aurora-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jfarr...@apache.org
Subject svn commit: r1678852 - in /aurora/site: ./ publish/ publish/blog/ publish/blog/aurora-0-6-0-incubating-released/ publish/docs/howtocontribute/ publish/documentation/latest/ publish/documentation/latest/client-commands/ publish/documentation/latest/conf...
Date Tue, 12 May 2015 03:06:07 GMT
Author: jfarrell
Date: Tue May 12 03:06:06 2015
New Revision: 1678852

URL: http://svn.apache.org/r1678852
Log:
Updating for 0.8.0 release

Added:
    aurora/site/publish/documentation/latest/security/
    aurora/site/publish/documentation/latest/security/index.html
    aurora/site/source/documentation/latest/security.md
Modified:
    aurora/site/Gemfile
    aurora/site/Gemfile.lock
    aurora/site/publish/blog/aurora-0-6-0-incubating-released/index.html
    aurora/site/publish/blog/feed.xml
    aurora/site/publish/docs/howtocontribute/index.html
    aurora/site/publish/documentation/latest/client-commands/index.html
    aurora/site/publish/documentation/latest/configuration-reference/index.html
    aurora/site/publish/documentation/latest/configuration-tutorial/index.html
    aurora/site/publish/documentation/latest/contributing/index.html
    aurora/site/publish/documentation/latest/cron-jobs/index.html
    aurora/site/publish/documentation/latest/deploying-aurora-scheduler/index.html
    aurora/site/publish/documentation/latest/developing-aurora-client/index.html
    aurora/site/publish/documentation/latest/developing-aurora-scheduler/index.html
    aurora/site/publish/documentation/latest/hooks/index.html
    aurora/site/publish/documentation/latest/index.html
    aurora/site/publish/documentation/latest/monitoring/index.html
    aurora/site/publish/documentation/latest/resource-isolation/index.html
    aurora/site/publish/documentation/latest/sla/index.html
    aurora/site/publish/documentation/latest/storage/index.html
    aurora/site/publish/documentation/latest/thrift-deprecation/index.html
    aurora/site/publish/documentation/latest/tutorial/index.html
    aurora/site/publish/documentation/latest/user-guide/index.html
    aurora/site/publish/downloads/index.html
    aurora/site/publish/sitemap.xml
    aurora/site/source/downloads.html.md
    aurora/site/source/index.html.md

Modified: aurora/site/Gemfile
URL: http://svn.apache.org/viewvc/aurora/site/Gemfile?rev=1678852&r1=1678851&r2=1678852&view=diff
==============================================================================
--- aurora/site/Gemfile (original)
+++ aurora/site/Gemfile Tue May 12 03:06:06 2015
@@ -3,7 +3,7 @@ source 'https://rubygems.org'
 gem 'middleman', '3.2.0'
 gem 'middleman-livereload', '3.1.0'
 gem 'middleman-syntax', '1.2.1'
-gem 'therubyracer', '0.12.1'
+gem 'therubyracer'
 gem 'middleman-blog', '3.5.1'
 gem "htmlentities"
 gem 'redcarpet', github: 'vmg/redcarpet'

Modified: aurora/site/Gemfile.lock
URL: http://svn.apache.org/viewvc/aurora/site/Gemfile.lock?rev=1678852&r1=1678851&r2=1678852&view=diff
==============================================================================
--- aurora/site/Gemfile.lock (original)
+++ aurora/site/Gemfile.lock Tue May 12 03:06:06 2015
@@ -1,42 +1,48 @@
 GIT
   remote: git://github.com/vmg/redcarpet.git
-  revision: 5ffeb37fd5ef9bb5f163839ec5842a178049eb67
+  revision: 896f7287f463840a3ca991739f6b9aebc9144d7f
   specs:
-    redcarpet (3.1.1)
+    redcarpet (3.2.0)
 
 GEM
   remote: https://rubygems.org/
   specs:
-    activesupport (3.2.15)
+    activesupport (3.2.21)
       i18n (~> 0.6, >= 0.6.4)
       multi_json (~> 1.0)
-    addressable (2.3.5)
-    atomic (1.1.14)
-    chunky_png (1.2.9)
+    addressable (2.3.8)
+    chunky_png (1.3.4)
     coffee-script (2.2.0)
       coffee-script-source
       execjs
-    coffee-script-source (1.6.3)
-    compass (0.12.2)
+    coffee-script-source (1.9.1.1)
+    compass (1.0.3)
       chunky_png (~> 1.2)
-      fssm (>= 0.2.7)
-      sass (~> 3.1)
-    em-websocket (0.5.0)
+      compass-core (~> 1.0.2)
+      compass-import-once (~> 1.0.5)
+      rb-fsevent (>= 0.9.3)
+      rb-inotify (>= 0.9)
+      sass (>= 3.3.13, < 3.5)
+    compass-core (1.0.3)
+      multi_json (~> 1.0)
+      sass (>= 3.3.0, < 3.5)
+    compass-import-once (1.0.5)
+      sass (>= 3.2, < 3.5)
+    em-websocket (0.5.1)
       eventmachine (>= 0.12.9)
-      http_parser.rb (~> 0.5.3)
-    eventmachine (1.0.3)
-    execjs (1.4.0)
+      http_parser.rb (~> 0.6.0)
+    eventmachine (1.0.7)
+    execjs (1.4.1)
       multi_json (~> 1.0)
-    ffi (1.9.3)
-    fssm (0.2.10)
-    haml (4.0.4)
+    ffi (1.9.8)
+    haml (4.0.6)
       tilt
     hike (1.2.3)
-    htmlentities (4.3.2)
-    http_parser.rb (0.5.3)
+    htmlentities (4.3.3)
+    http_parser.rb (0.6.0)
     i18n (0.6.11)
-    kramdown (1.2.0)
-    libv8 (3.16.14.3)
+    kramdown (1.7.0)
+    libv8 (3.16.14.7)
     listen (1.3.1)
       rb-fsevent (>= 0.9.3)
       rb-inotify (>= 0.9)
@@ -69,48 +75,47 @@ GEM
       middleman-core (>= 3.0.2)
       multi_json (~> 1.0)
       rack-livereload
-    middleman-sprockets (3.2.0)
-      middleman-core (~> 3.2)
-      sprockets (~> 2.1)
-      sprockets-helpers (~> 1.0.0)
-      sprockets-sass (~> 1.0.0)
+    middleman-sprockets (3.3.3)
+      middleman-core (>= 3.2)
+      sprockets (~> 2.2)
+      sprockets-helpers (~> 1.1.0)
+      sprockets-sass (~> 1.1.0)
     middleman-syntax (1.2.1)
       middleman-core (~> 3.0)
       rouge (~> 0.3.0)
-    multi_json (1.8.2)
-    rack (1.5.2)
+    multi_json (1.11.0)
+    rack (1.6.1)
     rack-livereload (0.3.15)
       rack
-    rack-test (0.6.2)
+    rack-test (0.6.3)
       rack (>= 1.0)
     rake (10.3.1)
-    rb-fsevent (0.9.3)
-    rb-inotify (0.9.2)
+    rb-fsevent (0.9.4)
+    rb-inotify (0.9.5)
       ffi (>= 0.5.0)
-    rb-kqueue (0.2.0)
+    rb-kqueue (0.2.4)
       ffi (>= 0.5.0)
     ref (1.0.5)
     rouge (0.3.10)
       thor
-    sass (3.2.12)
-    sprockets (2.10.0)
+    sass (3.4.13)
+    sprockets (2.12.3)
       hike (~> 1.2)
       multi_json (~> 1.0)
       rack (~> 1.0)
       tilt (~> 1.1, != 1.3.0)
-    sprockets-helpers (1.0.1)
+    sprockets-helpers (1.1.0)
       sprockets (~> 2.0)
-    sprockets-sass (1.0.2)
+    sprockets-sass (1.1.0)
       sprockets (~> 2.0)
       tilt (~> 1.1)
-    therubyracer (0.12.1)
+    therubyracer (0.12.2)
       libv8 (~> 3.16.14.0)
       ref
-    thor (0.18.1)
-    thread_safe (0.1.3)
-      atomic
+    thor (0.19.1)
+    thread_safe (0.3.5)
     tilt (1.3.7)
-    tzinfo (1.1.0)
+    tzinfo (1.2.2)
       thread_safe (~> 0.1)
     uglifier (2.1.2)
       execjs (>= 0.3.0)
@@ -127,4 +132,4 @@ DEPENDENCIES
   middleman-syntax (= 1.2.1)
   rake (= 10.3.1)
   redcarpet!
-  therubyracer (= 0.12.1)
+  therubyracer

Modified: aurora/site/publish/blog/aurora-0-6-0-incubating-released/index.html
URL: http://svn.apache.org/viewvc/aurora/site/publish/blog/aurora-0-6-0-incubating-released/index.html?rev=1678852&r1=1678851&r2=1678852&view=diff
==============================================================================
--- aurora/site/publish/blog/aurora-0-6-0-incubating-released/index.html (original)
+++ aurora/site/publish/blog/aurora-0-6-0-incubating-released/index.html Tue May 12 03:06:06 2015
@@ -79,7 +79,7 @@
 
 <p>Full release notes are available in the release <a href="https://git-wip-us.apache.org/repos/asf?p=aurora.git&amp;f=CHANGELOG&amp;hb=0.6.0-rc2">CHANGELOG</a>.</p>
 
-<h2 id="highly-available,-scheduler-driven-updates">Highly-available, scheduler-driven updates</h2>
+<h2 id="highly-available-scheduler-driven-updates">Highly-available, scheduler-driven updates</h2>
 
 <p>Rolling updates of services is a crucial feature in Aurora. As such, we
 want to take great care when changing its behavior. Previously, Aurora operated

Modified: aurora/site/publish/blog/feed.xml
URL: http://svn.apache.org/viewvc/aurora/site/publish/blog/feed.xml?rev=1678852&r1=1678851&r2=1678852&view=diff
==============================================================================
--- aurora/site/publish/blog/feed.xml (original)
+++ aurora/site/publish/blog/feed.xml Tue May 12 03:06:06 2015
@@ -127,7 +127,7 @@
 
 &lt;p&gt;Full release notes are available in the release &lt;a href=&quot;https://git-wip-us.apache.org/repos/asf?p=aurora.git&amp;amp;f=CHANGELOG&amp;amp;hb=0.6.0-rc2&quot;&gt;CHANGELOG&lt;/a&gt;.&lt;/p&gt;
 
-&lt;h2 id=&quot;highly-available,-scheduler-driven-updates&quot;&gt;Highly-available, scheduler-driven updates&lt;/h2&gt;
+&lt;h2 id=&quot;highly-available-scheduler-driven-updates&quot;&gt;Highly-available, scheduler-driven updates&lt;/h2&gt;
 
 &lt;p&gt;Rolling updates of services is a crucial feature in Aurora. As such, we
 want to take great care when changing its behavior. Previously, Aurora operated

Modified: aurora/site/publish/docs/howtocontribute/index.html
URL: http://svn.apache.org/viewvc/aurora/site/publish/docs/howtocontribute/index.html?rev=1678852&r1=1678851&r2=1678852&view=diff
==============================================================================
--- aurora/site/publish/docs/howtocontribute/index.html (original)
+++ aurora/site/publish/docs/howtocontribute/index.html Tue May 12 03:06:06 2015
@@ -59,7 +59,7 @@ Subsequent runs will cache your login cr
 fields in your browser and hit Publish.</p>
 <pre class="highlight text">./rbt post -o -r &lt;RB_ID&gt;
 </pre>
-<h2 id="merging-your-own-review-(committers)">Merging Your Own Review (Committers)</h2>
+<h2 id="merging-your-own-review-committers-">Merging Your Own Review (Committers)</h2>
 
