Author: jfarrell
Date: Tue May 12 03:06:06 2015
New Revision: 1678852
URL: http://svn.apache.org/r1678852
Log:
Updating for 0.8.0 release
Added:
aurora/site/publish/documentation/latest/security/
aurora/site/publish/documentation/latest/security/index.html
aurora/site/source/documentation/latest/security.md
Modified:
aurora/site/Gemfile
aurora/site/Gemfile.lock
aurora/site/publish/blog/aurora-0-6-0-incubating-released/index.html
aurora/site/publish/blog/feed.xml
aurora/site/publish/docs/howtocontribute/index.html
aurora/site/publish/documentation/latest/client-commands/index.html
aurora/site/publish/documentation/latest/configuration-reference/index.html
aurora/site/publish/documentation/latest/configuration-tutorial/index.html
aurora/site/publish/documentation/latest/contributing/index.html
aurora/site/publish/documentation/latest/cron-jobs/index.html
aurora/site/publish/documentation/latest/deploying-aurora-scheduler/index.html
aurora/site/publish/documentation/latest/developing-aurora-client/index.html
aurora/site/publish/documentation/latest/developing-aurora-scheduler/index.html
aurora/site/publish/documentation/latest/hooks/index.html
aurora/site/publish/documentation/latest/index.html
aurora/site/publish/documentation/latest/monitoring/index.html
aurora/site/publish/documentation/latest/resource-isolation/index.html
aurora/site/publish/documentation/latest/sla/index.html
aurora/site/publish/documentation/latest/storage/index.html
aurora/site/publish/documentation/latest/thrift-deprecation/index.html
aurora/site/publish/documentation/latest/tutorial/index.html
aurora/site/publish/documentation/latest/user-guide/index.html
aurora/site/publish/downloads/index.html
aurora/site/publish/sitemap.xml
aurora/site/source/downloads.html.md
aurora/site/source/index.html.md
Modified: aurora/site/Gemfile
URL:
http://svn.apache.org/viewvc/aurora/site/Gemfile?rev=1678852&r1=1678851&r2=1678852&view=diff
==============================================================================
--- aurora/site/Gemfile (original)
+++ aurora/site/Gemfile Tue May 12 03:06:06 2015
@@ -3,7 +3,7 @@ source 'https://rubygems.org'
gem 'middleman', '3.2.0'
gem 'middleman-livereload', '3.1.0'
gem 'middleman-syntax', '1.2.1'
-gem 'therubyracer', '0.12.1'
+gem 'therubyracer'
gem 'middleman-blog', '3.5.1'
gem "htmlentities"
gem 'redcarpet', github: 'vmg/redcarpet'
Modified: aurora/site/Gemfile.lock
URL:
http://svn.apache.org/viewvc/aurora/site/Gemfile.lock?rev=1678852&r1=1678851&r2=1678852&view=diff
==============================================================================
--- aurora/site/Gemfile.lock (original)
+++ aurora/site/Gemfile.lock Tue May 12 03:06:06 2015
@@ -1,42 +1,48 @@
GIT
remote: git://github.com/vmg/redcarpet.git
- revision: 5ffeb37fd5ef9bb5f163839ec5842a178049eb67
+ revision: 896f7287f463840a3ca991739f6b9aebc9144d7f
specs:
- redcarpet (3.1.1)
+ redcarpet (3.2.0)
GEM
remote: https://rubygems.org/
specs:
- activesupport (3.2.15)
+ activesupport (3.2.21)
i18n (~> 0.6, >= 0.6.4)
multi_json (~> 1.0)
- addressable (2.3.5)
- atomic (1.1.14)
- chunky_png (1.2.9)
+ addressable (2.3.8)
+ chunky_png (1.3.4)
coffee-script (2.2.0)
coffee-script-source
execjs
- coffee-script-source (1.6.3)
- compass (0.12.2)
+ coffee-script-source (1.9.1.1)
+ compass (1.0.3)
chunky_png (~> 1.2)
- fssm (>= 0.2.7)
- sass (~> 3.1)
- em-websocket (0.5.0)
+ compass-core (~> 1.0.2)
+ compass-import-once (~> 1.0.5)
+ rb-fsevent (>= 0.9.3)
+ rb-inotify (>= 0.9)
+ sass (>= 3.3.13, < 3.5)
+ compass-core (1.0.3)
+ multi_json (~> 1.0)
+ sass (>= 3.3.0, < 3.5)
+ compass-import-once (1.0.5)
+ sass (>= 3.2, < 3.5)
+ em-websocket (0.5.1)
eventmachine (>= 0.12.9)
- http_parser.rb (~> 0.5.3)
- eventmachine (1.0.3)
- execjs (1.4.0)
+ http_parser.rb (~> 0.6.0)
+ eventmachine (1.0.7)
+ execjs (1.4.1)
multi_json (~> 1.0)
- ffi (1.9.3)
- fssm (0.2.10)
- haml (4.0.4)
+ ffi (1.9.8)
+ haml (4.0.6)
tilt
hike (1.2.3)
- htmlentities (4.3.2)
- http_parser.rb (0.5.3)
+ htmlentities (4.3.3)
+ http_parser.rb (0.6.0)
i18n (0.6.11)
- kramdown (1.2.0)
- libv8 (3.16.14.3)
+ kramdown (1.7.0)
+ libv8 (3.16.14.7)
listen (1.3.1)
rb-fsevent (>= 0.9.3)
rb-inotify (>= 0.9)
@@ -69,48 +75,47 @@ GEM
middleman-core (>= 3.0.2)
multi_json (~> 1.0)
rack-livereload
- middleman-sprockets (3.2.0)
- middleman-core (~> 3.2)
- sprockets (~> 2.1)
- sprockets-helpers (~> 1.0.0)
- sprockets-sass (~> 1.0.0)
+ middleman-sprockets (3.3.3)
+ middleman-core (>= 3.2)
+ sprockets (~> 2.2)
+ sprockets-helpers (~> 1.1.0)
+ sprockets-sass (~> 1.1.0)
middleman-syntax (1.2.1)
middleman-core (~> 3.0)
rouge (~> 0.3.0)
- multi_json (1.8.2)
- rack (1.5.2)
+ multi_json (1.11.0)
+ rack (1.6.1)
rack-livereload (0.3.15)
rack
- rack-test (0.6.2)
+ rack-test (0.6.3)
rack (>= 1.0)
rake (10.3.1)
- rb-fsevent (0.9.3)
- rb-inotify (0.9.2)
+ rb-fsevent (0.9.4)
+ rb-inotify (0.9.5)
ffi (>= 0.5.0)
- rb-kqueue (0.2.0)
+ rb-kqueue (0.2.4)
ffi (>= 0.5.0)
ref (1.0.5)
rouge (0.3.10)
thor
- sass (3.2.12)
- sprockets (2.10.0)
+ sass (3.4.13)
+ sprockets (2.12.3)
hike (~> 1.2)
multi_json (~> 1.0)
rack (~> 1.0)
tilt (~> 1.1, != 1.3.0)
- sprockets-helpers (1.0.1)
+ sprockets-helpers (1.1.0)
sprockets (~> 2.0)
- sprockets-sass (1.0.2)
+ sprockets-sass (1.1.0)
sprockets (~> 2.0)
tilt (~> 1.1)
- therubyracer (0.12.1)
+ therubyracer (0.12.2)
libv8 (~> 3.16.14.0)
ref
- thor (0.18.1)
- thread_safe (0.1.3)
- atomic
+ thor (0.19.1)
+ thread_safe (0.3.5)
tilt (1.3.7)
- tzinfo (1.1.0)
+ tzinfo (1.2.2)
thread_safe (~> 0.1)
uglifier (2.1.2)
execjs (>= 0.3.0)
@@ -127,4 +132,4 @@ DEPENDENCIES
middleman-syntax (= 1.2.1)
rake (= 10.3.1)
redcarpet!
