publish/documentation/latest/roles/index.html - mesos-site - Git at Google

 <!DOCTYPE html>
 <html>
   <head>
     <meta charset="utf-8">
     <title>Apache Mesos - Roles</title>
     <meta name="viewport" content="width=device-width, initial-scale=1.0">

     <meta property="og:locale" content="en_US"/>
     <meta property="og:type" content="website"/>
     <meta property="og:title" content="Apache Mesos"/>
     <meta property="og:site_name" content="Apache Mesos"/>
     <meta property="og:url" content="http://mesos.apache.org/"/>
     <meta property="og:image" content="http://mesos.apache.org/assets/img/mesos_logo_fb_preview.png"/>
     <meta property="og:description"
           content="Apache Mesos abstracts resources away from machines,
                    enabling fault-tolerant and elastic distributed systems
                    to easily be built and run effectively."/>

     <meta name="twitter:card" content="summary"/>
     <meta name="twitter:site" content="@ApacheMesos"/>
     <meta name="twitter:title" content="Apache Mesos"/>
     <meta name="twitter:image" content="http://mesos.apache.org/assets/img/mesos_logo_fb_preview.png"/>
     <meta name="twitter:description"
           content="Apache Mesos abstracts resources away from machines,
                    enabling fault-tolerant and elastic distributed systems
                    to easily be built and run effectively."/>

     <link href="//netdna.bootstrapcdn.com/bootstrap/3.1.1/css/bootstrap.min.css" rel="stylesheet">
     <link rel="alternate" type="application/atom+xml" title="Apache Mesos Blog" href="/blog/feed.xml">
     <link href="../../../assets/css/main.css" media="screen" rel="stylesheet" type="text/css" />


     <!-- Google Analytics Magic -->
     <script type="text/javascript">
     var _gaq = _gaq || [];
     _gaq.push(['_setAccount', 'UA-20226872-1']);
     _gaq.push(['_setDomainName', 'apache.org']);
     _gaq.push(['_trackPageview']);

     (function() {
       var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
       ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
       var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
     })();
     </script>

   </head>
   <body>
     <!-- magical breadcrumbs -->
     <div class="topnav">
       <div class="container">
         <ul class="breadcrumb">
           <li>
             <div class="dropdown">
               <a data-toggle="dropdown" href="#">Apache Software Foundation <span class="caret"></span></a>
               <ul class="dropdown-menu" role="menu" aria-labelledby="dLabel">
                 <li><a href="http://www.apache.org">Apache Homepage</a></li>
                 <li><a href="http://www.apache.org/licenses/">License</a></li>
                 <li><a href="http://www.apache.org/foundation/sponsorship.html">Sponsorship</a></li>
                 <li><a href="http://www.apache.org/foundation/thanks.html">Thanks</a></li>
                 <li><a href="http://www.apache.org/security/">Security</a></li>
               </ul>
             </div>
           </li>

           <li><a href="http://mesos.apache.org">Apache Mesos</a></li>


           <li><a href="/documentation
 /">Documentation
 </a></li>


         </ul><!-- /.breadcrumb -->
       </div><!-- /.container -->
     </div><!-- /.topnav -->

     <!-- navbar excitement -->
 <div class="navbar navbar-default navbar-static-top" role="navigation">
   <div class="container">
     <div class="navbar-header">
       <button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#mesos-menu" aria-expanded="false">
       <span class="sr-only">Toggle navigation</span>
       <span class="icon-bar"></span>
       <span class="icon-bar"></span>
       <span class="icon-bar"></span>
       </button>
       <a class="navbar-brand" href="/"><img src="/assets/img/mesos_logo.png" alt="Apache Mesos logo"/></a>
     </div><!-- /.navbar-header -->