 <p>Once you have shipits from the right committers, merge your changes in a single commit and mark
 the review as submitted. The typical workflow is:</p>
@@ -74,7 +74,7 @@ git push origin master
 <p>Note that even if you&rsquo;re developing using feature branches you will not use <code>git merge</code> - each
 commit will be an atomic change accompanied by a ReviewBoard entry.</p>
 
-<h2 id="merging-someone-else&#39;s-review">Merging Someone Else&rsquo;s Review</h2>
+<h2 id="merging-someone-else-39-s-review">Merging Someone Else&rsquo;s Review</h2>
 
 <p>Sometimes you&rsquo;ll need to merge someone else&rsquo;s RB. The typical workflow for this is</p>
 <pre class="highlight text">git checkout master

Modified: aurora/site/publish/documentation/latest/client-commands/index.html
URL: http://svn.apache.org/viewvc/aurora/site/publish/documentation/latest/client-commands/index.html?rev=1678852&r1=1678851&r2=1678852&view=diff
==============================================================================
--- aurora/site/publish/documentation/latest/client-commands/index.html (original)
+++ aurora/site/publish/documentation/latest/client-commands/index.html Tue May 12 03:06:06 2015
@@ -251,7 +251,7 @@ progress until the first pulse arrives.
 <code>ROLL_BACK_PAUSED</code>) is still considered active and upon resuming will immediately make progress
 provided the pulse interval has not expired.</p>
 
-<h4 id="client-orchestrated-updates-(deprecated)">Client-orchestrated updates (deprecated)</h4>
+<h4 id="client-orchestrated-updates-deprecated-">Client-orchestrated updates (deprecated)</h4>
 
 <p><em>Note: This feature is deprecated and will be removed in 0.9.0.
 Please use aurora update instead.</em></p>
@@ -340,7 +340,7 @@ if it contains hook definitions and acti
 is determined using <code>diff</code>, though you may choose an alternate
  diff program by specifying the <code>DIFF_VIEWER</code> environment variable.</p>
 
-<h2 id="viewing/examining-jobs">Viewing/Examining Jobs</h2>
+<h2 id="viewing-examining-jobs">Viewing/Examining Jobs</h2>
 
 <p>Above we discussed creating, killing, and updating Jobs. Here we discuss
 how to view and examine Jobs.</p>

Modified: aurora/site/publish/documentation/latest/configuration-reference/index.html
URL: http://svn.apache.org/viewvc/aurora/site/publish/documentation/latest/configuration-reference/index.html?rev=1678852&r1=1678851&r2=1678852&view=diff
==============================================================================
--- aurora/site/publish/documentation/latest/configuration-reference/index.html (original)
+++ aurora/site/publish/documentation/latest/configuration-reference/index.html Tue May 12 03:06:06 2015
@@ -39,7 +39,7 @@
   	  	<div class="container content">
           <div class="col-md-12 documentation">
 <h5 class="page-header text-uppercase">Documentation</h5>
-<h1 id="aurora-+-thermos-configuration-reference">Aurora + Thermos Configuration Reference</h1>
+<h1 id="aurora-thermos-configuration-reference">Aurora + Thermos Configuration Reference</h1>
 
 <ul>
 <li><a href="#aurora--thermos-configuration-reference">Aurora + Thermos Configuration Reference</a></li>
@@ -209,7 +209,7 @@ specifically, <code>max_failures</code>
 <h4 id="ephemeral">ephemeral</h4>
 
 <p>By default, Thermos processes are non-ephemeral. If <code>ephemeral</code> is set to
-True, the process&#39; status is not used to determine if its containing task
+True, the process&rsquo; status is not used to determine if its containing task
 has completed. For example, consider a task with a non-ephemeral
 webserver process and an ephemeral logsaver process
 that periodically checkpoints its log files to a centralized data store.
@@ -787,7 +787,7 @@ most one task per rack:</p>
   &#39;rack&#39;: &#39;limit:1&#39;,
 }
 </pre>
-<p>Use these constraints sparingly as they can dramatically reduce Tasks&#39; schedulability.</p>
+<p>Use these constraints sparingly as they can dramatically reduce Tasks&rsquo; schedulability.</p>
 
 <h1 id="template-namespaces">Template Namespaces</h1>
 
@@ -844,7 +844,7 @@ compatible with Tasks invoked via the <c
 invoking tasks on Mesos. When running the <code>thermos</code> command directly,
 these ports must be explicitly mapped with the <code>-P</code> option.</p>
 
-<p>For example, if &lsquo;{{<code>thermos.ports[http]</code>}}&rsquo; is specified in a <code>Process</code>
+<p>For example, if &rsquo;{{<code>thermos.ports[http]</code>}}&rsquo; is specified in a <code>Process</code>
 configuration, it is automatically extracted and auto-populated by
 Aurora, but must be specified with, for example, <code>thermos -P http:12345</code>
 to map <code>http</code> to port 12345 when running via the CLI.</p>
@@ -853,7 +853,7 @@ to map <code>http</code> to port 12345 w
 
 <p>These are provided to give a basic understanding of simple Aurora jobs.</p>
 
-<h3 id="hello_world.aurora">hello_world.aurora</h3>
+<h3 id="hello_world-aurora">hello_world.aurora</h3>
 
 <p>Put the following in a file named <code>hello_world.aurora</code>, substituting your own values
 for values such as <code>cluster</code>s.</p>
@@ -878,7 +878,7 @@ aurora job kill cluster1/$USER/test/hell
 </pre>
 <h3 id="environment-tailoring">Environment Tailoring</h3>
 
-<h4 id="helloworldproductionized.aurora">hello<em>world</em>productionized.aurora</h4>
+<h4 id="helloworldproductionized-aurora">hello<em>world</em>productionized.aurora</h4>
 
 <p>Put the following in a file named <code>hello_world_productionized.aurora</code>, substituting your own values
 for values such as <code>cluster</code>s.</p>

Modified: aurora/site/publish/documentation/latest/configuration-tutorial/index.html
URL: http://svn.apache.org/viewvc/aurora/site/publish/documentation/latest/configuration-tutorial/index.html?rev=1678852&r1=1678851&r2=1678852&view=diff
==============================================================================
--- aurora/site/publish/documentation/latest/configuration-tutorial/index.html (original)
+++ aurora/site/publish/documentation/latest/configuration-tutorial/index.html Tue May 12 03:06:06 2015
@@ -337,7 +337,7 @@ accumulation of checkpointed state for e
 running in Aurora, <code>max_failures</code> is capped at
 100.</p></li>
 <li><p><code>ephemeral</code>: Defaulting to <code>False</code>, if <code>ephemeral</code> is <code>True</code>, the
-<code>Process</code>&lsquo; status is not used to determine if its bound <code>Task</code> has
+<code>Process</code>&rsquo; status is not used to determine if its bound <code>Task</code> has
 completed. For example, consider a <code>Task</code> with a
 non-ephemeral webserver process and an ephemeral logsaver process
 that periodically checkpoints its log files to a centralized data
@@ -470,14 +470,14 @@ number of seconds. If not, all still run
 never invoked).</p></li>
 </ul>
 
-<h3 id="sequentialtask:-running-processes-in-parallel-or-sequentially">SequentialTask: Running Processes in Parallel or Sequentially</h3>
+<h3 id="sequentialtask-running-processes-in-parallel-or-sequentially">SequentialTask: Running Processes in Parallel or Sequentially</h3>
 
 <p>By default, a Task with several Processes runs them in parallel. There
 are two ways to run Processes sequentially:</p>
 
 <ul>
 <li><p>Include an <code>order</code> constraint in the Task definition&rsquo;s <code>constraints</code>
-attribute whose arguments specify the processes&#39; run order:</p>
+attribute whose arguments specify the processes&rsquo; run order:</p>
 <pre class="highlight text">Task( ... processes=[process1, process2, process3],
       constraints = order(process1, process2, process3), ...)
 </pre></li>
@@ -527,8 +527,8 @@ repeat their definition for multiple Job
 difference between the two is the result Task&rsquo;s process ordering.</p>
 
 <ul>
-<li><p><code>Tasks.combine</code> runs its subtasks&#39; processes in no particular order.
-The new Task&rsquo;s resource consumption is the sum of all its subtasks&#39;
+<li><p><code>Tasks.combine</code> runs its subtasks&rsquo; processes in no particular order.
+The new Task&rsquo;s resource consumption is the sum of all its subtasks&rsquo;
 consumption.</p></li>
 <li><p><code>Tasks.concat</code> runs its subtasks in the order supplied, with each
 subtask&rsquo;s processes run serially between tasks. It is analogous to
@@ -729,7 +729,7 @@ Reference</em> without <code>import</cod
 injects them automatically. Other than that the <code>.aurora</code> format
 works like any other Python script.</p>
 
-<h3 id="templating-1:-binding-in-pystachio">Templating 1: Binding in Pystachio</h3>
+<h3 id="templating-1-binding-in-pystachio">Templating 1: Binding in Pystachio</h3>
 
 <p>Pystachio uses the visually distinctive {{}} to indicate template
 variables. These are often called &ldquo;mustache variables&rdquo; after the
@@ -791,7 +791,7 @@ String(second)
 other objects: lists, dictionaries, and structurals. These will be
 described in detail later.</p>
 
-<h3 id="structurals-in-pystachio-/-aurora">Structurals in Pystachio / Aurora</h3>
+<h3 id="structurals-in-pystachio-aurora">Structurals in Pystachio / Aurora</h3>
 
 <p>Most Aurora/Thermos users don&rsquo;t ever (knowingly) interact with <code>String</code>,
 <code>Float</code>, or <code>Integer</code> Pystashio objects directly. Instead they interact
@@ -872,7 +872,7 @@ attempts to resolve <code>Process.name</
 Attributes are implicitly converted to Mustache variables but not vice
 versa.</p>
 
-<h3 id="templating-2:-structurals-are-factories">Templating 2: Structurals Are Factories</h3>
+<h3 id="templating-2-structurals-are-factories">Templating 2: Structurals Are Factories</h3>
 
 <h4 id="a-second-way-of-templating">A Second Way of Templating</h4>
 
@@ -998,7 +998,7 @@ place.</p>
 
 <h2 id="configuration-file-writing-tips-and-best-practices">Configuration File Writing Tips And Best Practices</h2>
 
-<h3 id="use-as-few-.aurora-files-as-possible">Use As Few .aurora Files As Possible</h3>
+<h3 id="use-as-few-aurora-files-as-possible">Use As Few .aurora Files As Possible</h3>
 
 <p>When creating your <code>.aurora</code> configuration, try to keep all versions of
 a particular job within the same <code>.aurora</code> file. For example, if you
@@ -1084,7 +1084,7 @@ build_python = SequentialTask(
   name = &#39;build_python&#39;,
   processes = [download, unpack, build, email]).bind(python = Python(version = &quot;2.7.3&quot;))
 </pre>
-<h3 id="thermos-uses-bash,-but-thermos-is-not-bash">Thermos Uses bash, But Thermos Is Not bash</h3>
+<h3 id="thermos-uses-bash-but-thermos-is-not-bash">Thermos Uses bash, But Thermos Is Not bash</h3>
 
