
| <p>A role name must be a valid directory name, so it cannot:</p> |
| |
| <ul> |
| <li>Be an empty string</li> |
| <li>Be <code>.</code> or <code>..</code></li> |
| <li>Start with <code>-</code></li> |
| <li>Contain any slash, backspace, or whitespace character</li> |
| </ul> |
| |
| |
| <h2>Roles and resource allocation</h2> |
| |
| <p>By default, the Mesos master uses Dominant Resource Fairness (DRF) to allocate |
| resources. In particular, this implementation of DRF first identifies which |
| <em>role</em> is furthest below its fair share of the role’s dominant resource. Each of |
| the frameworks in that role are then offered additional resources in turn.</p> |
| |
| <p>The resource allocation process can be customized by assigning |
| <em><a href="/documentation/latest/./weights/">weights</a></em> to roles: a role with a weight of 2 will be allocated |
| twice the fair share of a role with a weight of 1. By default, every role has a |
| weight of 1. Weights can be configured using the |
| <a href="/documentation/latest/./endpoints/master/weights/">/weights</a> operator endpoint, or else using the |
| deprecated <code>--weights</code> command-line flag when starting the Mesos master.</p> |
| |
| <h2>Role vs. Principal</h2> |
| |
| <p>A principal identifies an entity that interacts with Mesos; principals are |
| similar to user names. For example, frameworks supply a principal when they |
| register with the Mesos master, and operators provide a principal when using the |
| operator HTTP endpoints. An entity may be required to |
| <a href="/documentation/latest/./authentication/">authenticate</a> with its principal in order to prove its |
| identity, and the principal may be used to <a href="/documentation/latest/./authorization/">authorize</a> actions |
| performed by an entity, such as <a href="/documentation/latest/./reservation/">resource reservation</a> and |
| <a href="/documentation/latest/./persistent-volume/">persistent volume</a> creation/destruction.</p> |
| |
| <p>Roles, on the other hand, are used exclusively to associate resources with |
| frameworks in various ways, as covered above.</p> |
| |
| </div> |
| </div> |
| |
| </div><!-- /.container --> |
| </div><!-- /.content --> |
| |
| <hr> |
| |
| |
| |
| <!-- footer --> |
| <div class="footer"> |
| <div class="container"> |
| <div class="col-md-4 social-blk"> |
| <span class="social"> |
| <a href="https://twitter.com/ApacheMesos" |
| class="twitter-follow-button" |
| data-show-count="false" data-size="large">Follow @ApacheMesos</a> |
| <script>!function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0],p=/^http:/.test(d.location)?'http':'https';if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.src=p+'://platform.twitter.com/widgets.js';fjs.parentNode.insertBefore(js,fjs);}}(document, 'script', 'twitter-wjs');</script> |
| <a href="https://twitter.com/intent/tweet?button_hashtag=mesos" |
| class="twitter-hashtag-button" |
| data-size="large" |
| data-related="ApacheMesos">Tweet #mesos</a> |
| <script>!function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0],p=/^http:/.test(d.location)?'http':'https';if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.src=p+'://platform.twitter.com/widgets.js';fjs.parentNode.insertBefore(js,fjs);}}(document, 'script', 'twitter-wjs');</script> |
| </span> |
| </div> |
| |
| <div class="col-md-8 trademark"> |
| <p>© 2012-2017 <a href="http://apache.org">The Apache Software Foundation</a>. |
| Apache Mesos, the Apache feather logo, and the Apache Mesos project logo are trademarks of The Apache Software Foundation. |
| <p> |
| </div> |
| </div><!-- /.container --> |
| </div><!-- /.footer --> |
| |
| <!-- JS --> |
| <script src="//code.jquery.com/jquery-1.11.0.min.js" type="text/javascript"></script> |
| <script src="//netdna.bootstrapcdn.com/bootstrap/3.1.1/js/bootstrap.min.js" type="text/javascript"></script> |
| </body> |
| </html> |