mesos-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Benjamin Mahler (JIRA)" <>
Subject [jira] [Updated] (MESOS-7651) Consider a more explicit way to bind reservations / volumes to a framework.
Date Wed, 27 Sep 2017 20:21:00 GMT


Benjamin Mahler updated MESOS-7651:
    Labels: multitenancy  (was: )

> Consider a more explicit way to bind reservations / volumes to a framework.
> ---------------------------------------------------------------------------
>                 Key: MESOS-7651
>                 URL:
>             Project: Mesos
>          Issue Type: Improvement
>            Reporter: Benjamin Mahler
>              Labels: multitenancy
> Currently, when a framework creates a reservation or a persistent volume, and it wants
exclusive access to this volume or reservation, it must take a few steps:
> * Ensure that no other frameworks are running within the reservation role (or the other
frameworks are co-operative).
> * With hierarchical roles, frameworks must also ensure that the role is a leaf so that
no descendant roles will have access to the reservation/volume. This could be done by generating
a role (e.g. eng/kafka/<instance id>).
> It's not easy for the framework to ensure these things, since role ACLs are controlled
by the operator.
> We should consider a more direct way for a framework to ensure that their reservation/volume
cannot be shared. E.g. by binding it to their framework id (perhaps re-using roles for this
rather than introducing something new?)
> We should also consider binding the reservation / volumes, much like other objects (tasks,
executors), to the framework's lifecycle. So that if the framework is removed, the reservations
/ volumes it left behind are cleaned up.

This message was sent by Atlassian JIRA

View raw message