     <div class="navbar-collapse collapse" id="mesos-menu">
       <ul class="nav navbar-nav navbar-right">
         <li><a href="/gettingstarted/">Getting Started</a></li>
         <li><a href="/blog/">Blog</a></li>
         <li><a href="/documentation/latest/">Documentation</a></li>
         <li><a href="/downloads/">Downloads</a></li>
         <li><a href="/community/">Community</a></li>
       </ul>
     </div><!-- /#mesos-menu -->
   </div><!-- /.container -->
 </div><!-- /.navbar -->

 <div class="content">
   <div class="container">
     <div class="row-fluid">
   <div class="col-md-4">
     <h4>If you're new to Mesos</h4>
     <p>See the <a href="/gettingstarted/">getting started</a> page for more
        information about downloading, building, and deploying Mesos.</p>

     <h4>If you'd like to get involved or you're looking for support</h4>
     <p>See our <a href="/community/">community</a> page for more details.</p>
   </div>
   <div class="col-md-8">
     <h1>Roles</h1>

 <p>In Mesos, <strong>roles</strong> can be used to specify that certain
 <a href="/documentation/latest/./attributes-resources/">resources</a> are reserved for the use of one or more
 frameworks. Roles can be used to enable a variety of restrictions on how
 resources are offered to frameworks. Some use-cases for roles include:</p>

 <ul>
 <li>arranging for all the resources on a particular agent to only be offered to a
 particular framework.</li>
 <li>dividing a cluster between two organizations: resources reserved for use by
 organization <em>A</em> will only be offered to frameworks that have registered
 using organization <em>A</em>&rsquo;s role (see the
 <a href="/documentation/latest/./reservation/">reservation documentation</a>).</li>
 <li>ensuring that <a href="/documentation/latest/./persistent-volume/">persistent volumes</a> created by one
 framework are not offered to frameworks registered with a different role.</li>
 <li>expressing that one group of frameworks should be considered &ldquo;higher priority&rdquo;
 (and offered more resources) than another group of frameworks.</li>
 <li>setting a guaranteed resource allocation for one or more frameworks belonging
 to a role (see the <a href="/documentation/latest/./quota/">quota documentation</a>).</li>
 </ul>


 <h2>Roles and access control</h2>

 <p>There are two ways to control which roles a framework is allowed to register
 as. First, ACLs can be used to specify which framework principals can register
 as which roles. For more information, see the <a href="/documentation/latest/./authorization/">authorization</a>
 documentation.</p>

 <p>Second, a <em>role whitelist</em> can be configured by passing the <code>--roles</code> flag to
 the Mesos master at startup. This flag specifies a comma-separated list of role
 names. If the whitelist is specified, only roles that appear in the whitelist
 can be used. To change the whitelist, the Mesos master must be restarted. Note
 that in a high-availability deployment of Mesos, you should take care to ensure
 that all Mesos masters are configured with the same whitelist.</p>

 <p>In Mesos 0.26 and earlier, you should typically configure <em>both</em> ACLs and the
 whitelist, because in these versions of Mesos, any role that does not appear in
 the whitelist cannot be used.</p>

 <p>In Mesos 0.27, this behavior has changed: if <code>--roles</code> is not specified, the
 whitelist permits <em>any role name</em> to be used. Hence, in Mesos 0.27, the
 recommended practice is to only use ACLs to define which roles can be used; the
 <code>--roles</code> command-line flag is deprecated.</p>

 <h2>Associating frameworks with roles</h2>

 <p>A framework can optionally specify the role it would like to use when it
 registers with the master.</p>

 <p>As a developer, you can specify the role your framework will use via the <code>role</code>
 field of the <code>FrameworkInfo</code> message.</p>

 <p>As a user, you can typically specify which role a framework will use when you
 start the framework. How to do this depends on the user interface of the
 framework you&rsquo;re using; for example, Marathon takes a <code>--mesos_role</code>
 command-line flag.</p>