- therubyracer (= 0.12.1)
+ therubyracer
Modified: aurora/site/publish/blog/aurora-0-6-0-incubating-released/index.html
URL:
http://svn.apache.org/viewvc/aurora/site/publish/blog/aurora-0-6-0-incubating-released/index.html?rev=1678852&r1=1678851&r2=1678852&view=diff
==============================================================================
--- aurora/site/publish/blog/aurora-0-6-0-incubating-released/index.html
(original)
+++ aurora/site/publish/blog/aurora-0-6-0-incubating-released/index.html Tue
May 12 03:06:06 2015
@@ -79,7 +79,7 @@
<p>Full release notes are available in the release <a
href="https://git-wip-us.apache.org/repos/asf?p=aurora.git&f=CHANGELOG&hb=0.6.0-rc2";>CHANGELOG</a>.</p>
-<h2 id="highly-available,-scheduler-driven-updates">Highly-available,
scheduler-driven updates</h2>
+<h2 id="highly-available-scheduler-driven-updates">Highly-available,
scheduler-driven updates</h2>
<p>Rolling updates of services is a crucial feature in Aurora. As such, we
want to take great care when changing its behavior. Previously, Aurora operated
Modified: aurora/site/publish/blog/feed.xml
URL:
http://svn.apache.org/viewvc/aurora/site/publish/blog/feed.xml?rev=1678852&r1=1678851&r2=1678852&view=diff
==============================================================================
--- aurora/site/publish/blog/feed.xml (original)
+++ aurora/site/publish/blog/feed.xml Tue May 12 03:06:06 2015
@@ -127,7 +127,7 @@
<p>Full release notes are available in the release <a
href="https://git-wip-us.apache.org/repos/asf?p=aurora.git&amp;f=CHANGELOG&amp;hb=0.6.0-rc2">CHANGELOG</a>.</p>
-<h2
id="highly-available,-scheduler-driven-updates">Highly-available,
scheduler-driven updates</h2>
+<h2
id="highly-available-scheduler-driven-updates">Highly-available,
scheduler-driven updates</h2>
<p>Rolling updates of services is a crucial feature in Aurora. As such,
we
want to take great care when changing its behavior. Previously, Aurora operated
Modified: aurora/site/publish/docs/howtocontribute/index.html
URL:
http://svn.apache.org/viewvc/aurora/site/publish/docs/howtocontribute/index.html?rev=1678852&r1=1678851&r2=1678852&view=diff
==============================================================================
--- aurora/site/publish/docs/howtocontribute/index.html (original)
+++ aurora/site/publish/docs/howtocontribute/index.html Tue May 12 03:06:06 2015
@@ -59,7 +59,7 @@ Subsequent runs will cache your login cr
fields in your browser and hit Publish.</p>
<pre class="highlight text">./rbt post -o -r <RB_ID>
</pre>
-<h2 id="merging-your-own-review-(committers)">Merging Your Own Review
(Committers)</h2>
+<h2 id="merging-your-own-review-committers-">Merging Your Own Review
(Committers)</h2>
<p>Once you have shipits from the right committers, merge your changes in a
single commit and mark
the review as submitted. The typical workflow is:</p>
@@ -74,7 +74,7 @@ git push origin master
<p>Note that even if you’re developing using feature branches you will
not use <code>git merge</code> - each
commit will be an atomic change accompanied by a ReviewBoard entry.</p>
-<h2 id="merging-someone-else's-review">Merging Someone Else’s
Review</h2>
+<h2 id="merging-someone-else-39-s-review">Merging Someone Else’s
Review</h2>
<p>Sometimes you’ll need to merge someone else’s RB. The typical
workflow for this is</p>
<pre class="highlight text">git checkout master
Modified: aurora/site/publish/documentation/latest/client-commands/index.html
URL:
http://svn.apache.org/viewvc/aurora/site/publish/documentation/latest/client-commands/index.html?rev=1678852&r1=1678851&r2=1678852&view=diff
==============================================================================
--- aurora/site/publish/documentation/latest/client-commands/index.html
(original)
+++ aurora/site/publish/documentation/latest/client-commands/index.html Tue May
12 03:06:06 2015
@@ -251,7 +251,7 @@ progress until the first pulse arrives.
<code>ROLL_BACK_PAUSED</code>) is still considered active and upon resuming
will immediately make progress
provided the pulse interval has not expired.</p>
-<h4 id="client-orchestrated-updates-(deprecated)">Client-orchestrated updates
(deprecated)</h4>
+<h4 id="client-orchestrated-updates-deprecated-">Client-orchestrated updates
(deprecated)</h4>
<p><em>Note: This feature is deprecated and will be removed in 0.9.0.
Please use aurora update instead.</em></p>
@@ -340,7 +340,7 @@ if it contains hook definitions and acti
is determined using <code>diff</code>, though you may choose an alternate
diff program by specifying the <code>DIFF_VIEWER</code> environment
variable.</p>
-<h2 id="viewing/examining-jobs">Viewing/Examining Jobs</h2>
+<h2 id="viewing-examining-jobs">Viewing/Examining Jobs</h2>
<p>Above we discussed creating, killing, and updating Jobs. Here we discuss
how to view and examine Jobs.</p>
Modified:
aurora/site/publish/documentation/latest/configuration-reference/index.html
URL:
http://svn.apache.org/viewvc/aurora/site/publish/documentation/latest/configuration-reference/index.html?rev=1678852&r1=1678851&r2=1678852&view=diff
==============================================================================
--- aurora/site/publish/documentation/latest/configuration-reference/index.html
(original)
+++ aurora/site/publish/documentation/latest/configuration-reference/index.html
Tue May 12 03:06:06 2015
@@ -39,7 +39,7 @@
<div class="container content">
<div class="col-md-12 documentation">
<h5 class="page-header text-uppercase">Documentation</h5>
-<h1 id="aurora-+-thermos-configuration-reference">Aurora + Thermos
Configuration Reference</h1>
+<h1 id="aurora-thermos-configuration-reference">Aurora + Thermos Configuration
Reference</h1>
<ul>
<li><a href="#aurora--thermos-configuration-reference">Aurora + Thermos
Configuration Reference</a></li>
@@ -209,7 +209,7 @@ specifically, <code>max_failures</code>
<h4 id="ephemeral">ephemeral</h4>
<p>By default, Thermos processes are non-ephemeral. If <code>ephemeral</code>
is set to
-True, the process' status is not used to determine if its containing task
+True, the process’ status is not used to determine if its containing task
has completed. For example, consider a task with a non-ephemeral
webserver process and an ephemeral logsaver process
that periodically checkpoints its log files to a centralized data store.