 <h4 id="bad">Bad</h4>
 

Modified: aurora/site/publish/documentation/latest/contributing/index.html
URL: http://svn.apache.org/viewvc/aurora/site/publish/documentation/latest/contributing/index.html?rev=1678852&r1=1678851&r2=1678852&view=diff
==============================================================================
--- aurora/site/publish/documentation/latest/contributing/index.html (original)
+++ aurora/site/publish/documentation/latest/contributing/index.html Tue May 12 03:06:06 2015
@@ -83,7 +83,7 @@ Subsequent runs will cache your login cr
 fields in your browser and hit Publish.</p>
 <pre class="highlight text">./rbt post -o -r &lt;RB_ID&gt;
 </pre>
-<h2 id="merging-your-own-review-(committers)">Merging Your Own Review (Committers)</h2>
+<h2 id="merging-your-own-review-committers-">Merging Your Own Review (Committers)</h2>
 
 <p>Once you have shipits from the right committers, merge your changes in a single commit and mark
 the review as submitted. The typical workflow is:</p>
@@ -98,7 +98,7 @@ git push origin master
 <p>Note that even if you&rsquo;re developing using feature branches you will not use <code>git merge</code> - each
 commit will be an atomic change accompanied by a ReviewBoard entry.</p>
 
-<h2 id="merging-someone-else&#39;s-review">Merging Someone Else&rsquo;s Review</h2>
+<h2 id="merging-someone-else-39-s-review">Merging Someone Else&rsquo;s Review</h2>
 
 <p>Sometimes you&rsquo;ll need to merge someone else&rsquo;s RB. The typical workflow for this is</p>
 <pre class="highlight text">git checkout master

Modified: aurora/site/publish/documentation/latest/cron-jobs/index.html
URL: http://svn.apache.org/viewvc/aurora/site/publish/documentation/latest/cron-jobs/index.html?rev=1678852&r1=1678851&r2=1678852&view=diff
==============================================================================
--- aurora/site/publish/documentation/latest/cron-jobs/index.html (original)
+++ aurora/site/publish/documentation/latest/cron-jobs/index.html Tue May 12 03:06:06 2015
@@ -142,7 +142,7 @@ with a new one. Only future runs will be
 <p>Start a cron job immediately, outside of its normal cron schedule.</p>
 <pre class="highlight text">$ aurora cron start devcluster/www-data/test/cron_hello_world
 </pre>
-<h3 id="job-killall,-job-restart,-job-kill">job killall, job restart, job kill</h3>
+<h3 id="job-killall-job-restart-job-kill">job killall, job restart, job kill</h3>
 
 <p>Cron jobs create instances running on the cluster that you can interact with like normal Aurora
 tasks with <code>job kill</code> and <code>job restart</code>.</p>

Modified: aurora/site/publish/documentation/latest/deploying-aurora-scheduler/index.html
URL: http://svn.apache.org/viewvc/aurora/site/publish/documentation/latest/deploying-aurora-scheduler/index.html?rev=1678852&r1=1678851&r2=1678852&view=diff
==============================================================================
--- aurora/site/publish/documentation/latest/deploying-aurora-scheduler/index.html (original)
+++ aurora/site/publish/documentation/latest/deploying-aurora-scheduler/index.html Tue May 12 03:06:06 2015
@@ -96,7 +96,7 @@ machines.  This guide helps you get the
 of all its dependencies, with the notable exceptions of the JVM and libmesos. Each target server
 should have a JVM (Java 7 or higher) and libmesos (0.22.0) installed.</p>
 
-<h3 id="creating-the-distribution-.zip-file-(optional)">Creating the Distribution .zip File (Optional)</h3>
+<h3 id="creating-the-distribution-zip-file-optional-">Creating the Distribution .zip File (Optional)</h3>
 
 <p>To create a distribution for installation you will need build tools installed. On Ubuntu this can be
 done with <code>sudo apt-get install build-essential default-jdk</code>.</p>

Modified: aurora/site/publish/documentation/latest/developing-aurora-client/index.html
URL: http://svn.apache.org/viewvc/aurora/site/publish/documentation/latest/developing-aurora-client/index.html?rev=1678852&r1=1678851&r2=1678852&view=diff
==============================================================================
--- aurora/site/publish/documentation/latest/developing-aurora-client/index.html (original)
+++ aurora/site/publish/documentation/latest/developing-aurora-client/index.html Tue May 12 03:06:06 2015
@@ -62,7 +62,7 @@ are:</p>
 <li>Test client code: <code>./pants test src/test/python/apache/aurora/client/cli:all</code></li>
 </ul>
 
-<h1 id="running/debugging-the-client">Running/Debugging the Client</h1>
+<h1 id="running-debugging-the-client">Running/Debugging the Client</h1>
 
 <p>For manually testing client changes against a cluster, we use <a href="https://www.vagrantup.com/">Vagrant</a>.
 To start a virtual cluster, you need to install Vagrant, and then run <code>vagrant up</code> for the root of
@@ -74,7 +74,7 @@ of mesos slaves, and an aurora scheduler
 </pre>
 <p>Once this completes, the <code>aurora</code> command will reflect your changes.</p>
 
-<h1 id="running/debugging-the-client-in-pycharm">Running/Debugging the Client in PyCharm</h1>
+<h1 id="running-debugging-the-client-in-pycharm">Running/Debugging the Client in PyCharm</h1>
 
 <p>It&rsquo;s possible to use PyCharm to run and debug both the client and client tests in an IDE. In order
 to do this, first run:</p>
@@ -93,7 +93,7 @@ Once the project is loaded:
   - select &#39;build-support/python/pycharm.venv/bin/python&#39;
   - click &#39;OK&#39;
 </pre>
-<h3 id="running/debugging-tests">Running/Debugging Tests</h3>
+<h3 id="running-debugging-tests">Running/Debugging Tests</h3>
 
 <p>After following these instructions, you should now be able to run/debug tests directly from the IDE
 by right-clicking on a test (or test class) and choosing to run or debug:</p>
@@ -104,7 +104,7 @@ by right-clicking on a test (or test cla
 
 <p><a href="/documentation/latest/images/debugging-client-test.png"><img alt="Debugging Client Test" src="../images/debugging-client-test.png" /></a></p>
 
-<h3 id="running/debugging-the-client">Running/Debugging the Client</h3>
+<h3 id="running-debugging-the-client">Running/Debugging the Client</h3>
 
 <p>Actually running and debugging the client is unfortunately a bit more complex. You&rsquo;ll need to create
 a Run configuration:</p>

Modified: aurora/site/publish/documentation/latest/developing-aurora-scheduler/index.html
URL: http://svn.apache.org/viewvc/aurora/site/publish/documentation/latest/developing-aurora-scheduler/index.html?rev=1678852&r1=1678851&r2=1678852&view=diff
==============================================================================
--- aurora/site/publish/documentation/latest/developing-aurora-scheduler/index.html (original)
+++ aurora/site/publish/documentation/latest/developing-aurora-scheduler/index.html Tue May 12 03:06:06 2015
@@ -97,7 +97,7 @@ Apache Foundation&rsquo;s third-party li
 
 <h1 id="developing-aurora-ui">Developing Aurora UI</h1>
 
-<h2 id="installing-bower-(optional)">Installing bower (optional)</h2>
+<h2 id="installing-bower-optional-">Installing bower (optional)</h2>
 
 <p>Third party JS libraries used in Aurora (located at 3rdparty/javascript/bower_components) are
 managed by bower, a JS dependency manager. Bower is only required if you plan to add, remove or

Modified: aurora/site/publish/documentation/latest/hooks/index.html
URL: http://svn.apache.org/viewvc/aurora/site/publish/documentation/latest/hooks/index.html?rev=1678852&r1=1678851&r2=1678852&view=diff
==============================================================================
--- aurora/site/publish/documentation/latest/hooks/index.html (original)
+++ aurora/site/publish/documentation/latest/hooks/index.html Tue May 12 03:06:06 2015
@@ -129,7 +129,7 @@ returning <code>True</code>. For example
 
 <h2 id="hookable-methods">Hookable Methods</h2>
 
-<p>You can associate <code>pre_</code>, <code>post_</code>, and <code>err_</code> hooks with the following methods. Since you do not directly interact with the methods, but rather the Aurora Command Line commands that call them, for each method we also list the command(s) that can call the method. Note that a different method or methods may be called by a command depending on how the command&rsquo;s other code executes. Similarly, multiple commands can call the same method. We also list the methods&#39; argument signatures, which are used by their associated hooks. <a name="Chart"></a></p>
+<p>You can associate <code>pre_</code>, <code>post_</code>, and <code>err_</code> hooks with the following methods. Since you do not directly interact with the methods, but rather the Aurora Command Line commands that call them, for each method we also list the command(s) that can call the method. Note that a different method or methods may be called by a command depending on how the command&rsquo;s other code executes. Similarly, multiple commands can call the same method. We also list the methods&rsquo; argument signatures, which are used by their associated hooks. <a name="Chart"></a></p>
 
 <table><thead>
 <tr>
@@ -187,7 +187,7 @@ returning <code>True</code>. For example
 
 <p>By default, hooks are inactive. If you do not want to use hooks, you do not need to make any changes to your code. If you do want to use hooks, you will need to alter your <code>.aurora</code> config file to activate them both for the configuration as a whole as well as for individual <code>Job</code>s. And, of course, you will need to define in your config file what happens when a particular hook executes.</p>
 
-<h2 id=".aurora-config-file-settings">.aurora Config File Settings</h2>
+<h2 id="-aurora-config-file-settings">.aurora Config File Settings</h2>
 
 <p>You can define a top-level <code>hooks</code> variable in any <code>.aurora</code> config file. <code>hooks</code> is a list of all objects that define hooks used by <code>Job</code>s defined in that config file. If you do not want to define any hooks for a configuration, <code>hooks</code> is optional.</p>
 <pre class="highlight text">hooks = [Object_with_defined_hooks1, Object_with_defined_hooks2]
@@ -196,7 +196,7 @@ returning <code>True</code>. For example
 
 <p>Also, for any <code>Job</code> that you want to use hooks with, its <code>Job</code> definition in the <code>.aurora</code> config file must set an <code>enable_hooks</code> flag to <code>True</code> (it defaults to <code>False</code>). By default, hooks are disabled and you must enable them for <code>Job</code>s of your choice.</p>
 
-<p>To summarize, to use hooks for a particular job, you must both activate hooks for your config file as a whole, and for that job. Activating hooks only for individual jobs won&rsquo;t work, nor will only activating hooks for your config file as a whole. You must also specify the hooks&#39; defining object in the <code>hooks</code> variable.</p>
+<p>To summarize, to use hooks for a particular job, you must both activate hooks for your config file as a whole, and for that job. Activating hooks only for individual jobs won&rsquo;t work, nor will only activating hooks for your config file as a whole. You must also specify the hooks&rsquo; defining object in the <code>hooks</code> variable.</p>
 
 <p>Recall that <code>.aurora</code> config files are written in Pystachio. So the following turns on hooks for production jobs at cluster1 and cluster2, but leaves them off for similar jobs with a defined user role. Of course, you also need to list the objects that define the hooks in your config file&rsquo;s <code>hooks</code> variable.</p>
 <pre class="highlight python"><span class="n">jobs</span> <span class="o">=</span> <span class="p">[</span>

Modified: aurora/site/publish/documentation/latest/index.html
URL: http://svn.apache.org/viewvc/aurora/site/publish/documentation/latest/index.html?rev=1678852&r1=1678851&r2=1678852&view=diff
==============================================================================
--- aurora/site/publish/documentation/latest/index.html (original)
+++ aurora/site/publish/documentation/latest/index.html Tue May 12 03:06:06 2015
@@ -41,7 +41,7 @@
 <h5 class="page-header text-uppercase">Documentation</h5>
 <h2 id="introduction">Introduction</h2>
 
