mesos-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Adam B" <a...@mesosphere.io>
Subject Re: Review Request 41075: Added support for implicit roles.
Date Tue, 08 Dec 2015 08:26:04 GMT


> On Dec. 7, 2015, 11:02 p.m., Yong Qiao Wang wrote:
> >
> 
> Yong Qiao Wang wrote:
>     I have talked with our shepherd Adam B yesterday, and we all agree to improve /roles
endpoint to update/remove/list active roles, and Implicit Roles will focus on removing the
static role list(specified by --roles flag) and let framework can register with any role.
In addition, RoleInfo is still needed, and will be persisted when the default values are changed
by /roles endpoint. Currently I also have posted some patches for Dynamic Roles, and there
are some serious comflicts between our patches. Can you have a talk with our shepherd? I think
we should reach a consensus before coding.

I'm still not sure about removeRole, but update/list make sense for dynamic weights. We'll
have to discuss the pros/cons of RoleInfo vs. a separate weights hashmap, but let's try to
communicate & collaborate on our approaches to avoid too many unnecessary merge conflicts.


> On Dec. 7, 2015, 11:02 p.m., Yong Qiao Wang wrote:
> > include/mesos/master/allocator.hpp, line 101
> > <https://reviews.apache.org/r/41075/diff/1/?file=1155806#file1155806line101>
> >
> >     When allocator initialize, their should be no active frameworks in mesos, can
we consider to remove this parmeter from initialize()? and can initialize role-related information
in addFramework().
> 
> Neil Conway wrote:
>     Hmmm -- I think it is better as written. Right now, weights are static and set at
initialization-time, so I think it makes more sense for them to be parameters of `initialize`,
not `addFramework`. (When we do dynamic weights we'll need to reconsider this, but even then,
I don't think passing weights to `addFramework` will be the right API).
> 
> Yong Qiao Wang wrote:
>     For long term solution in Implicit Roles, --roles and --weights should be removed,
so weights parameter will only have one default value(*,1). so it is make sence to remove
this parameter from initialize (),and when framework register, we can add its role and the
corresponding weight into allocator, then they can become active.

Even if we eliminate --weights, we'll be persisting the weights map to the registry, and on
failover to a new master or on a new master's startup, it will recover the weights from the
registry. It seems reasonable to me that after recovering the weights, the master could start
the allocator with the newly recovered weights, rather than have to add them after allocator
initialization.


- Adam


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/41075/#review109287
-----------------------------------------------------------


On Dec. 7, 2015, 9:41 p.m., Neil Conway wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/41075/
> -----------------------------------------------------------
> 
> (Updated Dec. 7, 2015, 9:41 p.m.)
> 
> 
> Review request for mesos, Adam B, Alexander Rukletsov, Benjamin Hindman, Greg Mann, and
Yong Qiao Wang.
> 
> 
> Bugs: MESOS-4085
>     https://issues.apache.org/jira/browse/MESOS-4085
> 
> 
> Repository: mesos
> 
> 
> Description
> -------
> 
> Changed the behavior of the master when the `--roles` flag is NOT
> specified. Previously, this would allow only the `*` role to be used. Now,
> omitting `--roles` means that any role can be used. This is called "implicit
> roles". Configuring which principals can perform operations as which roles
> should be done using ACLs in the authorization system.
> 
> Note that this changes the behavior of the system when `--roles` is not
> specified. This is likely acceptable: if the operator didn't specify `--roles`
> in prior versions of Mesos, they were likely not using roles or authorization at
> that time.
> 
> Another minor behavioral change is that the "/roles" endpoint will now only
> return results for currently "active" roles (those with one or more registered
> frameworks).
> 
> The `--roles` flag is now considered deprecated and will be removed in a future
> version of Mesos.
> 
> 
> Diffs
> -----
> 
>   include/mesos/master/allocator.hpp 619ef01c3a7d640560653cfc1838dd09046d1da0 
>   include/mesos/master/allocator.proto 702f56f56c3b1331613cecf26522986f6b572f8c 
>   src/master/allocator/mesos/allocator.hpp 97ee80726ad155917811265a983258b0165d3451 
>   src/master/allocator/mesos/hierarchical.hpp 99c742906874c30c39c159e58a65277ade3c07fd

>   src/master/allocator/mesos/hierarchical.cpp 5da825a1d578a9ee40b4985378fddb3c5fb3b416

>   src/master/http.cpp 9097eda47558fb5306af5a61b464937d7ab34e83 
>   src/master/master.hpp 4683fa542a740f9a0b80fff7fbe0e63ec66266f2 
>   src/master/master.cpp 953fa4f14929581b226a7e27d30aea7a5aa1fd7c 
>   src/master/quota_handler.cpp b209da42ace752953686eeda9577007a33556d5d 
>   src/tests/allocator.hpp c7670525765491fe931a4ee38446fa7e9d79af42 
>   src/tests/hierarchical_allocator_tests.cpp fb214a829a57529d3f5c49730ae9733f53e622ca

> 
> Diff: https://reviews.apache.org/r/41075/diff/
> 
> 
> Testing
> -------
> 
> "make check" on OSX 10.10 and Ubuntu 15.10; `--gtest_repeat=1000` for the more likely
role-related tests.
> 
> TODOs:
> 
> * Update documentation
> * Add tests for allocation behavior for weights + implicit roles
> * Add tests for quota + implicit roles?
> 
> 
> Thanks,
> 
> Neil Conway
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message