@@ -787,7 +787,7 @@ most one task per rack:</p>
'rack': 'limit:1',
}
</pre>
-<p>Use these constraints sparingly as they can dramatically reduce Tasks'
schedulability.</p>
+<p>Use these constraints sparingly as they can dramatically reduce
Tasks’ schedulability.</p>
<h1 id="template-namespaces">Template Namespaces</h1>
@@ -844,7 +844,7 @@ compatible with Tasks invoked via the <c
invoking tasks on Mesos. When running the <code>thermos</code> command
directly,
these ports must be explicitly mapped with the <code>-P</code> option.</p>
-<p>For example, if ‘{{<code>thermos.ports[http]</code>}}’ is
specified in a <code>Process</code>
+<p>For example, if ’{{<code>thermos.ports[http]</code>}}’ is
specified in a <code>Process</code>
configuration, it is automatically extracted and auto-populated by
Aurora, but must be specified with, for example, <code>thermos -P
http:12345</code>
to map <code>http</code> to port 12345 when running via the CLI.</p>
@@ -853,7 +853,7 @@ to map <code>http</code> to port 12345 w
<p>These are provided to give a basic understanding of simple Aurora jobs.</p>
-<h3 id="hello_world.aurora">hello_world.aurora</h3>
+<h3 id="hello_world-aurora">hello_world.aurora</h3>
<p>Put the following in a file named <code>hello_world.aurora</code>,
substituting your own values
for values such as <code>cluster</code>s.</p>
@@ -878,7 +878,7 @@ aurora job kill cluster1/$USER/test/hell
</pre>
<h3 id="environment-tailoring">Environment Tailoring</h3>
-<h4
id="helloworldproductionized.aurora">hello<em>world</em>productionized.aurora</h4>
+<h4
id="helloworldproductionized-aurora">hello<em>world</em>productionized.aurora</h4>
<p>Put the following in a file named
<code>hello_world_productionized.aurora</code>, substituting your own values
for values such as <code>cluster</code>s.</p>
Modified:
aurora/site/publish/documentation/latest/configuration-tutorial/index.html
URL:
http://svn.apache.org/viewvc/aurora/site/publish/documentation/latest/configuration-tutorial/index.html?rev=1678852&r1=1678851&r2=1678852&view=diff
==============================================================================
--- aurora/site/publish/documentation/latest/configuration-tutorial/index.html
(original)
+++ aurora/site/publish/documentation/latest/configuration-tutorial/index.html
Tue May 12 03:06:06 2015
@@ -337,7 +337,7 @@ accumulation of checkpointed state for e
running in Aurora, <code>max_failures</code> is capped at
100.</p></li>
<li><p><code>ephemeral</code>: Defaulting to <code>False</code>, if
<code>ephemeral</code> is <code>True</code>, the
-<code>Process</code>‘ status is not used to determine if its bound
<code>Task</code> has
+<code>Process</code>’ status is not used to determine if its bound
<code>Task</code> has
completed. For example, consider a <code>Task</code> with a
non-ephemeral webserver process and an ephemeral logsaver process
that periodically checkpoints its log files to a centralized data
@@ -470,14 +470,14 @@ number of seconds. If not, all still run
never invoked).</p></li>
</ul>
-<h3
id="sequentialtask:-running-processes-in-parallel-or-sequentially">SequentialTask:
Running Processes in Parallel or Sequentially</h3>
+<h3
id="sequentialtask-running-processes-in-parallel-or-sequentially">SequentialTask:
Running Processes in Parallel or Sequentially</h3>
<p>By default, a Task with several Processes runs them in parallel. There
are two ways to run Processes sequentially:</p>
<ul>
<li><p>Include an <code>order</code> constraint in the Task definition’s
<code>constraints</code>
-attribute whose arguments specify the processes' run order:</p>
+attribute whose arguments specify the processes’ run order:</p>
<pre class="highlight text">Task( ... processes=[process1, process2, process3],
constraints = order(process1, process2, process3), ...)
</pre></li>
@@ -527,8 +527,8 @@ repeat their definition for multiple Job
difference between the two is the result Task’s process ordering.</p>
<ul>
-<li><p><code>Tasks.combine</code> runs its subtasks' processes in no
particular order.
-The new Task’s resource consumption is the sum of all its subtasks'
+<li><p><code>Tasks.combine</code> runs its subtasks’ processes in no
particular order.
+The new Task’s resource consumption is the sum of all its subtasks’
consumption.</p></li>
<li><p><code>Tasks.concat</code> runs its subtasks in the order supplied, with
each
subtask’s processes run serially between tasks. It is analogous to
@@ -729,7 +729,7 @@ Reference</em> without <code>import</cod
injects them automatically. Other than that the <code>.aurora</code> format
works like any other Python script.</p>
-<h3 id="templating-1:-binding-in-pystachio">Templating 1: Binding in
Pystachio</h3>
+<h3 id="templating-1-binding-in-pystachio">Templating 1: Binding in
Pystachio</h3>
<p>Pystachio uses the visually distinctive {{}} to indicate template
variables. These are often called “mustache variables” after the
@@ -791,7 +791,7 @@ String(second)
other objects: lists, dictionaries, and structurals. These will be
described in detail later.</p>
-<h3 id="structurals-in-pystachio-/-aurora">Structurals in Pystachio /
Aurora</h3>
+<h3 id="structurals-in-pystachio-aurora">Structurals in Pystachio / Aurora</h3>
<p>Most Aurora/Thermos users don’t ever (knowingly) interact with
<code>String</code>,
<code>Float</code>, or <code>Integer</code> Pystashio objects directly.