-<p>Apache Aurora is a service scheduler that runs on top of Apache Mesos, enabling you to run long-running services that take advantage of Apache Mesos&#39; scalability, fault-tolerance, and resource isolation. This documentation has been organized into sections with three audiences in mind:</p>
+<p>Apache Aurora is a service scheduler that runs on top of Apache Mesos, enabling you to run long-running services that take advantage of Apache Mesos&rsquo; scalability, fault-tolerance, and resource isolation. This documentation has been organized into sections with three audiences in mind:</p>
 
 <ul>
 <li>Users: General information about the project and to learn how to run an Aurora job.</li>

Modified: aurora/site/publish/documentation/latest/monitoring/index.html
URL: http://svn.apache.org/viewvc/aurora/site/publish/documentation/latest/monitoring/index.html?rev=1678852&r1=1678851&r2=1678852&view=diff
==============================================================================
--- aurora/site/publish/documentation/latest/monitoring/index.html (original)
+++ aurora/site/publish/documentation/latest/monitoring/index.html Tue May 12 03:06:06 2015
@@ -120,7 +120,7 @@ and thresholds make sense.</p>
 
 <h2 id="important-stats">Important stats</h2>
 
-<h3 id="jvm_uptime_secs"><code>jvm_uptime_secs</code></h3>
+<h3 id="code-code"><code>jvm_uptime_secs</code></h3>
 
 <p>Type: integer counter</p>
 
@@ -132,7 +132,7 @@ stay alive.</p>
 
 <p>Look at the scheduler logs to identify the reason the scheduler is exiting.</p>
 
-<h3 id="system_load_avg"><code>system_load_avg</code></h3>
+<h3 id="code-code"><code>system_load_avg</code></h3>
 
 <p>Type: double gauge</p>
 
@@ -143,7 +143,7 @@ stay alive.</p>
 
 <p>Use standard unix tools like <code>top</code> and <code>ps</code> to track down the offending process(es).</p>
 
-<h3 id="process_cpu_cores_utilized"><code>process_cpu_cores_utilized</code></h3>
+<h3 id="code-code"><code>process_cpu_cores_utilized</code></h3>
 
 <p>Type: double gauge</p>
 
@@ -159,7 +159,7 @@ updates from Mesos.  You may see activit
 time is being spent.  Beyond that, it really takes good familiarity with the code to effectively
 triage this.  We suggest engaging with an Aurora developer.</p>
 
-<h3 id="task_store_lost"><code>task_store_LOST</code></h3>
+<h3 id="code-code"><code>task_store_LOST</code></h3>
 
 <p>Type: integer gauge</p>
 
@@ -171,7 +171,7 @@ triage this.  We suggest engaging with a
 trigger this.  The first step is to look in the scheduler logs for <code>LOST</code> to identify where the
 state changes are originating.</p>
 
-<h3 id="scheduler_resource_offers"><code>scheduler_resource_offers</code></h3>
+<h3 id="code-code"><code>scheduler_resource_offers</code></h3>
 
 <p>Type: integer counter</p>
 
@@ -183,7 +183,7 @@ state changes are originating.</p>
 is sending offers. You should also look at the master&rsquo;s web interface to see if it has a large
 number of outstanding offers that it is waiting to be returned.</p>
 
-<h3 id="framework_registered"><code>framework_registered</code></h3>
+<h3 id="code-code"><code>framework_registered</code></h3>
 
 <p>Type: binary integer counter</p>
 
@@ -196,7 +196,7 @@ schedulers,</p>
 multiple schedulers claiming leadership, this suggests a split brain and warrants filing a critical
 bug.</p>
 
-<h3 id="rate(scheduler_log_native_append_nanos_total)/rate(scheduler_log_native_append_events)"><code>rate(scheduler_log_native_append_nanos_total)/rate(scheduler_log_native_append_events)</code></h3>
+<h3 id="code-code"><code>rate(scheduler_log_native_append_nanos_total)/rate(scheduler_log_native_append_events)</code></h3>
 
 <p>Type: rate ratio of integer counters</p>
 
@@ -208,7 +208,7 @@ bug.</p>
 standard tools like <code>vmstat</code> and <code>iotop</code> to identify whether the disk has become slow or
 over-utilized. We suggest using a dedicated disk for the replicated log to mitigate this.</p>
 
-<h3 id="timed_out_tasks"><code>timed_out_tasks</code></h3>
+<h3 id="code-code"><code>timed_out_tasks</code></h3>
 
 <p>Type: integer counter</p>
 
@@ -223,7 +223,7 @@ value warrants investigation.</p>
 <p>The scheduler will log when it times out a task. You should trace the task ID of the timed out
 task into the master, slave, and/or executors to determine where the message was dropped.</p>
 
-<h3 id="http_500_responses_events"><code>http_500_responses_events</code></h3>
+<h3 id="code-code"><code>http_500_responses_events</code></h3>
 
 <p>Type: integer counter</p>
 

Modified: aurora/site/publish/documentation/latest/resource-isolation/index.html
URL: http://svn.apache.org/viewvc/aurora/site/publish/documentation/latest/resource-isolation/index.html?rev=1678852&r1=1678851&r2=1678852&view=diff
==============================================================================
--- aurora/site/publish/documentation/latest/resource-isolation/index.html (original)
+++ aurora/site/publish/documentation/latest/resource-isolation/index.html Tue May 12 03:06:06 2015
@@ -153,7 +153,7 @@ put alerts on the per-instance memory.</
 
 <h2 id="disk-space">Disk Space</h2>
 
-<p>Disk space used by your application is defined as the sum of the files&#39;
+<p>Disk space used by your application is defined as the sum of the files&rsquo;
 disk space in your application&rsquo;s directory, including the <code>stdout</code> and
 <code>stderr</code> logged from your application. Each shard is considered
 independently. You should use off-node storage for your application&rsquo;s