 <p><a id="roles-multiple-frameworks"></a></p>

 <h3>Multiple frameworks in the same role</h3>

 <p>Multiple frameworks can use the same role. This can be useful: for example, one
 framework can create a persistent volume and write data to it. Once the task
 that writes data to the persistent volume has finished, the volume will be
 offered to other frameworks in the same role; this might give a second
 (&ldquo;consumer&rdquo;) framework the opportunity to launch a task that reads the data
 produced by the first (&ldquo;producer&rdquo;) framework.</p>

 <p>However, configuring multiple frameworks to use the same role should be done
 with caution, because all the frameworks will have access to any resources that
 have been reserved for that role. For example, if a framework stores sensitive
 information on a persistent volume, that volume might be offered to a different
 framework in the same role. Similarly, if one framework creates a persistent
 volume, another framework in the same role might &ldquo;steal&rdquo; the volume and use it
 to launch a task of its own. In general, multiple frameworks sharing the same
 role should be prepared to collaborate with one another to ensure that
 role-specific resources are used appropriately.</p>

 <h2>Associating resources with roles</h2>

 <p>A resource is assigned to a role using a <em>reservation</em>. Resources can either be
 reserved <em>statically</em> (when the agent that hosts the resource is started) or
 <em>dynamically</em>: frameworks and operators can specify that a certain resource
 should subsequently be reserved for use by a given role. For more information,
 see the <a href="/documentation/latest/./reservation/">reservation</a> documentation.</p>

 <h2>The default role</h2>

 <p>The role named <code>*</code> is special. Resources that are assigned to the <code>*</code> role are
 considered &ldquo;unreserved&rdquo;; similarly, when a framework registers without providing
 a role, it is assigned to the <code>*</code> role. By default, all the resources at an
 agent node are initially assigned to the <code>*</code> role (this can be changed via the
 <code>--default_role</code> command-line flag when starting the agent).</p>

 <p>The <code>*</code> role behaves differently from non-default roles. For example, dynamic
 reservations can be used to reassign resources from the <code>*</code> role to a specific
 role, but not from one specific role to another specific role (without first
 unreserving the resource, e.g., using the <a href="/documentation/latest/./endpoints/master/unreserve/">/unreserve</a>
 operator HTTP endpoint). Similarly, persistent volumes cannot be created on
 unreserved resources.</p>

 <h2>Invalid role</h2>

 <p>A role name must be a valid directory name, so it cannot:</p>

 <ul>
 <li>Be an empty string</li>
 <li>Be <code>.</code> or <code>..</code></li>
 <li>Start with <code>-</code></li>
 <li>Contain any slash, backspace, or whitespace character</li>
 </ul>


 <h2>Roles and resource allocation</h2>

 <p>By default, the Mesos master uses Dominant Resource Fairness (DRF) to allocate
 resources. In particular, this implementation of DRF first identifies which
 <em>role</em> is furthest below its fair share of the role&rsquo;s dominant resource. Each of
 the frameworks in that role are then offered additional resources in turn.</p>

 <p>The resource allocation process can be customized by assigning
 <em><a href="/documentation/latest/./weights/">weights</a></em> to roles: a role with a weight of 2 will be allocated
 twice the fair share of a role with a weight of 1. By default, every role has a
 weight of 1. Weights can be configured using the
 <a href="/documentation/latest/./endpoints/master/weights/">/weights</a> operator endpoint, or else using the
 deprecated <code>--weights</code> command-line flag when starting the Mesos master.</p>

 <h2>Role vs. Principal</h2>

 <p>A principal identifies an entity that interacts with Mesos; principals are
 similar to user names. For example, frameworks supply a principal when they
 register with the Mesos master, and operators provide a principal when using the
 operator HTTP endpoints. An entity may be required to
 <a href="/documentation/latest/./authentication/">authenticate</a> with its principal in order to prove its
 identity, and the principal may be used to <a href="/documentation/latest/./authorization/">authorize</a> actions
 performed by an entity, such as <a href="/documentation/latest/./reservation/">resource reservation</a> and
 <a href="/documentation/latest/./persistent-volume/">persistent volume</a> creation/destruction.</p>