Instead they interact
@@ -872,7 +872,7 @@ attempts to resolve <code>Process.name</
Attributes are implicitly converted to Mustache variables but not vice
versa.</p>
-<h3 id="templating-2:-structurals-are-factories">Templating 2: Structurals Are
Factories</h3>
+<h3 id="templating-2-structurals-are-factories">Templating 2: Structurals Are
Factories</h3>
<h4 id="a-second-way-of-templating">A Second Way of Templating</h4>
@@ -998,7 +998,7 @@ place.</p>
<h2 id="configuration-file-writing-tips-and-best-practices">Configuration File
Writing Tips And Best Practices</h2>
-<h3 id="use-as-few-.aurora-files-as-possible">Use As Few .aurora Files As
Possible</h3>
+<h3 id="use-as-few-aurora-files-as-possible">Use As Few .aurora Files As
Possible</h3>
<p>When creating your <code>.aurora</code> configuration, try to keep all
versions of
a particular job within the same <code>.aurora</code> file. For example, if you
@@ -1084,7 +1084,7 @@ build_python = SequentialTask(
name = 'build_python',
processes = [download, unpack, build, email]).bind(python = Python(version =
"2.7.3"))
</pre>
-<h3 id="thermos-uses-bash,-but-thermos-is-not-bash">Thermos Uses bash, But
Thermos Is Not bash</h3>
+<h3 id="thermos-uses-bash-but-thermos-is-not-bash">Thermos Uses bash, But
Thermos Is Not bash</h3>
<h4 id="bad">Bad</h4>
Modified: aurora/site/publish/documentation/latest/contributing/index.html
URL:
http://svn.apache.org/viewvc/aurora/site/publish/documentation/latest/contributing/index.html?rev=1678852&r1=1678851&r2=1678852&view=diff
==============================================================================
--- aurora/site/publish/documentation/latest/contributing/index.html (original)
+++ aurora/site/publish/documentation/latest/contributing/index.html Tue May 12
03:06:06 2015
@@ -83,7 +83,7 @@ Subsequent runs will cache your login cr
fields in your browser and hit Publish.</p>
<pre class="highlight text">./rbt post -o -r <RB_ID>
</pre>
-<h2 id="merging-your-own-review-(committers)">Merging Your Own Review
(Committers)</h2>
+<h2 id="merging-your-own-review-committers-">Merging Your Own Review
(Committers)</h2>
<p>Once you have shipits from the right committers, merge your changes in a
single commit and mark
the review as submitted. The typical workflow is:</p>
@@ -98,7 +98,7 @@ git push origin master
<p>Note that even if you’re developing using feature branches you will
not use <code>git merge</code> - each
commit will be an atomic change accompanied by a ReviewBoard entry.</p>
-<h2 id="merging-someone-else's-review">Merging Someone Else’s
Review</h2>
+<h2 id="merging-someone-else-39-s-review">Merging Someone Else’s
Review</h2>
<p>Sometimes you’ll need to merge someone else’s RB. The typical
workflow for this is</p>
<pre class="highlight text">git checkout master
Modified: aurora/site/publish/documentation/latest/cron-jobs/index.html
URL:
http://svn.apache.org/viewvc/aurora/site/publish/documentation/latest/cron-jobs/index.html?rev=1678852&r1=1678851&r2=1678852&view=diff
==============================================================================
--- aurora/site/publish/documentation/latest/cron-jobs/index.html (original)
+++ aurora/site/publish/documentation/latest/cron-jobs/index.html Tue May 12
03:06:06 2015
@@ -142,7 +142,7 @@ with a new one. Only future runs will be
<p>Start a cron job immediately, outside of its normal cron schedule.</p>
<pre class="highlight text">$ aurora cron start
devcluster/www-data/test/cron_hello_world
</pre>
-<h3 id="job-killall,-job-restart,-job-kill">job killall, job restart, job
kill</h3>
+<h3 id="job-killall-job-restart-job-kill">job killall, job restart, job
kill</h3>
<p>Cron jobs create instances running on the cluster that you can interact
with like normal Aurora
tasks with <code>job kill</code> and <code>job restart</code>.</p>
Modified:
aurora/site/publish/documentation/latest/deploying-aurora-scheduler/index.html
URL:
http://svn.apache.org/viewvc/aurora/site/publish/documentation/latest/deploying-aurora-scheduler/index.html?rev=1678852&r1=1678851&r2=1678852&view=diff
==============================================================================
---
aurora/site/publish/documentation/latest/deploying-aurora-scheduler/index.html
(original)
+++
aurora/site/publish/documentation/latest/deploying-aurora-scheduler/index.html
Tue May 12 03:06:06 2015
@@ -96,7 +96,7 @@ machines. This guide helps you get the
of all its dependencies, with the notable exceptions of the JVM and libmesos.
Each target server
should have a JVM (Java 7 or higher) and libmesos (0.22.0) installed.</p>
-<h3 id="creating-the-distribution-.zip-file-(optional)">Creating the
Distribution .zip File (Optional)</h3>
+<h3 id="creating-the-distribution-zip-file-optional-">Creating the
Distribution .zip File (Optional)</h3>
<p>To create a distribution for installation you will need build tools
installed. On Ubuntu this can be
done with <code>sudo apt-get install build-essential default-jdk</code>.</p>
Modified:
aurora/site/publish/documentation/latest/developing-aurora-client/index.html
URL:
http://svn.apache.org/viewvc/aurora/site/publish/documentation/latest/developing-aurora-client/index.html?rev=1678852&r1=1678851&r2=1678852&view=diff
==============================================================================
---
aurora/site/publish/documentation/latest/developing-aurora-client/index.html
(original)
+++
aurora/site/publish/documentation/latest/developing-aurora-client/index.html
Tue May 12 03:06:06 2015
@@ -62,7 +62,7 @@ are:</p>
<li>Test client code: <code>./pants test
src/test/python/apache/aurora/client/cli:all</code></li>
</ul>
-<h1 id="running/debugging-the-client">Running/Debugging the Client</h1>
+<h1 id="running-debugging-the-client">Running/Debugging the Client</h1>
<p>For manually testing client changes against a cluster, we use <a
href="https://www.vagrantup.com/";>Vagrant</a>.