Added: aurora/site/publish/documentation/latest/security/index.html
URL: http://svn.apache.org/viewvc/aurora/site/publish/documentation/latest/security/index.html?rev=1678852&view=auto
==============================================================================
--- aurora/site/publish/documentation/latest/security/index.html (added)
+++ aurora/site/publish/documentation/latest/security/index.html Tue May 12 03:06:06 2015
@@ -0,0 +1,322 @@
+<!DOCTYPE html>
+<html lang="en">
+  <head>
+    <meta charset="utf-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1">
+	<title>Apache Aurora</title>
+    <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.1/css/bootstrap.min.css">
+    <link href="/assets/css/main.css" rel="stylesheet">
+	<!-- Analytics -->
+	<script type="text/javascript">
+		  var _gaq = _gaq || [];
+		  _gaq.push(['_setAccount', 'UA-45879646-1']);
+		  _gaq.push(['_setDomainName', 'apache.org']);
+		  _gaq.push(['_trackPageview']);
+
+		  (function() {
+		    var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
+		    ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
+		    var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
+		  })();
+	</script>
+  </head>
+  <body>
+	  
+        <div class="container-fluid section-header">
+  <div class="container">
+    <div class="nav nav-bar">
+    <a href="/"><img src="/assets/img/aurora_logo_white_bkg.svg" width="300" alt="Transparent Apache Aurora logo with dark background"/></a>
+	<ul class="nav navbar-nav navbar-right">
+      <li><a href="/documentation/latest/">Documentation</a></li>
+      <li><a href="/community/">Community</a></li>
+      <li><a href="/downloads/">Downloads</a></li>
+      <li><a href="/blog/">Blog</a></li>
+    </ul>
+    </div>
+  </div>
+</div>	
+  	  <div class="container-fluid">
+  	  	<div class="container content">
+          <div class="col-md-12 documentation">
+<h5 class="page-header text-uppercase">Documentation</h5>
+<p>Aurora integrates with <a href="http://shiro.apache.org/">Apache Shiro</a> to provide security
+controls for its API. In addition to providing some useful features out of the box, Shiro
+also allows Aurora cluster administrators to adapt the security system to their organization’s
+existing infrastructure.</p>
+
+<ul>
+<li><a href="#enabling-security">Enabling Security</a></li>
+<li><a href="#authentication">Authentication</a>
+
+<ul>
+<li><a href="#http-basic-authentication">HTTP Basic Authentication</a>
+
+<ul>
+<li><a href="#server-configuration">Server Configuration</a></li>
+<li><a href="#client-configuration">Client Configuration</a></li>
+</ul></li>
+<li><a href="#http-spnego-authentication-kerberos">HTTP SPNEGO Authentication (Kerberos)</a>
+
+<ul>
+<li><a href="#server-configuration-1">Server Configuration</a></li>
+<li><a href="#client-configuration-1">Client Configuration</a></li>
+</ul></li>
+</ul></li>
+<li><a href="#authorization">Authorization</a>
+
+<ul>
+<li><a href="#using-an-ini-file-to-define-security-controls">Using an INI file to define security controls</a>
+
+<ul>
+<li><a href="#caveats">Caveats</a></li>
+</ul></li>
+</ul></li>
+<li><a href="#implementing-a-custom-realm">Implementing a Custom Realm</a>
+
+<ul>
+<li><a href="#packaging-a-realm-module">Packaging a realm module</a></li>
+</ul></li>
+<li><a href="#known-issues">Known Issues</a></li>
+</ul>
+
+<h1 id="enabling-security">Enabling Security</h1>
+
+<p>There are two major components of security:
+<a href="http://en.wikipedia.org/wiki/Authentication#Authorization">authentication and authorization</a>.  A
+cluster administrator may choose the approach used for each, and may also implement custom
+mechanisms for either.  Later sections describe the options available.</p>
+
+<h1 id="authentication">Authentication</h1>
+
+<p>The scheduler must be configured with instructions for how to process authentication
+credentials at a minimum.  There are currently two built-in authentication schemes -
+<a href="http://en.wikipedia.org/wiki/Basic_access_authentication">HTTP Basic Authentication</a>, and
+<a href="http://en.wikipedia.org/wiki/SPNEGO">SPNEGO</a> (Kerberos).</p>
+
+<h2 id="http-basic-authentication">HTTP Basic Authentication</h2>
+
+<p>Basic Authentication is a very quick way to add <em>some</em> security.  It is supported
+by all major browsers and HTTP client libraries with minimal work.  However,
+before relying on Basic Authentication you should be aware of the <a href="http://tools.ietf.org/html/rfc2617#section-4">security
+considerations</a>.</p>
+
+<h3 id="server-configuration">Server Configuration</h3>
+
+<p>At a minimum you need to set 4 command-line flags on the scheduler:</p>
+<pre class="highlight text">-http_authentication_mechanism=BASIC
+-shiro_realm_modules=INI_AUTHNZ
+-shiro_ini_path=path/to/security.ini
+</pre>
+<p>And create a security.ini file like so:</p>
+<pre class="highlight text">[users]
+sally = apple, admin
+
+[roles]
+admin = *
+</pre>
+<p>The details of the security.ini file are explained below. Note that this file contains plaintext,
+unhashed passwords.</p>
+
+<h3 id="client-configuration">Client Configuration</h3>
+
+<p>To configure the client for HTTP Basic authentication, add an entry to ~/.netrc with your credentials</p>
+<pre class="highlight text">% cat ~/.netrc
+# ...
+
+machine aurora.example.com
+login sally
+password apple
+
+# ...
+</pre>
+<p>No changes are required to <code>clusters.json</code>.</p>
+
+<h2 id="http-spnego-authentication-kerberos-">HTTP SPNEGO Authentication (Kerberos)</h2>
+
+<h3 id="server-configuration">Server Configuration</h3>
+
+<p>At a minimum you need to set 6 command-line flags on the scheduler:</p>
+<pre class="highlight text">-http_authentication_mechanism=NEGOTIATE
+-shiro_realm_modules=KERBEROS5_AUTHN,INI_AUTHNZ
+-kerberos_server_principal=HTTP/aurora.example.com@EXAMPLE.COM
+-kerberos_server_keytab=path/to/aurora.example.com.keytab
+-shiro_ini_path=path/to/security.ini
+</pre>
+<p>And create a security.ini file like so:</p>
+<pre class="highlight text">% cat path/to/security.ini
+[users]
+sally = _, admin
+
+[roles]
+admin = *
+</pre>
+<p>What&rsquo;s going on here? First, Aurora must be configured to request Kerberos credentials when presented with an
+unauthenticated request. This is achieved by setting</p>
+<pre class="highlight text">-http_authentication_mechanism=NEGOTIATE
+</pre>
+<p>Next, a Realm module must be configured to <strong>authenticate</strong> the current request using the Kerberos
+credentials that were requested. Aurora ships with a realm module that can do this</p>
+<pre class="highlight text">-shiro_realm_modules=KERBEROS5_AUTHN[,...]
+</pre>
+<p>The Kerberos5Realm requires a keytab file and a server principal name. The principal name will usually
+be in the form <code>HTTP/aurora.example.com@EXAMPLE.COM</code>.</p>
+<pre class="highlight text">-kerberos_server_principal=HTTP/aurora.example.com@EXAMPLE.COM
+-kerberos_server_keytab=path/to/aurora.example.com.keytab
+</pre>
+<p>The Kerberos5 realm module is authentication-only. For scheduler security to work you must also
+enable a realm module that provides an Authorizer implementation. For example, to do this using the
+IniShiroRealmModule:</p>
+<pre class="highlight text">-shiro_realm_modules=KERBEROS5_AUTHN,INI_AUTHNZ
+</pre>
+<p>You can then configure authorization using a security.ini file as described below
+(the password field is ignored). You must configure the realm module with the path to this file:</p>
+<pre class="highlight text">-shiro_ini_path=path/to/security.ini
+</pre>
+<h3 id="client-configuration">Client Configuration</h3>
+
+<p>To use Kerberos on the client-side you must build Kerberos-enabled client binaries. Do this with</p>
+<pre class="highlight text">./pants binary src/main/python/apache/aurora/client/cli:kaurora
+./pants binary src/main/python/apache/aurora/admin:kaurora_admin
+</pre>
+<p>You must also configure each cluster where you&rsquo;ve enabled Kerberos on the scheduler
+to use Kerberos authentication. Do this by setting <code>auth_mechanism</code> to <code>KERBEROS</code>
+in <code>clusters.json</code>.</p>
+<pre class="highlight text">% cat ~/.aurora/clusters.json
+{
+    &quot;devcluser&quot;: {
+        &quot;auth_mechanism&quot;: &quot;KERBEROS&quot;,
+        ...
+    },
+    ...
+}
+</pre>
+<h1 id="authorization">Authorization</h1>
+
+<p>Given a means to authenticate the entity a client claims they are, we need to define what privileges they have.</p>
+
+<h2 id="using-an-ini-file-to-define-security-controls">Using an INI file to define security controls</h2>
+
+<p>The simplest security configuration for Aurora is an INI file on the scheduler.  For small
+clusters, or clusters where the users and access controls change relatively infrequently, this is
+likely the preferred approach.  However you may want to avoid this approach if access permissions
+are rapidly changing, or if your access control information already exists in another system.</p>
+
+<p>You can enable INI-based configuration with following scheduler command line arguments:</p>
+<pre class="highlight text">-http_authentication_mechanism=BASIC
+-shiro_ini_path=path/to/security.ini
+</pre>
+<p><em>note</em> As the argument name reveals, this is using Shiro’s
+<a href="http://shiro.apache.org/configuration.html#Configuration-INIConfiguration">IniRealm</a> behind
+the scenes.</p>
+
+<p>The INI file will contain two sections - users and roles.  Here’s an example for what might
+be in security.ini:</p>
+<pre class="highlight text">[users]
+sally = apple, admin
+jim = 123456, accounting
+becky = letmein, webapp
+larry = 654321,accounting
+steve = password
+
+[roles]
+admin = *
+accounting = thrift.AuroraAdmin:setQuota
+webapp = thrift.AuroraSchedulerManager:*:webapp
+</pre>
+<p>The users section defines user user credentials and the role(s) they are members of.  These lines
+are of the format <code>&lt;user&gt; = &lt;password&gt;[, &lt;role&gt;...]</code>.  As you probably noticed, the passwords are
+in plaintext and as a result read access to this file should be restricted.</p>
+
+<p>In this configuration, each user has different privileges for actions in the cluster because
+of the roles they are a part of:</p>
+
+<ul>
+<li>admin is granted all privileges</li>
+<li>accounting may adjust the amount of resource quota for any role</li>
+<li>webapp represents a collection of jobs that represents a service, and its members may create and modify any jobs owned by it</li>
+</ul>
+
+<h3 id="caveats">Caveats</h3>
+
+<p>You might find documentation on the Internet suggesting there are additional sections in <code>shiro.ini</code>,
+like <code>[main]</code> and <code>[urls]</code>. These are not supported by Aurora as it uses a different mechanism to configure
+those parts of Shiro. Think of Aurora&rsquo;s <code>security.ini</code> as a subset with only <code>[users]</code> and <code>[roles]</code> sections.</p>
+
+<h1 id="implementing-a-custom-realm">Implementing a Custom Realm</h1>
+
+<p>Since Aurora’s security is backed by <a href="https://shiro.apache.org">Apache Shiro</a>, you can implement a
+custom <a href="http://shiro.apache.org/realm.html">Realm</a> to define organization-specific security behavior.</p>
+
+<p>In addition to using Shiro&rsquo;s standard APIs to implement a Realm you can link against Aurora to
+access the type-safe Permissions Aurora uses. See the Javadoc for <code>org.apache.aurora.scheduler.spi</code>
+for more information.</p>
+
+<h2 id="packaging-a-realm-module">Packaging a realm module</h2>
+
+<p>Package your custom Realm(s) with a Guice module that exposes a <code>Set&lt;Realm&gt;</code> multibinding.</p>
+<pre class="highlight java"><span class="kn">package</span> <span class="n">com</span><span class="o">.</span><span class="na">example</span><span class="o">;</span>
+
+<span class="kn">import</span> <span class="nn">com.google.inject.AbstractModule</span><span class="o">;</span>
+<span class="kn">import</span> <span class="nn">com.google.inject.multibindings.Multibinder</span><span class="o">;</span>
+<span class="kn">import</span> <span class="nn">org.apache.shiro.realm.Realm</span><span class="o">;</span>
+
+<span class="kd">public</span> <span class="kd">class</span> <span class="nc">MyRealmModule</span> <span class="kd">extends</span> <span class="n">AbstractModule</span> <span class="o">{</span>
+  <span class="nd">@Override</span>
+  <span class="kd">public</span> <span class="kt">void</span> <span class="n">configure</span><span class="o">()</span> <span class="o">{</span>
+    <span class="n">Realm</span> <span class="n">myRealm</span> <span class="o">=</span> <span class="k">new</span> <span class="n">MyRealm</span><span class="o">();</span>
+
+    <span class="n">Multibinder</span><span class="o">.</span><span class="na">newSetBinder</span><span class="o">(</span><span class="n">binder</span><span class="o">(),</span> <span class="n">Realm</span><span class="o">.</span><span class="na">class</span><span class="o">).</span><span class="na">addBinding</span><span class="o">().</span><span class="na">toInstance</span><span class="o">(</span><span class="n">myRealm</span><span class="o">);</span>
+  <span class="o">}</span>
+
+  <span class="kd">static</span> <span class="kd">class</span> <span class="nc">MyRealm</span> <span class="kd">implements</span> <span class="n">Realm</span> <span class="o">{</span>
+    <span class="c1">// Realm implementation.</span>
+  <span class="o">}</span>
+<span class="o">}</span>
+</pre>
+<p>To use your module in the scheduler, include it as a realm module based on its fully-qualified
+class name:</p>
+<pre class="highlight text">-shiro_realm_modules=KERBEROS5_AUTHN,INI_AUTHNZ,com.example.MyRealmModule
+</pre>
+<h1 id="known-issues">Known Issues</h1>
+
+<p>While the APIs and SPIs we ship with are stable as of 0.8.0, we are aware of several incremental
+improvements. Please follow, vote, or send patches.</p>
+
+<p>Relevant tickets:
+* <a href="https://issues.apache.org/jira/browse/AURORA-343">AURORA-343</a>: HTTPS support
+* <a href="https://issues.apache.org/jira/browse/AURORA-1248">AURORA-1248</a>: Client retries 4xx errors
+* <a href="https://issues.apache.org/jira/browse/AURORA-1279">AURORA-1279</a>: Remove kerberos-specific build targets
+* <a href="https://issues.apache.org/jira/browse/AURORA-1291">AURORA-1293</a>: Consider defining a JSON format in place of INI
+* <a href="https://issues.apache.org/jira/browse/AURORA-1179">AURORA-1179</a>: Supported hashed passwords in security.ini
+* <a href="https://issues.apache.org/jira/browse/AURORA-1295">AURORA-1295</a>: Support security for the ReadOnlyScheduler service</p>
+</div>
+
+  		</div>
+  	  </div>
+	  
+      	<div class="container-fluid section-footer buffer">
+      <div class="container">
+        <div class="row">
+		  <div class="col-md-2 col-md-offset-1"><h3>Quick Links</h3>
+		  <ul>
+		    <li><a href="/downloads/">Downloads</a></li>
+            <li><a href="/community/">Mailing Lists</a></li>
+			<li><a href="http://issues.apache.org/jira/browse/AURORA">Issue Tracking</a></li>
+			<li><a href="/documentation/latest/contributing/">How To Contribute</a></li>     
+		  </ul>
+	      </div>
+		  <div class="col-md-2"><h3>The ASF</h3>
+          <ul>
+            <li><a href="http://www.apache.org/licenses/">License</a></li>
+            <li><a href="http://www.apache.org/foundation/sponsorship.html">Sponsorship</a></li>  
+            <li><a href="http://www.apache.org/foundation/thanks.html">Thanks</a></li>
+            <li><a href="http://www.apache.org/security/">Security</a></li>
+          </ul>
+		  </div>
+		  <div class="col-md-6">
+			<p class="disclaimer">Copyright 2014 <a href="http://www.apache.org/">Apache Software Foundation</a>. Licensed under the <a href="http://www.apache.org/licenses/">Apache License v2.0</a>. The <a href="https://www.flickr.com/photos/trondk/12706051375/">Aurora Borealis IX photo</a> displayed on the homepage is available under a <a href="https://creativecommons.org/licenses/by-nc-nd/2.0/">Creative Commons BY-NC-ND 2.0 license</a>. Apache, Apache Aurora, and the Apache feather logo are trademarks of The Apache Software Foundation.</p>
+        </div>
+      </div>
+    </div>
+	</body>
+</html>
\ No newline at end of file

Modified: aurora/site/publish/documentation/latest/sla/index.html
URL: http://svn.apache.org/viewvc/aurora/site/publish/documentation/latest/sla/index.html?rev=1678852&r1=1678851&r2=1678852&view=diff
==============================================================================
--- aurora/site/publish/documentation/latest/sla/index.html (original)
+++ aurora/site/publish/documentation/latest/sla/index.html Tue May 12 03:06:06 2015
@@ -145,7 +145,7 @@ percentiles (50th,75th,90th,95th and 99t
 You can also get customized real-time stats from aurora client. See <code>aurora sla -h</code> for
 more details.</p>
 