 <p>Roles, on the other hand, are used exclusively to associate resources with
 frameworks in various ways, as covered above.</p>

   </div>
 </div>

   </div><!-- /.container -->
 </div><!-- /.content -->

 <hr>


     <!-- footer -->
     <div class="footer">
       <div class="container">
         <div class="col-md-4 social-blk">
           <span class="social">
             <a href="https://twitter.com/ApacheMesos"
               class="twitter-follow-button"
               data-show-count="false" data-size="large">Follow @ApacheMesos</a>
             <script>!function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0],p=/^http:/.test(d.location)?'http':'https';if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.src=p+'://platform.twitter.com/widgets.js';fjs.parentNode.insertBefore(js,fjs);}}(document, 'script', 'twitter-wjs');</script>
             <a href="https://twitter.com/intent/tweet?button_hashtag=mesos"
               class="twitter-hashtag-button"
               data-size="large"
               data-related="ApacheMesos">Tweet #mesos</a>
             <script>!function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0],p=/^http:/.test(d.location)?'http':'https';if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.src=p+'://platform.twitter.com/widgets.js';fjs.parentNode.insertBefore(js,fjs);}}(document, 'script', 'twitter-wjs');</script>
           </span>
         </div>

         <div class="col-md-8 trademark">
           <p>&copy; 2012-2017 <a href="http://apache.org">The Apache Software Foundation</a>.
             Apache Mesos, the Apache feather logo, and the Apache Mesos project logo are trademarks of The Apache Software Foundation.
           <p>
         </div>
       </div><!-- /.container -->
     </div><!-- /.footer -->

     <!-- JS -->
     <script src="//code.jquery.com/jquery-1.11.0.min.js" type="text/javascript"></script>
     <script src="//netdna.bootstrapcdn.com/bootstrap/3.1.1/js/bootstrap.min.js" type="text/javascript"></script>
   </body>
 </html>
	<!DOCTYPE html>
	<html>
	<head>
	<meta charset="utf-8">
	<title>Apache Mesos - Roles</title>
	<meta name="viewport" content="width=device-width, initial-scale=1.0">

	<meta property="og:locale" content="en_US"/>
	<meta property="og:type" content="website"/>
	<meta property="og:title" content="Apache Mesos"/>
	<meta property="og:site_name" content="Apache Mesos"/>
	<meta property="og:url" content="http://mesos.apache.org/"/>
	<meta property="og:image" content="http://mesos.apache.org/assets/img/mesos_logo_fb_preview.png"/>
	<meta property="og:description"
	content="Apache Mesos abstracts resources away from machines,
	enabling fault-tolerant and elastic distributed systems
	to easily be built and run effectively."/>

	<meta name="twitter:card" content="summary"/>
	<meta name="twitter:site" content="@ApacheMesos"/>
	<meta name="twitter:title" content="Apache Mesos"/>
	<meta name="twitter:image" content="http://mesos.apache.org/assets/img/mesos_logo_fb_preview.png"/>
	<meta name="twitter:description"
	content="Apache Mesos abstracts resources away from machines,
	enabling fault-tolerant and elastic distributed systems
	to easily be built and run effectively."/>

	<link href="//netdna.bootstrapcdn.com/bootstrap/3.1.1/css/bootstrap.min.css" rel="stylesheet">
	<link rel="alternate" type="application/atom+xml" title="Apache Mesos Blog" href="/blog/feed.xml">
	<link href="../../../assets/css/main.css" media="screen" rel="stylesheet" type="text/css" />



	<!-- Google Analytics Magic -->
	<script type="text/javascript">
	var _gaq = _gaq \|\| [];
	_gaq.push(['_setAccount', 'UA-20226872-1']);
	_gaq.push(['_setDomainName', 'apache.org']);
	_gaq.push(['_trackPageview']);