To start a virtual cluster, you need to install Vagrant, and then run
<code>vagrant up</code> for the root of
@@ -74,7 +74,7 @@ of mesos slaves, and an aurora scheduler
</pre>
<p>Once this completes, the <code>aurora</code> command will reflect your
changes.</p>
-<h1 id="running/debugging-the-client-in-pycharm">Running/Debugging the Client
in PyCharm</h1>
+<h1 id="running-debugging-the-client-in-pycharm">Running/Debugging the Client
in PyCharm</h1>
<p>It’s possible to use PyCharm to run and debug both the client and
client tests in an IDE. In order
to do this, first run:</p>
@@ -93,7 +93,7 @@ Once the project is loaded:
- select 'build-support/python/pycharm.venv/bin/python'
- click 'OK'
</pre>
-<h3 id="running/debugging-tests">Running/Debugging Tests</h3>
+<h3 id="running-debugging-tests">Running/Debugging Tests</h3>
<p>After following these instructions, you should now be able to run/debug
tests directly from the IDE
by right-clicking on a test (or test class) and choosing to run or debug:</p>
@@ -104,7 +104,7 @@ by right-clicking on a test (or test cla
<p><a href="/documentation/latest/images/debugging-client-test.png"><img
alt="Debugging Client Test" src="../images/debugging-client-test.png" /></a></p>
-<h3 id="running/debugging-the-client">Running/Debugging the Client</h3>
+<h3 id="running-debugging-the-client">Running/Debugging the Client</h3>
<p>Actually running and debugging the client is unfortunately a bit more
complex. You’ll need to create
a Run configuration:</p>
Modified:
aurora/site/publish/documentation/latest/developing-aurora-scheduler/index.html
URL:
http://svn.apache.org/viewvc/aurora/site/publish/documentation/latest/developing-aurora-scheduler/index.html?rev=1678852&r1=1678851&r2=1678852&view=diff
==============================================================================
---
aurora/site/publish/documentation/latest/developing-aurora-scheduler/index.html
(original)
+++
aurora/site/publish/documentation/latest/developing-aurora-scheduler/index.html
Tue May 12 03:06:06 2015
@@ -97,7 +97,7 @@ Apache Foundation’s third-party li
<h1 id="developing-aurora-ui">Developing Aurora UI</h1>
-<h2 id="installing-bower-(optional)">Installing bower (optional)</h2>
+<h2 id="installing-bower-optional-">Installing bower (optional)</h2>
<p>Third party JS libraries used in Aurora (located at
3rdparty/javascript/bower_components) are
managed by bower, a JS dependency manager. Bower is only required if you plan
to add, remove or
Modified: aurora/site/publish/documentation/latest/hooks/index.html
URL:
http://svn.apache.org/viewvc/aurora/site/publish/documentation/latest/hooks/index.html?rev=1678852&r1=1678851&r2=1678852&view=diff
==============================================================================
--- aurora/site/publish/documentation/latest/hooks/index.html (original)
+++ aurora/site/publish/documentation/latest/hooks/index.html Tue May 12
03:06:06 2015
@@ -129,7 +129,7 @@ returning <code>True</code>. For example
<h2 id="hookable-methods">Hookable Methods</h2>
-<p>You can associate <code>pre_</code>, <code>post_</code>, and
<code>err_</code> hooks with the following methods. Since you do not directly
interact with the methods, but rather the Aurora Command Line commands that
call them, for each method we also list the command(s) that can call the
method. Note that a different method or methods may be called by a command
depending on how the command’s other code executes. Similarly, multiple
commands can call the same method. We also list the methods' argument
signatures, which are used by their associated hooks. <a name="Chart"></a></p>
+<p>You can associate <code>pre_</code>, <code>post_</code>, and
<code>err_</code> hooks with the following methods. Since you do not directly
interact with the methods, but rather the Aurora Command Line commands that
call them, for each method we also list the command(s) that can call the
method. Note that a different method or methods may be called by a command
depending on how the command’s other code executes. Similarly, multiple
commands can call the same method. We also list the methods’ argument
signatures, which are used by their associated hooks. <a name="Chart"></a></p>
<table><thead>
<tr>
@@ -187,7 +187,7 @@ returning <code>True</code>. For example
<p>By default, hooks are inactive. If you do not want to use hooks, you do not
need to make any changes to your code. If you do want to use hooks, you will
need to alter your <code>.aurora</code> config file to activate them both for
the configuration as a whole as well as for individual <code>Job</code>s. And,
of course, you will need to define in your config file what happens when a
particular hook executes.</p>
-<h2 id=".aurora-config-file-settings">.aurora Config File Settings</h2>
+<h2 id="-aurora-config-file-settings">.aurora Config File Settings</h2>
<p>You can define a top-level <code>hooks</code> variable in any
<code>.aurora</code> config file. <code>hooks</code> is a list of all objects
that define hooks used by <code>Job</code>s defined in that config file. If you
do not want to define any hooks for a configuration, <code>hooks</code> is
optional.</p>
<pre class="highlight text">hooks = [Object_with_defined_hooks1,
Object_with_defined_hooks2]
@@ -196,7 +196,7 @@ returning <code>True</code>. For example
<p>Also, for any <code>Job</code> that you want to use hooks with, its
<code>Job</code> definition in the <code>.aurora</code> config file must set an
<code>enable_hooks</code> flag to <code>True</code> (it defaults to
<code>False</code>). By default, hooks are disabled and you must enable them
for <code>Job</code>s of your choice.</p>
-<p>To summarize, to use hooks for a particular job, you must both activate
hooks for your config file as a whole, and for that job. Activating hooks only
for individual jobs won’t work, nor will only activating hooks for your
config file as a whole. You must also specify the hooks' defining object in
the <code>hooks</code> variable.</p>
+<p>To summarize, to use hooks for a particular job, you must both activate
hooks for your config file as a whole, and for that job. Activating hooks only
for individual jobs won’t work, nor will only activating hooks for your
config file as a whole. You must also specify the hooks’ defining object
in the <code>hooks</code> variable.</p>
<p>Recall that <code>.aurora</code> config files are written in Pystachio. So
the following turns on hooks for production jobs at cluster1 and cluster2, but
leaves them off for similar jobs with a defined user role. Of course, you also
need to list the objects that define the hooks in your config file’s
<code>hooks</code> variable.</p>
<pre class="highlight python"><span class="n">jobs</span> <span
class="o">=</span> <span class="p">[</span>
Modified: aurora/site/publish/documentation/latest/index.html
URL:
http://svn.apache.org/viewvc/aurora/site/publish/documentation/latest/index.html?rev=1678852&r1=1678851&r2=1678852&view=diff