-<h3 id="median-time-to-assigned-(mtta)">Median Time To Assigned (MTTA)</h3>
+<h3 id="median-time-to-assigned-mtta-">Median Time To Assigned (MTTA)</h3>
 
 <p><em>Median time a job spends waiting for its tasks to be assigned to a host. This is a combined
 metric that helps track the dependency of scheduling performance on the requested resources
@@ -187,7 +187,7 @@ metric that helps track the dependency o
 that are still PENDING. This ensures straggler instances (e.g. with unreasonable resource
 constraints) do not affect metric curves.</p>
 
-<h3 id="median-time-to-running-(mttr)">Median Time To Running (MTTR)</h3>
+<h3 id="median-time-to-running-mttr-">Median Time To Running (MTTR)</h3>
 
 <p><em>Median time a job waits for its tasks to reach RUNNING state. This is a comprehensive metric
 reflecting on the overall time it takes for the Aurora/Mesos to start executing user content.</em></p>

Modified: aurora/site/publish/documentation/latest/storage/index.html
URL: http://svn.apache.org/viewvc/aurora/site/publish/documentation/latest/storage/index.html?rev=1678852&r1=1678851&r2=1678852&view=diff
==============================================================================
--- aurora/site/publish/documentation/latest/storage/index.html (original)
+++ aurora/site/publish/documentation/latest/storage/index.html Tue May 12 03:06:06 2015
@@ -88,7 +88,7 @@ in case of a complete loss or corruption
 
 <p><img alt="Storage hierarchy" src="../images/storage_hierarchy.png" /></p>
 
-<h2 id="reads,-writes,-modifications">Reads, writes, modifications</h2>
+<h2 id="reads-writes-modifications">Reads, writes, modifications</h2>
 
 <p>All services in Aurora access data via a set of predefined store interfaces (aka stores) logically
 grouped by the type of data they serve. Every interface defines a specific set of operations allowed
@@ -114,7 +114,7 @@ key-value storage is unable to match.</p
 appended to the replicated log. Data is not available for reads until fully ack-ed by both
 replicated log and volatile storage.</p>
 
-<h2 id="atomicity,-consistency-and-isolation">Atomicity, consistency and isolation</h2>
+<h2 id="atomicity-consistency-and-isolation">Atomicity, consistency and isolation</h2>
 
 <p>Aurora uses <a href="http://en.wikipedia.org/wiki/Write-ahead_logging">write-ahead logging</a> to ensure
 consistency between replicated and volatile storage. In Aurora, data is first written into the

Modified: aurora/site/publish/documentation/latest/thrift-deprecation/index.html
URL: http://svn.apache.org/viewvc/aurora/site/publish/documentation/latest/thrift-deprecation/index.html?rev=1678852&r1=1678851&r2=1678852&view=diff
==============================================================================
--- aurora/site/publish/documentation/latest/thrift-deprecation/index.html (original)
+++ aurora/site/publish/documentation/latest/thrift-deprecation/index.html Tue May 12 03:06:06 2015
@@ -82,7 +82,7 @@ See <a href="../src/main/java/org/apache
 * Add a deprecation jira ticket into the vCurrent+1 release candidate
 * Add a TODO for the deprecated field mentioning the jira ticket</p>
 
-<h3 id="vcurrent+1">vCurrent+1</h3>
+<h3 id="vcurrent-1">vCurrent+1</h3>
 
 <p>Finalize the change by removing the deprecated fields from the Thrift schema.
 * Drop any dual read/write routines added in the previous version

Modified: aurora/site/publish/documentation/latest/tutorial/index.html
URL: http://svn.apache.org/viewvc/aurora/site/publish/documentation/latest/tutorial/index.html?rev=1678852&r1=1678851&r2=1678852&view=diff
==============================================================================
--- aurora/site/publish/documentation/latest/tutorial/index.html (original)
+++ aurora/site/publish/documentation/latest/tutorial/index.html Tue May 12 03:06:06 2015
@@ -71,7 +71,7 @@ getting up to speed on the system.</p>
 <p>To get help, email questions to the Aurora Developer List,
 <a href="mailto:dev@aurora.apache.org">dev@aurora.apache.org</a></p>
 
-<h2 id="setup:-install-aurora">Setup: Install Aurora</h2>
+<h2 id="setup-install-aurora">Setup: Install Aurora</h2>
 
 <p>You use the Aurora client and web UI to interact with Aurora jobs. To
 install it locally, see <a href="/documentation/latest/vagrant/">vagrant.md</a>. The remainder of this
@@ -149,7 +149,7 @@ Tutorial</a> and the <a href="/documenta
 Reference</a> (preferably after finishing this
 tutorial).</p>
 
-<h2 id="what&#39;s-going-on-in-that-configuration-file?">What&rsquo;s Going On In That Configuration File?</h2>
+<h2 id="what-39-s-going-on-in-that-configuration-file-">What&rsquo;s Going On In That Configuration File?</h2>
 
 <p>More than you might think.</p>
 
@@ -265,7 +265,7 @@ we will try again.</p>
 
 <p><img alt="Running Task page" src="../images/runningtask.png" /></p>
 
-<p>We then inspect the output by clicking on <code>stdout</code> and see our process&#39;
+<p>We then inspect the output by clicking on <code>stdout</code> and see our process&rsquo;
 output:</p>
 
 <p><img alt="stdout page" src="../images/stdout.png" /></p>

Modified: aurora/site/publish/documentation/latest/user-guide/index.html
URL: http://svn.apache.org/viewvc/aurora/site/publish/documentation/latest/user-guide/index.html?rev=1678852&r1=1678851&r2=1678852&view=diff
==============================================================================
--- aurora/site/publish/documentation/latest/user-guide/index.html (original)
+++ aurora/site/publish/documentation/latest/user-guide/index.html Tue May 12 03:06:06 2015
@@ -310,7 +310,7 @@ disabled health checks.</p>
 not proceed with subsequent steps.  Note that graceful shutdown is best-effort, and due to the many
 inevitable realities of distributed systems, it may not be performed.</p>
 
-<h3 id="giving-priority-to-production-tasks:-preempting">Giving Priority to Production Tasks: PREEMPTING</h3>
+<h3 id="giving-priority-to-production-tasks-preempting">Giving Priority to Production Tasks: PREEMPTING</h3>
 
 <p>Sometimes a Task needs to be interrupted, such as when a non-production
 Task&rsquo;s resources are needed by a higher priority production Task. This
@@ -332,7 +332,7 @@ production task. At some point, tasks in
 <p>Note that non-production tasks consuming many resources are likely to be
 preempted in favor of production tasks.</p>
 
-<h3 id="natural-termination:-finished,-failed">Natural Termination: FINISHED, FAILED</h3>
+<h3 id="natural-termination-finished-failed">Natural Termination: FINISHED, FAILED</h3>
 
 <p>A <code>RUNNING</code> <code>Task</code> can terminate without direct user interaction. For
 example, it may be a finite computation that finishes, even something as
@@ -342,7 +342,7 @@ processes have succeeded with exit statu
 reaching failure limits) it moves into <code>FINISHED</code> state. If it finished
 after reaching a set of failure limits, it goes into <code>FAILED</code> state.</p>
 
-<h3 id="forceful-termination:-killing,-restarting">Forceful Termination: KILLING, RESTARTING</h3>
+<h3 id="forceful-termination-killing-restarting">Forceful Termination: KILLING, RESTARTING</h3>
 
 <p>You can terminate a <code>Task</code> by issuing an <code>aurora job kill</code> command, which
 moves it into <code>KILLING</code> state. The scheduler then sends the slave  a

Modified: aurora/site/publish/downloads/index.html
URL: http://svn.apache.org/viewvc/aurora/site/publish/downloads/index.html?rev=1678852&r1=1678851&r2=1678852&view=diff
==============================================================================
--- aurora/site/publish/downloads/index.html (original)
+++ aurora/site/publish/downloads/index.html Tue May 12 03:06:06 2015
@@ -46,18 +46,23 @@
 
 <h2 id="current-release">Current Release</h2>
 
-<p>The current released version is <em>0.7.0-incubating</em>. <a href="https://www.apache.org/dyn/mirrors/mirrors.cgi/aurora/0.7.0/apache-aurora-0.7.0-incubating.tar.gz">(tar.gz)</a>
-<a href="https://www.apache.org/dyn/mirrors/mirrors.cgi/aurora/0.7.0/apache-aurora-0.7.0-incubating.tar.gz.md5">(md5)</a>
-<a href="https://www.apache.org/dyn/mirrors/mirrors.cgi/aurora/0.7.0/apache-aurora-0.7.0-incubating.tar.gz.sha">(sha)</a> 
-<a href="https://www.apache.org/dyn/mirrors/mirrors.cgi/aurora/0.7.0/apache-aurora-0.7.0-incubating.tar.gz.asc">(sig)</a></p>
+<p>The current released version is <em>0.8.0</em>. <a href="https://www.apache.org/dyn/mirrors/mirrors.cgi/aurora/0.8.0/apache-aurora-0.8.0.tar.gz">(tar.gz)</a>
+<a href="https://www.apache.org/dyn/mirrors/mirrors.cgi/aurora/0.8.0/apache-aurora-0.8.0.tar.gz.md5">(md5)</a>
+<a href="https://www.apache.org/dyn/mirrors/mirrors.cgi/aurora/0.8.0/apache-aurora-0.8.0.tar.gz.sha">(sha)</a> 
+<a href="https://www.apache.org/dyn/mirrors/mirrors.cgi/aurora/0.8.0/apache-aurora-0.8.0.tar.gz.asc">(sig)</a></p>
 
 <p>To quickly get started, we reccomend using Vagrant and following the <a href="/documentation/latest/vagrant/">Getting Started guide</a>.</p>
 
-<h2 id="previous-releases">Previous Releases</h2>
+<h2 id="incubating-releases">Incubating Releases</h2>
+
+<p><em>0.7.0-incubating</em>. <a href="https://archive.apache.org/dist/aurora/0.7.0/apache-aurora-0.7.0-incubating.tar.gz">(tar.gz)</a>
+<a href="https://archive.apache.org/dist/aurora/0.7.0/apache-aurora-0.7.0-incubating.tar.gz.md5">(md5)</a>
+<a href="https://archive.apache.org/dist/aurora/0.7.0/apache-aurora-0.7.0-incubating.tar.gz.sha">(sha)</a> 
+<a href="https://archive.apache.org/dist/aurora/0.7.0/apache-aurora-0.7.0-incubating.tar.gz.asc">(sig)</a></p>
 
 <p><em>0.6.0-incubating</em>. <a href="https://archive.apache.org/dist/aurora/0.6.0/apache-aurora-0.6.0-incubating.tar.gz">(tar.gz)</a>
 <a href="https://archive.apache.org/dist/aurora/0.6.0/apache-aurora-0.6.0-incubating.tar.gz.md5">(md5)</a>
-<a href="https://archive.apache.org/dist/aurora/0.6.0/apache-aurora-0.6.0-incubating.tar.gz.sha">(sha)</a> 
+<a href="https://archive.apache.org/dist/aurora/0.6.0/apache-aurora-0.6.0-incubating.tar.gz.sha">(sha)</a>
 <a href="https://archive.apache.org/dist/aurora/0.6.0/apache-aurora-0.6.0-incubating.tar.gz.asc">(sig)</a></p>
 
 <p><em>0.5.0-incubating</em> <a href="https://archive.apache.org/dist/aurora/0.5.0/apache-aurora-0.5.0-incubating.tar.gz">(tar.gz)</a>

