mesos-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Benjamin Bannier (JIRA)" <j...@apache.org>
Subject [jira] [Comment Edited] (MESOS-6432) Roles with quota assigned can "game" the system to receive excessive resources.
Date Wed, 18 Jan 2017 10:49:26 GMT

    [ https://issues.apache.org/jira/browse/MESOS-6432?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15827823#comment-15827823
] 

Benjamin Bannier edited comment on MESOS-6432 at 1/18/17 10:48 AM:
-------------------------------------------------------------------

[~bmahler]: I have posted a patch implementing the fix you suggested in the original description
(quota satisfied once a single resource kind is allocated up to the quota limit).

Before going forward with this patch we should carefully evaluate if this approach has the
semantics we want, fixes the underlying issue, and is ultimately worth it while more general
fixes like MESOS-3765 being considered. I believe we are replacing "gamebility" with a potentially
steep penalty for "unusual" quota setups (e.g., a quota of {{cpus:100000;disk:1}} would with
this change be satisfied once 1MB have been allocated towards the quota'ed role). OTOH, the
gamebility we are fixing would be restricted to users with the ability to update or set quotas,
i.e., operators should be able to curb gaming of quota by arbitrary users.


was (Author: bbannier):
[~bmahler]: I have posted a patch implementing the fix you suggested in the original description
(quota satisfied once a single resource kinds is allocated up to the quota limit).

Before going forward with this patch we should carefully evaluate if this approach has the
semantics we want, fixes the underlying issue, and is ultimately worth it while more general
fixes like MESOS-3765 being considered. I believe we are replacing "gamebility" with a potentially
steep penalty for "unusual" quota setups (e.g., a quota of {{cpus:100000;disk:1}} would with
this change be satisfied once 1MB have been allocated towards the quota'ed role). OTOH, the
gamebility we are fixing would be restricted to users with the ability to update or set quotas,
i.e., operators should be able to curb gaming of quota by arbitrary users.

> Roles with quota assigned can "game" the system to receive excessive resources.
> -------------------------------------------------------------------------------
>
>                 Key: MESOS-6432
>                 URL: https://issues.apache.org/jira/browse/MESOS-6432
>             Project: Mesos
>          Issue Type: Bug
>          Components: allocation
>            Reporter: Benjamin Mahler
>            Assignee: Benjamin Bannier
>            Priority: Critical
>
> The current implementation of quota allocation attempts to satisfy each resource quota
for a role, but in doing so can far exceed the quota assigned to the role.
> For example, if a role has quota for {{\[30,20,10\]}}, it can consume up to: {{\[∞,
∞, 10\]}} or {{\[∞, 20, ∞\]}} or {{\[30, ∞, ∞\]}} as only once each resource in
the quota vector is satisfied do we stop allocating agent's resources to the role!
> As a first step for preventing gaming, we could consider quota satisfied once any of
the resources in the vector has quota satisfied. This approach works reasonably well for resources
that are required and are present on every agent (cpus, mem, disk). However, it doesn't work
well for resources that are optional / only present on some agents (e.g. gpus) (a.k.a. non-ubiquitous
/ scarce resources). For this we would need to determine which agents have resources that
can satisfy the quota prior to performing the allocation.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message