==============================================================================
--- aurora/site/publish/documentation/latest/index.html (original)
+++ aurora/site/publish/documentation/latest/index.html Tue May 12 03:06:06 2015
@@ -41,7 +41,7 @@
<h5 class="page-header text-uppercase">Documentation</h5>
<h2 id="introduction">Introduction</h2>
-<p>Apache Aurora is a service scheduler that runs on top of Apache Mesos,
enabling you to run long-running services that take advantage of Apache
Mesos' scalability, fault-tolerance, and resource isolation. This
documentation has been organized into sections with three audiences in mind:</p>
+<p>Apache Aurora is a service scheduler that runs on top of Apache Mesos,
enabling you to run long-running services that take advantage of Apache
Mesos’ scalability, fault-tolerance, and resource isolation. This
documentation has been organized into sections with three audiences in mind:</p>
<ul>
<li>Users: General information about the project and to learn how to run an
Aurora job.</li>
Modified: aurora/site/publish/documentation/latest/monitoring/index.html
URL:
http://svn.apache.org/viewvc/aurora/site/publish/documentation/latest/monitoring/index.html?rev=1678852&r1=1678851&r2=1678852&view=diff
==============================================================================
--- aurora/site/publish/documentation/latest/monitoring/index.html (original)
+++ aurora/site/publish/documentation/latest/monitoring/index.html Tue May 12
03:06:06 2015
@@ -120,7 +120,7 @@ and thresholds make sense.</p>
<h2 id="important-stats">Important stats</h2>
-<h3 id="jvm_uptime_secs"><code>jvm_uptime_secs</code></h3>
+<h3 id="code-code"><code>jvm_uptime_secs</code></h3>
<p>Type: integer counter</p>
@@ -132,7 +132,7 @@ stay alive.</p>
<p>Look at the scheduler logs to identify the reason the scheduler is
exiting.</p>
-<h3 id="system_load_avg"><code>system_load_avg</code></h3>
+<h3 id="code-code"><code>system_load_avg</code></h3>
<p>Type: double gauge</p>
@@ -143,7 +143,7 @@ stay alive.</p>
<p>Use standard unix tools like <code>top</code> and <code>ps</code> to track
down the offending process(es).</p>
-<h3
id="process_cpu_cores_utilized"><code>process_cpu_cores_utilized</code></h3>
+<h3 id="code-code"><code>process_cpu_cores_utilized</code></h3>
<p>Type: double gauge</p>
@@ -159,7 +159,7 @@ updates from Mesos. You may see activit
time is being spent. Beyond that, it really takes good familiarity with the
code to effectively
triage this. We suggest engaging with an Aurora developer.</p>
-<h3 id="task_store_lost"><code>task_store_LOST</code></h3>
+<h3 id="code-code"><code>task_store_LOST</code></h3>
<p>Type: integer gauge</p>
@@ -171,7 +171,7 @@ triage this. We suggest engaging with a
trigger this. The first step is to look in the scheduler logs for
<code>LOST</code> to identify where the
state changes are originating.</p>
-<h3 id="scheduler_resource_offers"><code>scheduler_resource_offers</code></h3>
+<h3 id="code-code"><code>scheduler_resource_offers</code></h3>
<p>Type: integer counter</p>
@@ -183,7 +183,7 @@ state changes are originating.</p>
is sending offers. You should also look at the master’s web interface to
see if it has a large
number of outstanding offers that it is waiting to be returned.</p>
-<h3 id="framework_registered"><code>framework_registered</code></h3>
+<h3 id="code-code"><code>framework_registered</code></h3>
<p>Type: binary integer counter</p>
@@ -196,7 +196,7 @@ schedulers,</p>
multiple schedulers claiming leadership, this suggests a split brain and
warrants filing a critical
bug.</p>
-<h3
id="rate(scheduler_log_native_append_nanos_total)/rate(scheduler_log_native_append_events)"><code>rate(scheduler_log_native_append_nanos_total)/rate(scheduler_log_native_append_events)</code></h3>
+<h3
id="code-code"><code>rate(scheduler_log_native_append_nanos_total)/rate(scheduler_log_native_append_events)</code></h3>
<p>Type: rate ratio of integer counters</p>
@@ -208,7 +208,7 @@ bug.</p>
standard tools like <code>vmstat</code> and <code>iotop</code> to identify
whether the disk has become slow or
over-utilized. We suggest using a dedicated disk for the replicated log to
mitigate this.</p>
-<h3 id="timed_out_tasks"><code>timed_out_tasks</code></h3>
+<h3 id="code-code"><code>timed_out_tasks</code></h3>
<p>Type: integer counter</p>
@@ -223,7 +223,7 @@ value warrants investigation.</p>
<p>The scheduler will log when it times out a task. You should trace the task
ID of the timed out
task into the master, slave, and/or executors to determine where the message
was dropped.</p>
-<h3 id="http_500_responses_events"><code>http_500_responses_events</code></h3>
+<h3 id="code-code"><code>http_500_responses_events</code></h3>
<p>Type: integer counter</p>
Modified: aurora/site/publish/documentation/latest/resource-isolation/index.html
URL:
http://svn.apache.org/viewvc/aurora/site/publish/documentation/latest/resource-isolation/index.html?rev=1678852&r1=1678851&r2=1678852&view=diff
==============================================================================
--- aurora/site/publish/documentation/latest/resource-isolation/index.html
(original)
+++ aurora/site/publish/documentation/latest/resource-isolation/index.html Tue
May 12 03:06:06 2015
@@ -153,7 +153,7 @@ put alerts on the per-instance memory.</
<h2 id="disk-space">Disk Space</h2>
-<p>Disk space used by your application is defined as the sum of the files'
+<p>Disk space used by your application is defined as the sum of the
files’
disk space in your application’s directory, including the
<code>stdout</code> and
<code>stderr</code> logged from your application. Each shard is considered
independently. You should use off-node storage for your application’s
Added: aurora/site/publish/documentation/latest/security/index.html
URL:
http://svn.apache.org/viewvc/aurora/site/publish/documentation/latest/security/index.html?rev=1678852&view=auto
==============================================================================
--- aurora/site/publish/documentation/latest/security/index.html (added)
+++ aurora/site/publish/documentation/latest/security/index.html Tue May 12
03:06:06 2015
@@ -0,0 +1,322 @@
+<!DOCTYPE html>
+<html lang="en">
+ <head>
+ <meta charset="utf-8">
+ <meta name="viewport" content="width=device-width, initial-scale=1">
+ <title>Apache Aurora</title>
+ <link rel="stylesheet"
href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.1/css/bootstrap.min.css";>
+ <link href="/assets/css/main.css" rel="stylesheet">
+ <!-- Analytics -->
+ <script type="text/javascript">
+ var _gaq = _gaq || [];
+ _gaq.push(['_setAccount', 'UA-45879646-1']);
+ _gaq.push(['_setDomainName', 'apache.org']);
+ _gaq.push(['_trackPageview']);
+
+ (function() {
+ var ga = document.createElement('script'); ga.type =
'text/javascript'; ga.async = true;
+ ga.src = ('https:' == document.location.protocol ?