Modified: aurora/site/publish/sitemap.xml
URL: http://svn.apache.org/viewvc/aurora/site/publish/sitemap.xml?rev=1678852&r1=1678851&r2=1678852&view=diff
==============================================================================
--- aurora/site/publish/sitemap.xml (original)
+++ aurora/site/publish/sitemap.xml Tue May 12 03:06:06 2015
@@ -2,138 +2,138 @@
 <urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9">
   <url>
     <loc>http://aurora.apache.org/blog/aurora-0-6-0-incubating-released/</loc>
-    <lastmod>2015-04-30T00:00:00-04:00</lastmod>
+    <lastmod>2015-05-11T00:00:00-04:00</lastmod>
   </url>
   <url>
     <loc>http://aurora.apache.org/blog/aurora-0-7-0-incubating-released/</loc>
-    <lastmod>2015-04-30T00:00:00-04:00</lastmod>
+    <lastmod>2015-05-11T00:00:00-04:00</lastmod>
   </url>
   <url>
     <loc>http://aurora.apache.org/blog/2015-upcoming-apache-aurora-meetups/</loc>
-    <lastmod>2015-04-30T00:00:00-04:00</lastmod>
+    <lastmod>2015-05-11T00:00:00-04:00</lastmod>
   </url>
   <url>
     <loc>http://aurora.apache.org/blog/</loc>
-    <lastmod>2015-04-30T00:00:00-04:00</lastmod>
+    <lastmod>2015-05-11T00:00:00-04:00</lastmod>
   </url>
   <url>
     <loc>http://aurora.apache.org/community/</loc>
-    <lastmod>2015-04-30T00:00:00-04:00</lastmod>
+    <lastmod>2015-05-11T00:00:00-04:00</lastmod>
   </url>
   <url>
     <loc>http://aurora.apache.org/developers/</loc>
-    <lastmod>2015-04-30T00:00:00-04:00</lastmod>
+    <lastmod>2015-05-11T00:00:00-04:00</lastmod>
   </url>
   <url>
     <loc>http://aurora.apache.org/docs/gettingstarted/</loc>
-    <lastmod>2015-04-30T00:00:00-04:00</lastmod>
+    <lastmod>2015-05-11T00:00:00-04:00</lastmod>
   </url>
   <url>
     <loc>http://aurora.apache.org/docs/howtocontribute/</loc>
-    <lastmod>2015-04-30T00:00:00-04:00</lastmod>
+    <lastmod>2015-05-11T00:00:00-04:00</lastmod>
   </url>
   <url>
     <loc>http://aurora.apache.org/documentation/latest/client-cluster-configuration/</loc>
-    <lastmod>2015-04-30T00:00:00-04:00</lastmod>
+    <lastmod>2015-05-11T00:00:00-04:00</lastmod>
   </url>
   <url>
     <loc>http://aurora.apache.org/documentation/latest/client-commands/</loc>
-    <lastmod>2015-04-30T00:00:00-04:00</lastmod>
+    <lastmod>2015-05-11T00:00:00-04:00</lastmod>
   </url>
   <url>
     <loc>http://aurora.apache.org/documentation/latest/committers/</loc>
-    <lastmod>2015-04-30T00:00:00-04:00</lastmod>
+    <lastmod>2015-05-11T00:00:00-04:00</lastmod>
   </url>
   <url>
     <loc>http://aurora.apache.org/documentation/latest/configuration-reference/</loc>
-    <lastmod>2015-04-30T00:00:00-04:00</lastmod>
+    <lastmod>2015-05-11T00:00:00-04:00</lastmod>
   </url>
   <url>
     <loc>http://aurora.apache.org/documentation/latest/configuration-tutorial/</loc>
-    <lastmod>2015-04-30T00:00:00-04:00</lastmod>
+    <lastmod>2015-05-11T00:00:00-04:00</lastmod>
   </url>
   <url>
     <loc>http://aurora.apache.org/documentation/latest/contributing/</loc>
-    <lastmod>2015-04-30T00:00:00-04:00</lastmod>
+    <lastmod>2015-05-11T00:00:00-04:00</lastmod>
   </url>
   <url>
     <loc>http://aurora.apache.org/documentation/latest/cron-jobs/</loc>
-    <lastmod>2015-04-30T00:00:00-04:00</lastmod>
+    <lastmod>2015-05-11T00:00:00-04:00</lastmod>
   </url>
   <url>
     <loc>http://aurora.apache.org/documentation/latest/deploying-aurora-scheduler/</loc>
-    <lastmod>2015-04-30T00:00:00-04:00</lastmod>
+    <lastmod>2015-05-11T00:00:00-04:00</lastmod>
   </url>
   <url>
     <loc>http://aurora.apache.org/documentation/latest/developing-aurora-client/</loc>
-    <lastmod>2015-04-30T00:00:00-04:00</lastmod>
+    <lastmod>2015-05-11T00:00:00-04:00</lastmod>
   </url>
   <url>
     <loc>http://aurora.apache.org/documentation/latest/developing-aurora-scheduler/</loc>
-    <lastmod>2015-04-30T00:00:00-04:00</lastmod>
+    <lastmod>2015-05-11T00:00:00-04:00</lastmod>
   </url>
   <url>
     <loc>http://aurora.apache.org/documentation/latest/hooks/</loc>
-    <lastmod>2015-04-30T00:00:00-04:00</lastmod>
+    <lastmod>2015-05-11T00:00:00-04:00</lastmod>
   </url>
   <url>
     <loc>http://aurora.apache.org/documentation/latest/monitoring/</loc>
-    <lastmod>2015-04-30T00:00:00-04:00</lastmod>
+    <lastmod>2015-05-11T00:00:00-04:00</lastmod>
   </url>
   <url>
     <loc>http://aurora.apache.org/documentation/latest/resource-isolation/</loc>
-    <lastmod>2015-04-30T00:00:00-04:00</lastmod>
+    <lastmod>2015-05-11T00:00:00-04:00</lastmod>
   </url>
   <url>
     <loc>http://aurora.apache.org/documentation/latest/scheduler-storage/</loc>
-    <lastmod>2015-04-30T00:00:00-04:00</lastmod>
+    <lastmod>2015-05-11T00:00:00-04:00</lastmod>
   </url>
   <url>
     <loc>http://aurora.apache.org/documentation/latest/security/</loc>
-    <lastmod>2015-04-30T00:00:00-04:00</lastmod>
+    <lastmod>2015-05-11T00:00:00-04:00</lastmod>
   </url>
   <url>
     <loc>http://aurora.apache.org/documentation/latest/sla/</loc>
-    <lastmod>2015-04-30T00:00:00-04:00</lastmod>
+    <lastmod>2015-05-11T00:00:00-04:00</lastmod>
   </url>
   <url>
     <loc>http://aurora.apache.org/documentation/latest/storage-config/</loc>
-    <lastmod>2015-04-30T00:00:00-04:00</lastmod>
+    <lastmod>2015-05-11T00:00:00-04:00</lastmod>
   </url>
   <url>
     <loc>http://aurora.apache.org/documentation/latest/storage/</loc>
-    <lastmod>2015-04-30T00:00:00-04:00</lastmod>
+    <lastmod>2015-05-11T00:00:00-04:00</lastmod>
   </url>
   <url>
     <loc>http://aurora.apache.org/documentation/latest/test-resource-generation/</loc>
-    <lastmod>2015-04-30T00:00:00-04:00</lastmod>
+    <lastmod>2015-05-11T00:00:00-04:00</lastmod>
   </url>
   <url>
     <loc>http://aurora.apache.org/documentation/latest/thrift-deprecation/</loc>
-    <lastmod>2015-04-30T00:00:00-04:00</lastmod>
+    <lastmod>2015-05-11T00:00:00-04:00</lastmod>
   </url>
   <url>
     <loc>http://aurora.apache.org/documentation/latest/tutorial/</loc>
-    <lastmod>2015-04-30T00:00:00-04:00</lastmod>
+    <lastmod>2015-05-11T00:00:00-04:00</lastmod>
   </url>
   <url>
     <loc>http://aurora.apache.org/documentation/latest/user-guide/</loc>
-    <lastmod>2015-04-30T00:00:00-04:00</lastmod>
+    <lastmod>2015-05-11T00:00:00-04:00</lastmod>
   </url>
   <url>
     <loc>http://aurora.apache.org/documentation/latest/vagrant/</loc>
-    <lastmod>2015-04-30T00:00:00-04:00</lastmod>
+    <lastmod>2015-05-11T00:00:00-04:00</lastmod>
   </url>
   <url>
     <loc>http://aurora.apache.org/documentation/latest/</loc>
-    <lastmod>2015-04-30T00:00:00-04:00</lastmod>
+    <lastmod>2015-05-11T00:00:00-04:00</lastmod>
   </url>
   <url>
     <loc>http://aurora.apache.org/downloads/</loc>
-    <lastmod>2015-04-30T00:00:00-04:00</lastmod>
+    <lastmod>2015-05-11T00:00:00-04:00</lastmod>
   </url>
   <url>
     <loc>http://aurora.apache.org/</loc>
-    <lastmod>2015-04-30T00:00:00-04:00</lastmod>
+    <lastmod>2015-05-11T00:00:00-04:00</lastmod>
   </url>
 </urlset>
\ No newline at end of file