	(function() {
	var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
	ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
	var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
	})();
	</script>

	</head>
	<body>
	<!-- magical breadcrumbs -->
	<div class="topnav">
	<div class="container">
	<ul class="breadcrumb">
	<li>
	<div class="dropdown">
	<a data-toggle="dropdown" href="#">Apache Software Foundation <span class="caret"></span></a>
	<ul class="dropdown-menu" role="menu" aria-labelledby="dLabel">
	<li><a href="http://www.apache.org">Apache Homepage</a></li>
	<li><a href="http://www.apache.org/licenses/">License</a></li>
	<li><a href="http://www.apache.org/foundation/sponsorship.html">Sponsorship</a></li>
	<li><a href="http://www.apache.org/foundation/thanks.html">Thanks</a></li>
	<li><a href="http://www.apache.org/security/">Security</a></li>
	</ul>
	</div>
	</li>

	<li><a href="http://mesos.apache.org">Apache Mesos</a></li>


	<li><a href="/documentation
	/">Documentation
	</a></li>


	</ul><!-- /.breadcrumb -->
	</div><!-- /.container -->
	</div><!-- /.topnav -->

	<!-- navbar excitement -->
	<div class="navbar navbar-default navbar-static-top" role="navigation">
	<div class="container">
	<div class="navbar-header">
	<button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#mesos-menu" aria-expanded="false">
	<span class="sr-only">Toggle navigation</span>
	<span class="icon-bar"></span>
	<span class="icon-bar"></span>
	<span class="icon-bar"></span>
	</button>
	<a class="navbar-brand" href="/"><img src="/assets/img/mesos_logo.png" alt="Apache Mesos logo"/></a>
	</div><!-- /.navbar-header -->

	<div class="navbar-collapse collapse" id="mesos-menu">
	<ul class="nav navbar-nav navbar-right">
	<li><a href="/gettingstarted/">Getting Started</a></li>
	<li><a href="/blog/">Blog</a></li>
	<li><a href="/documentation/latest/">Documentation</a></li>
	<li><a href="/downloads/">Downloads</a></li>
	<li><a href="/community/">Community</a></li>
	</ul>
	</div><!-- /#mesos-menu -->
	</div><!-- /.container -->
	</div><!-- /.navbar -->

	<div class="content">
	<div class="container">
	<div class="row-fluid">
	<div class="col-md-4">
	<h4>If you're new to Mesos</h4>
	<p>See the <a href="/gettingstarted/">getting started</a> page for more
	information about downloading, building, and deploying Mesos.</p>

	<h4>If you'd like to get involved or you're looking for support</h4>
	<p>See our <a href="/community/">community</a> page for more details.</p>
	</div>
	<div class="col-md-8">
	<h1>Roles</h1>

	<p>In Mesos, <strong>roles</strong> can be used to specify that certain
	<a href="/documentation/latest/./attributes-resources/">resources</a> are reserved for the use of one or more
	frameworks. Roles can be used to enable a variety of restrictions on how
	resources are offered to frameworks. Some use-cases for roles include:</p>

	<ul>
	<li>arranging for all the resources on a particular agent to only be offered to a
	particular framework.</li>
	<li>dividing a cluster between two organizations: resources reserved for use by
	organization <em>A</em> will only be offered to frameworks that have registered
	using organization <em>A</em>’s role (see the
	<a href="/documentation/latest/./reservation/">reservation documentation</a>).</li>
	<li>ensuring that <a href="/documentation/latest/./persistent-volume/">persistent volumes</a> created by one
	framework are not offered to frameworks registered with a different role.</li>
	<li>expressing that one group of frameworks should be considered “higher priority”
	(and offered more resources) than another group of frameworks.</li>
	<li>setting a guaranteed resource allocation for one or more frameworks belonging
	to a role (see the <a href="/documentation/latest/./quota/">quota documentation</a>).</li>
	</ul>