'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
+ var s = document.getElementsByTagName('script')[0];
s.parentNode.insertBefore(ga, s);
+ })();
+ </script>
+ </head>
+ <body>
+
+ <div class="container-fluid section-header">
+ <div class="container">
+ <div class="nav nav-bar">
+ <a href="/"><img src="/assets/img/aurora_logo_white_bkg.svg" width="300"
alt="Transparent Apache Aurora logo with dark background"/></a>
+ <ul class="nav navbar-nav navbar-right">
+ <li><a href="/documentation/latest/">Documentation</a></li>
+ <li><a href="/community/">Community</a></li>
+ <li><a href="/downloads/">Downloads</a></li>
+ <li><a href="/blog/">Blog</a></li>
+ </ul>
+ </div>
+ </div>
+</div>
+ <div class="container-fluid">
+ <div class="container content">
+ <div class="col-md-12 documentation">
+<h5 class="page-header text-uppercase">Documentation</h5>
+<p>Aurora integrates with <a href="http://shiro.apache.org/";>Apache Shiro</a>
to provide security
+controls for its API. In addition to providing some useful features out of the
box, Shiro
+also allows Aurora cluster administrators to adapt the security system to
their organizationâs
+existing infrastructure.</p>
+
+<ul>
+<li><a href="#enabling-security">Enabling Security</a></li>
+<li><a href="#authentication">Authentication</a>
+
+<ul>
+<li><a href="#http-basic-authentication">HTTP Basic Authentication</a>
+
+<ul>
+<li><a href="#server-configuration">Server Configuration</a></li>
+<li><a href="#client-configuration">Client Configuration</a></li>
+</ul></li>
+<li><a href="#http-spnego-authentication-kerberos">HTTP SPNEGO Authentication
(Kerberos)</a>
+
+<ul>
+<li><a href="#server-configuration-1">Server Configuration</a></li>
+<li><a href="#client-configuration-1">Client Configuration</a></li>
+</ul></li>
+</ul></li>
+<li><a href="#authorization">Authorization</a>
+
+<ul>
+<li><a href="#using-an-ini-file-to-define-security-controls">Using an INI file
to define security controls</a>
+
+<ul>
+<li><a href="#caveats">Caveats</a></li>
+</ul></li>
+</ul></li>
+<li><a href="#implementing-a-custom-realm">Implementing a Custom Realm</a>
+
+<ul>
+<li><a href="#packaging-a-realm-module">Packaging a realm module</a></li>
+</ul></li>
+<li><a href="#known-issues">Known Issues</a></li>
+</ul>
+
+<h1 id="enabling-security">Enabling Security</h1>
+
+<p>There are two major components of security:
+<a
href="http://en.wikipedia.org/wiki/Authentication#Authorization";>authentication
and authorization</a>. A
+cluster administrator may choose the approach used for each, and may also
implement custom
+mechanisms for either. Later sections describe the options available.</p>
+
+<h1 id="authentication">Authentication</h1>
+
+<p>The scheduler must be configured with instructions for how to process
authentication
+credentials at a minimum. There are currently two built-in authentication
schemes -
+<a href="http://en.wikipedia.org/wiki/Basic_access_authentication";>HTTP Basic
Authentication</a>, and
+<a href="http://en.wikipedia.org/wiki/SPNEGO";>SPNEGO</a> (Kerberos).</p>
+
+<h2 id="http-basic-authentication">HTTP Basic Authentication</h2>
+
+<p>Basic Authentication is a very quick way to add <em>some</em> security. It
is supported
+by all major browsers and HTTP client libraries with minimal work. However,
+before relying on Basic Authentication you should be aware of the <a
href="http://tools.ietf.org/html/rfc2617#section-4";>security
+considerations</a>.</p>
+
+<h3 id="server-configuration">Server Configuration</h3>
+
+<p>At a minimum you need to set 4 command-line flags on the scheduler:</p>
+<pre class="highlight text">-http_authentication_mechanism=BASIC
+-shiro_realm_modules=INI_AUTHNZ
+-shiro_ini_path=path/to/security.ini
+</pre>
+<p>And create a security.ini file like so:</p>
+<pre class="highlight text">[users]
+sally = apple, admin
+
+[roles]
+admin = *
+</pre>
+<p>The details of the security.ini file are explained below. Note that this
file contains plaintext,
+unhashed passwords.</p>
+
+<h3 id="client-configuration">Client Configuration</h3>
+
+<p>To configure the client for HTTP Basic authentication, add an entry to
~/.netrc with your credentials</p>
+<pre class="highlight text">% cat ~/.netrc
+# ...
+
+machine aurora.example.com
+login sally
+password apple
+
+# ...
+</pre>
+<p>No changes are required to <code>clusters.json</code>.</p>
+
+<h2 id="http-spnego-authentication-kerberos-">HTTP SPNEGO Authentication
(Kerberos)</h2>
+
+<h3 id="server-configuration">Server Configuration</h3>
+
+<p>At a minimum you need to set 6 command-line flags on the scheduler:</p>
+<pre class="highlight text">-http_authentication_mechanism=NEGOTIATE
+-shiro_realm_modules=KERBEROS5_AUTHN,INI_AUTHNZ
+-kerberos_server_principal=HTTP/[email protected]
+-kerberos_server_keytab=path/to/aurora.example.com.keytab
+-shiro_ini_path=path/to/security.ini
+</pre>
+<p>And create a security.ini file like so:</p>
+<pre class="highlight text">% cat path/to/security.ini
+[users]
+sally = _, admin
+
+[roles]
+admin = *
+</pre>
+<p>What’s going on here? First, Aurora must be configured to request
Kerberos credentials when presented with an
+unauthenticated request. This is achieved by setting</p>
+<pre class="highlight text">-http_authentication_mechanism=NEGOTIATE
+</pre>
+<p>Next, a Realm module must be configured to <strong>authenticate</strong>
the current request using the Kerberos
+credentials that were requested. Aurora ships with a realm module that can do
this</p>
+<pre class="highlight text">-shiro_realm_modules=KERBEROS5_AUTHN[,...]
+</pre>
+<p>The Kerberos5Realm requires a keytab file and a server principal name. The
principal name will usually
+be in the form <code>HTTP/[email protected]</code>.</p>
+<pre class="highlight
text">-kerberos_server_principal=HTTP/[email protected]
+-kerberos_server_keytab=path/to/aurora.example.com.keytab
+</pre>
+<p>The Kerberos5 realm module is authentication-only. For scheduler security
to work you must also
+enable a realm module that provides an Authorizer implementation. For example,
to do this using the
+IniShiroRealmModule:</p>
+<pre class="highlight text">-shiro_realm_modules=KERBEROS5_AUTHN,INI_AUTHNZ
+</pre>
+<p>You can then configure authorization using a security.ini file as described
below
+(the password field is ignored). You must configure the realm module with the
path to this file:</p>
+<pre class="highlight text">-shiro_ini_path=path/to/security.ini
+</pre>
+<h3 id="client-configuration">Client Configuration</h3>
+
+<p>To use Kerberos on the client-side you must build Kerberos-enabled client
binaries. Do this with</p>
+<pre class="highlight text">./pants binary
src/main/python/apache/aurora/client/cli:kaurora
+./pants binary src/main/python/apache/aurora/admin:kaurora_admin
+</pre>
+<p>You must also configure each cluster where you’ve enabled Kerberos on
the scheduler
+to use Kerberos authentication. Do this by setting <code>auth_mechanism</code>
to <code>KERBEROS</code>
+in <code>clusters.json</code>.</p>
+<pre class="highlight text">% cat ~/.aurora/clusters.json
+{
+ "devcluser": {
+ "auth_mechanism": "KERBEROS",
+ ...