Added: aurora/site/source/documentation/latest/security.md
URL: http://svn.apache.org/viewvc/aurora/site/source/documentation/latest/security.md?rev=1678852&view=auto
==============================================================================
--- aurora/site/source/documentation/latest/security.md (added)
+++ aurora/site/source/documentation/latest/security.md Tue May 12 03:06:06 2015
@@ -0,0 +1,271 @@
+Aurora integrates with [Apache Shiro](http://shiro.apache.org/) to provide security
+controls for its API. In addition to providing some useful features out of the box, Shiro
+also allows Aurora cluster administrators to adapt the security system to their organization’s
+existing infrastructure.
+
+- [Enabling Security](#enabling-security)
+- [Authentication](#authentication)
+	- [HTTP Basic Authentication](#http-basic-authentication)
+		- [Server Configuration](#server-configuration)
+		- [Client Configuration](#client-configuration)
+	- [HTTP SPNEGO Authentication (Kerberos)](#http-spnego-authentication-kerberos)
+		- [Server Configuration](#server-configuration-1)
+		- [Client Configuration](#client-configuration-1)
+- [Authorization](#authorization)
+	- [Using an INI file to define security controls](#using-an-ini-file-to-define-security-controls)
+		- [Caveats](#caveats)
+- [Implementing a Custom Realm](#implementing-a-custom-realm)
+	- [Packaging a realm module](#packaging-a-realm-module)
+- [Known Issues](#known-issues)
+
+# Enabling Security
+
+There are two major components of security:
+[authentication and authorization](http://en.wikipedia.org/wiki/Authentication#Authorization).  A
+cluster administrator may choose the approach used for each, and may also implement custom
+mechanisms for either.  Later sections describe the options available.
+
+# Authentication
+
+The scheduler must be configured with instructions for how to process authentication
+credentials at a minimum.  There are currently two built-in authentication schemes -
+[HTTP Basic Authentication](http://en.wikipedia.org/wiki/Basic_access_authentication), and
+[SPNEGO](http://en.wikipedia.org/wiki/SPNEGO) (Kerberos).
+
+## HTTP Basic Authentication
+
+Basic Authentication is a very quick way to add *some* security.  It is supported
+by all major browsers and HTTP client libraries with minimal work.  However,
+before relying on Basic Authentication you should be aware of the [security
+considerations](http://tools.ietf.org/html/rfc2617#section-4).
+
+### Server Configuration
+
+At a minimum you need to set 4 command-line flags on the scheduler:
+
+```
+-http_authentication_mechanism=BASIC
+-shiro_realm_modules=INI_AUTHNZ
+-shiro_ini_path=path/to/security.ini
+```
+
+And create a security.ini file like so:
+
+```
+[users]
+sally = apple, admin
+
+[roles]
+admin = *
+```
+
+The details of the security.ini file are explained below. Note that this file contains plaintext,
+unhashed passwords.
+
+### Client Configuration
+
+To configure the client for HTTP Basic authentication, add an entry to ~/.netrc with your credentials
+
+```
+% cat ~/.netrc
+# ...
+
+machine aurora.example.com
+login sally
+password apple
+
+# ...
+```
+
+No changes are required to `clusters.json`.
+
+## HTTP SPNEGO Authentication (Kerberos)
+
+### Server Configuration
+At a minimum you need to set 6 command-line flags on the scheduler:
+
+```
+-http_authentication_mechanism=NEGOTIATE
+-shiro_realm_modules=KERBEROS5_AUTHN,INI_AUTHNZ
+-kerberos_server_principal=HTTP/aurora.example.com@EXAMPLE.COM
+-kerberos_server_keytab=path/to/aurora.example.com.keytab
+-shiro_ini_path=path/to/security.ini
+```
+
+And create a security.ini file like so:
+
+```
+% cat path/to/security.ini
+[users]
+sally = _, admin
+
+[roles]
+admin = *
+```
+
+What's going on here? First, Aurora must be configured to request Kerberos credentials when presented with an
+unauthenticated request. This is achieved by setting
+
+```
+-http_authentication_mechanism=NEGOTIATE
+```
+
+Next, a Realm module must be configured to **authenticate** the current request using the Kerberos
+credentials that were requested. Aurora ships with a realm module that can do this
+
+```
+-shiro_realm_modules=KERBEROS5_AUTHN[,...]
+```
+
+The Kerberos5Realm requires a keytab file and a server principal name. The principal name will usually
+be in the form `HTTP/aurora.example.com@EXAMPLE.COM`.
+
+```
+-kerberos_server_principal=HTTP/aurora.example.com@EXAMPLE.COM
+-kerberos_server_keytab=path/to/aurora.example.com.keytab
+```
+
+The Kerberos5 realm module is authentication-only. For scheduler security to work you must also
+enable a realm module that provides an Authorizer implementation. For example, to do this using the
+IniShiroRealmModule:
+
+```
+-shiro_realm_modules=KERBEROS5_AUTHN,INI_AUTHNZ
+```
+
+You can then configure authorization using a security.ini file as described below
+(the password field is ignored). You must configure the realm module with the path to this file:
+
+```
+-shiro_ini_path=path/to/security.ini
+```
+
+### Client Configuration
+To use Kerberos on the client-side you must build Kerberos-enabled client binaries. Do this with
+
+```
+./pants binary src/main/python/apache/aurora/client/cli:kaurora
+./pants binary src/main/python/apache/aurora/admin:kaurora_admin
+```
+
+You must also configure each cluster where you've enabled Kerberos on the scheduler
+to use Kerberos authentication. Do this by setting `auth_mechanism` to `KERBEROS`
+in `clusters.json`.
+
+```
+% cat ~/.aurora/clusters.json
+{
+    "devcluser": {
+        "auth_mechanism": "KERBEROS",
+        ...
+    },
+    ...
+}
+```
+
+# Authorization
+Given a means to authenticate the entity a client claims they are, we need to define what privileges they have.
+
+## Using an INI file to define security controls
+
+The simplest security configuration for Aurora is an INI file on the scheduler.  For small
+clusters, or clusters where the users and access controls change relatively infrequently, this is
+likely the preferred approach.  However you may want to avoid this approach if access permissions
+are rapidly changing, or if your access control information already exists in another system.
+
+You can enable INI-based configuration with following scheduler command line arguments:
+
+```
+-http_authentication_mechanism=BASIC
+-shiro_ini_path=path/to/security.ini
+```
+
+*note* As the argument name reveals, this is using Shiro’s
+[IniRealm](http://shiro.apache.org/configuration.html#Configuration-INIConfiguration) behind
+the scenes.
+
+The INI file will contain two sections - users and roles.  Here’s an example for what might
+be in security.ini:
+
+```
+[users]
+sally = apple, admin
+jim = 123456, accounting
+becky = letmein, webapp
+larry = 654321,accounting
+steve = password
+
+[roles]
+admin = *
+accounting = thrift.AuroraAdmin:setQuota
+webapp = thrift.AuroraSchedulerManager:*:webapp
+```
+
+The users section defines user user credentials and the role(s) they are members of.  These lines
+are of the format `<user> = <password>[, <role>...]`.  As you probably noticed, the passwords are
+in plaintext and as a result read access to this file should be restricted.
+
+In this configuration, each user has different privileges for actions in the cluster because
+of the roles they are a part of:
+
+* admin is granted all privileges
+* accounting may adjust the amount of resource quota for any role
+* webapp represents a collection of jobs that represents a service, and its members may create and modify any jobs owned by it
+
+### Caveats
+You might find documentation on the Internet suggesting there are additional sections in `shiro.ini`,
+like `[main]` and `[urls]`. These are not supported by Aurora as it uses a different mechanism to configure
+those parts of Shiro. Think of Aurora's `security.ini` as a subset with only `[users]` and `[roles]` sections.
+
+# Implementing a Custom Realm
+
+Since Aurora’s security is backed by [Apache Shiro](https://shiro.apache.org), you can implement a
+custom [Realm](http://shiro.apache.org/realm.html) to define organization-specific security behavior.
+
+In addition to using Shiro's standard APIs to implement a Realm you can link against Aurora to
+access the type-safe Permissions Aurora uses. See the Javadoc for `org.apache.aurora.scheduler.spi`
+for more information.
+
+## Packaging a realm module
+Package your custom Realm(s) with a Guice module that exposes a `Set<Realm>` multibinding.
+
+```java
+package com.example;
+
+import com.google.inject.AbstractModule;
+import com.google.inject.multibindings.Multibinder;
+import org.apache.shiro.realm.Realm;
+
+public class MyRealmModule extends AbstractModule {
+  @Override
+  public void configure() {
+    Realm myRealm = new MyRealm();
+
+    Multibinder.newSetBinder(binder(), Realm.class).addBinding().toInstance(myRealm);
+  }
+
+  static class MyRealm implements Realm {
+    // Realm implementation.
+  }
+}
+```
+
+To use your module in the scheduler, include it as a realm module based on its fully-qualified
+class name:
+
+```
+-shiro_realm_modules=KERBEROS5_AUTHN,INI_AUTHNZ,com.example.MyRealmModule
+```
+
+# Known Issues
+
+While the APIs and SPIs we ship with are stable as of 0.8.0, we are aware of several incremental
+improvements. Please follow, vote, or send patches.
+
+Relevant tickets:
+* [AURORA-343](https://issues.apache.org/jira/browse/AURORA-343): HTTPS support
+* [AURORA-1248](https://issues.apache.org/jira/browse/AURORA-1248): Client retries 4xx errors
+* [AURORA-1279](https://issues.apache.org/jira/browse/AURORA-1279): Remove kerberos-specific build targets
+* [AURORA-1293](https://issues.apache.org/jira/browse/AURORA-1291): Consider defining a JSON format in place of INI
+* [AURORA-1179](https://issues.apache.org/jira/browse/AURORA-1179): Supported hashed passwords in security.ini
+* [AURORA-1295](https://issues.apache.org/jira/browse/AURORA-1295): Support security for the ReadOnlyScheduler service

Modified: aurora/site/source/downloads.html.md
URL: http://svn.apache.org/viewvc/aurora/site/source/downloads.html.md?rev=1678852&r1=1678851&r2=1678852&view=diff
==============================================================================
--- aurora/site/source/downloads.html.md (original)
+++ aurora/site/source/downloads.html.md Tue May 12 03:06:06 2015
@@ -6,17 +6,22 @@
 --->
 ## Current Release
 
-The current released version is *0.7.0-incubating*. [(tar.gz)](https://www.apache.org/dyn/mirrors/mirrors.cgi/aurora/0.7.0/apache-aurora-0.7.0-incubating.tar.gz)
-[(md5)](https://www.apache.org/dyn/mirrors/mirrors.cgi/aurora/0.7.0/apache-aurora-0.7.0-incubating.tar.gz.md5)
-[(sha)](https://www.apache.org/dyn/mirrors/mirrors.cgi/aurora/0.7.0/apache-aurora-0.7.0-incubating.tar.gz.sha) 
-[(sig)](https://www.apache.org/dyn/mirrors/mirrors.cgi/aurora/0.7.0/apache-aurora-0.7.0-incubating.tar.gz.asc)
+The current released version is *0.8.0*. [(tar.gz)](https://www.apache.org/dyn/mirrors/mirrors.cgi/aurora/0.8.0/apache-aurora-0.8.0.tar.gz)
+[(md5)](https://www.apache.org/dyn/mirrors/mirrors.cgi/aurora/0.8.0/apache-aurora-0.8.0.tar.gz.md5)
+[(sha)](https://www.apache.org/dyn/mirrors/mirrors.cgi/aurora/0.8.0/apache-aurora-0.8.0.tar.gz.sha) 
+[(sig)](https://www.apache.org/dyn/mirrors/mirrors.cgi/aurora/0.8.0/apache-aurora-0.8.0.tar.gz.asc)
 
 To quickly get started, we reccomend using Vagrant and following the [Getting Started guide](/documentation/latest/vagrant/).
 
-## Previous Releases
+## Incubating Releases
+*0.7.0-incubating*. [(tar.gz)](https://archive.apache.org/dist/aurora/0.7.0/apache-aurora-0.7.0-incubating.tar.gz)
+[(md5)](https://archive.apache.org/dist/aurora/0.7.0/apache-aurora-0.7.0-incubating.tar.gz.md5)
+[(sha)](https://archive.apache.org/dist/aurora/0.7.0/apache-aurora-0.7.0-incubating.tar.gz.sha) 
+[(sig)](https://archive.apache.org/dist/aurora/0.7.0/apache-aurora-0.7.0-incubating.tar.gz.asc)
+
 *0.6.0-incubating*. [(tar.gz)](https://archive.apache.org/dist/aurora/0.6.0/apache-aurora-0.6.0-incubating.tar.gz)
 [(md5)](https://archive.apache.org/dist/aurora/0.6.0/apache-aurora-0.6.0-incubating.tar.gz.md5)
-[(sha)](https://archive.apache.org/dist/aurora/0.6.0/apache-aurora-0.6.0-incubating.tar.gz.sha) 
+[(sha)](https://archive.apache.org/dist/aurora/0.6.0/apache-aurora-0.6.0-incubating.tar.gz.sha)
 [(sig)](https://archive.apache.org/dist/aurora/0.6.0/apache-aurora-0.6.0-incubating.tar.gz.asc)
 
 *0.5.0-incubating* [(tar.gz)](https://archive.apache.org/dist/aurora/0.5.0/apache-aurora-0.5.0-incubating.tar.gz)

Modified: aurora/site/source/index.html.md
URL: http://svn.apache.org/viewvc/aurora/site/source/index.html.md?rev=1678852&r1=1678851&r2=1678852&view=diff
==============================================================================
--- aurora/site/source/index.html.md (original)
+++ aurora/site/source/index.html.md Tue May 12 03:06:06 2015
@@ -26,4 +26,4 @@
 	  <div class="col-md-4"><h3>Service Registration</h3><p>Aurora <a href="/documentation/latest/configuration-reference/#announcer-objects">announces</a> services to Apache ZooKeeper for discovery by clients like Finagle.</p></div>
   </div>
  </div>
-</div>
\ No newline at end of file
+</div>



Mime
View raw message