	<h2>Roles and access control</h2>

	<p>There are two ways to control which roles a framework is allowed to register
	as. First, ACLs can be used to specify which framework principals can register
	as which roles. For more information, see the <a href="/documentation/latest/./authorization/">authorization</a>
	documentation.</p>

	<p>Second, a <em>role whitelist</em> can be configured by passing the <code>--roles</code> flag to
	the Mesos master at startup. This flag specifies a comma-separated list of role
	names. If the whitelist is specified, only roles that appear in the whitelist
	can be used. To change the whitelist, the Mesos master must be restarted. Note
	that in a high-availability deployment of Mesos, you should take care to ensure
	that all Mesos masters are configured with the same whitelist.</p>

	<p>In Mesos 0.26 and earlier, you should typically configure <em>both</em> ACLs and the
	whitelist, because in these versions of Mesos, any role that does not appear in
	the whitelist cannot be used.</p>

	<p>In Mesos 0.27, this behavior has changed: if <code>--roles</code> is not specified, the
	whitelist permits <em>any role name</em> to be used. Hence, in Mesos 0.27, the
	recommended practice is to only use ACLs to define which roles can be used; the
	<code>--roles</code> command-line flag is deprecated.</p>

	<h2>Associating frameworks with roles</h2>

	<p>A framework can optionally specify the role it would like to use when it
	registers with the master.</p>

	<p>As a developer, you can specify the role your framework will use via the <code>role</code>
	field of the <code>FrameworkInfo</code> message.</p>

	<p>As a user, you can typically specify which role a framework will use when you
	start the framework. How to do this depends on the user interface of the
	framework you’re using; for example, Marathon takes a <code>--mesos_role</code>
	command-line flag.</p>

	<p><a id="roles-multiple-frameworks"></a></p>

	<h3>Multiple frameworks in the same role</h3>

	<p>Multiple frameworks can use the same role. This can be useful: for example, one
	framework can create a persistent volume and write data to it. Once the task
	that writes data to the persistent volume has finished, the volume will be
	offered to other frameworks in the same role; this might give a second
	(“consumer”) framework the opportunity to launch a task that reads the data
	produced by the first (“producer”) framework.</p>

	<p>However, configuring multiple frameworks to use the same role should be done
	with caution, because all the frameworks will have access to any resources that
	have been reserved for that role. For example, if a framework stores sensitive
	information on a persistent volume, that volume might be offered to a different
	framework in the same role. Similarly, if one framework creates a persistent
	volume, another framework in the same role might “steal” the volume and use it
	to launch a task of its own. In general, multiple frameworks sharing the same
	role should be prepared to collaborate with one another to ensure that
	role-specific resources are used appropriately.</p>

	<h2>Associating resources with roles</h2>

	<p>A resource is assigned to a role using a <em>reservation</em>. Resources can either be
	reserved <em>statically</em> (when the agent that hosts the resource is started) or
	<em>dynamically</em>: frameworks and operators can specify that a certain resource
	should subsequently be reserved for use by a given role. For more information,
	see the <a href="/documentation/latest/./reservation/">reservation</a> documentation.</p>

	<h2>The default role</h2>

	<p>The role named <code></code> is special. Resources that are assigned to the <code></code> role are
	considered “unreserved”; similarly, when a framework registers without providing
	a role, it is assigned to the <code>*</code> role. By default, all the resources at an
	agent node are initially assigned to the <code>*</code> role (this can be changed via the
	<code>--default_role</code> command-line flag when starting the agent).</p>

	<p>The <code>*</code> role behaves differently from non-default roles. For example, dynamic
	reservations can be used to reassign resources from the <code>*</code> role to a specific
	role, but not from one specific role to another specific role (without first
	unreserving the resource, e.g., using the <a href="/documentation/latest/./endpoints/master/unreserve/">/unreserve</a>
	operator HTTP endpoint). Similarly, persistent volumes cannot be created on
	unreserved resources.</p>

	<h2>Invalid role</h2>

	<p>A role name must be a valid directory name, so it cannot:</p>

	<ul>
	<li>Be an empty string</li>
	<li>Be <code>.</code> or <code>..</code></li>
	<li>Start with <code>-</code></li>
	<li>Contain any slash, backspace, or whitespace character</li>
	</ul>


	<h2>Roles and resource allocation</h2>

	<p>By default, the Mesos master uses Dominant Resource Fairness (DRF) to allocate
	resources. In particular, this implementation of DRF first identifies which
	<em>role</em> is furthest below its fair share of the role’s dominant resource. Each of
	the frameworks in that role are then offered additional resources in turn.</p>

	<p>The resource allocation process can be customized by assigning
	<em><a href="/documentation/latest/./weights/">weights</a></em> to roles: a role with a weight of 2 will be allocated
	twice the fair share of a role with a weight of 1. By default, every role has a
	weight of 1. Weights can be configured using the
	<a href="/documentation/latest/./endpoints/master/weights/">/weights</a> operator endpoint, or else using the
	deprecated <code>--weights</code> command-line flag when starting the Mesos master.</p>

	<h2>Role vs. Principal</h2>

	<p>A principal identifies an entity that interacts with Mesos; principals are
	similar to user names. For example, frameworks supply a principal when they
	register with the Mesos master, and operators provide a principal when using the
	operator HTTP endpoints. An entity may be required to
	<a href="/documentation/latest/./authentication/">authenticate</a> with its principal in order to prove its
	identity, and the principal may be used to <a href="/documentation/latest/./authorization/">authorize</a> actions
	performed by an entity, such as <a href="/documentation/latest/./reservation/">resource reservation</a> and
	<a href="/documentation/latest/./persistent-volume/">persistent volume</a> creation/destruction.</p>

	<p>Roles, on the other hand, are used exclusively to associate resources with
	frameworks in various ways, as covered above.</p>

	</div>
	</div>

	</div><!-- /.container -->
	</div><!-- /.content -->

	<hr>



	<!-- footer -->
	<div class="footer">
	<div class="container">
	<div class="col-md-4 social-blk">
	<span class="social">
	<a href="https://twitter.com/ApacheMesos"
	class="twitter-follow-button"
	data-show-count="false" data-size="large">Follow @ApacheMesos</a>
	<script>!function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0],p=/^http:/.test(d.location)?'http':'https';if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.src=p+'://platform.twitter.com/widgets.js';fjs.parentNode.insertBefore(js,fjs);}}(document, 'script', 'twitter-wjs');</script>
	<a href="https://twitter.com/intent/tweet?button_hashtag=mesos"
	class="twitter-hashtag-button"
	data-size="large"
	data-related="ApacheMesos">Tweet #mesos</a>
	<script>!function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0],p=/^http:/.test(d.location)?'http':'https';if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.src=p+'://platform.twitter.com/widgets.js';fjs.parentNode.insertBefore(js,fjs);}}(document, 'script', 'twitter-wjs');</script>
	</span>
	</div>

	<div class="col-md-8 trademark">
	<p>© 2012-2017 <a href="http://apache.org">The Apache Software Foundation</a>.
	Apache Mesos, the Apache feather logo, and the Apache Mesos project logo are trademarks of The Apache Software Foundation.
	<p>
	</div>
	</div><!-- /.container -->
	</div><!-- /.footer -->

	<!-- JS -->
	<script src="//code.jquery.com/jquery-1.11.0.min.js" type="text/javascript"></script>
	<script src="//netdna.bootstrapcdn.com/bootstrap/3.1.1/js/bootstrap.min.js" type="text/javascript"></script>
	</body>
	</html>