+ },
+ ...
+}
+</pre>
+<h1 id="authorization">Authorization</h1>
+
+<p>Given a means to authenticate the entity a client claims they are, we need
to define what privileges they have.</p>
+
+<h2 id="using-an-ini-file-to-define-security-controls">Using an INI file to
define security controls</h2>
+
+<p>The simplest security configuration for Aurora is an INI file on the
scheduler. For small
+clusters, or clusters where the users and access controls change relatively
infrequently, this is
+likely the preferred approach. However you may want to avoid this approach if
access permissions
+are rapidly changing, or if your access control information already exists in
another system.</p>
+
+<p>You can enable INI-based configuration with following scheduler command
line arguments:</p>
+<pre class="highlight text">-http_authentication_mechanism=BASIC
+-shiro_ini_path=path/to/security.ini
+</pre>
+<p><em>note</em> As the argument name reveals, this is using Shiroâs
+<a
href="http://shiro.apache.org/configuration.html#Configuration-INIConfiguration";>IniRealm</a>
behind
+the scenes.</p>
+
+<p>The INI file will contain two sections - users and roles. Hereâs an
example for what might
+be in security.ini:</p>
+<pre class="highlight text">[users]
+sally = apple, admin
+jim = 123456, accounting
+becky = letmein, webapp
+larry = 654321,accounting
+steve = password
+
+[roles]
+admin = *
+accounting = thrift.AuroraAdmin:setQuota
+webapp = thrift.AuroraSchedulerManager:*:webapp
+</pre>
+<p>The users section defines user user credentials and the role(s) they are
members of. These lines
+are of the format <code><user> = <password>[,
<role>...]</code>. As you probably noticed, the passwords are
+in plaintext and as a result read access to this file should be restricted.</p>
+
+<p>In this configuration, each user has different privileges for actions in
the cluster because
+of the roles they are a part of:</p>
+
+<ul>
+<li>admin is granted all privileges</li>
+<li>accounting may adjust the amount of resource quota for any role</li>
+<li>webapp represents a collection of jobs that represents a service, and its
members may create and modify any jobs owned by it</li>
+</ul>
+
+<h3 id="caveats">Caveats</h3>
+
+<p>You might find documentation on the Internet suggesting there are
additional sections in <code>shiro.ini</code>,
+like <code>[main]</code> and <code>[urls]</code>. These are not supported by
Aurora as it uses a different mechanism to configure
+those parts of Shiro. Think of Aurora’s <code>security.ini</code> as a
subset with only <code>[users]</code> and <code>[roles]</code> sections.</p>
+
+<h1 id="implementing-a-custom-realm">Implementing a Custom Realm</h1>
+
+<p>Since Auroraâs security is backed by <a
href="https://shiro.apache.org";>Apache Shiro</a>, you can implement a
+custom <a href="http://shiro.apache.org/realm.html";>Realm</a> to define
organization-specific security behavior.</p>
+
+<p>In addition to using Shiro’s standard APIs to implement a Realm you
can link against Aurora to
+access the type-safe Permissions Aurora uses. See the Javadoc for
<code>org.apache.aurora.scheduler.spi</code>
+for more information.</p>
+
+<h2 id="packaging-a-realm-module">Packaging a realm module</h2>
+
+<p>Package your custom Realm(s) with a Guice module that exposes a
<code>Set<Realm></code> multibinding.</p>
+<pre class="highlight java"><span class="kn">package</span> <span
class="n">com</span><span class="o">.</span><span
class="na">example</span><span class="o">;</span>
+
+<span class="kn">import</span> <span
class="nn">com.google.inject.AbstractModule</span><span class="o">;</span>
+<span class="kn">import</span> <span
class="nn">com.google.inject.multibindings.Multibinder</span><span
class="o">;</span>
+<span class="kn">import</span> <span
class="nn">org.apache.shiro.realm.Realm</span><span class="o">;</span>
+
+<span class="kd">public</span> <span class="kd">class</span> <span
class="nc">MyRealmModule</span> <span class="kd">extends</span> <span
class="n">AbstractModule</span> <span class="o">{</span>
+ <span class="nd">@Override</span>
+ <span class="kd">public</span> <span class="kt">void</span> <span
class="n">configure</span><span class="o">()</span> <span class="o">{</span>
+ <span class="n">Realm</span> <span class="n">myRealm</span> <span
class="o">=</span> <span class="k">new</span> <span
class="n">MyRealm</span><span class="o">();</span>
+
+ <span class="n">Multibinder</span><span class="o">.</span><span
class="na">newSetBinder</span><span class="o">(</span><span
class="n">binder</span><span class="o">(),</span> <span
class="n">Realm</span><span class="o">.</span><span
class="na">class</span><span class="o">).</span><span
class="na">addBinding</span><span class="o">().</span><span
class="na">toInstance</span><span class="o">(</span><span
class="n">myRealm</span><span class="o">);</span>
+ <span class="o">}</span>
+
+ <span class="kd">static</span> <span class="kd">class</span> <span
class="nc">MyRealm</span> <span class="kd">implements</span> <span
class="n">Realm</span> <span class="o">{</span>
+ <span class="c1">// Realm implementation.</span>
+ <span class="o">}</span>
+<span class="o">}</span>
+</pre>
+<p>To use your module in the scheduler, include it as a realm module based on
its fully-qualified
+class name:</p>
+<pre class="highlight
text">-shiro_realm_modules=KERBEROS5_AUTHN,INI_AUTHNZ,com.example.MyRealmModule
+</pre>
+<h1 id="known-issues">Known Issues</h1>
+
+<p>While the APIs and SPIs we ship with are stable as of 0.8.0, we are aware
of several incremental
+improvements. Please follow, vote, or send patches.</p>
+
+<p>Relevant tickets:
+* <a href="https://issues.apache.org/jira/browse/AURORA-343";>AURORA-343</a>:
HTTPS support
+* <a href="https://issues.apache.org/jira/browse/AURORA-1248";>AURORA-1248</a>:
Client retries 4xx errors
+* <a href="https://issues.apache.org/jira/browse/AURORA-1279";>AURORA-1279</a>:
Remove kerberos-specific build targets
+* <a href="https://issues.apache.org/jira/browse/AURORA-1291";>AURORA-1293</a>:
Consider defining a JSON format in place of INI
+* <a href="https://issues.apache.org/jira/browse/AURORA-1179";>AURORA-1179</a>:
Supported hashed passwords in security.ini
+* <a href="https://issues.apache.org/jira/browse/AURORA-1295";>AURORA-1295</a>:
Support security for the ReadOnlyScheduler service</p>
+</div>
+
+ </div>
+ </div>
+
+ <div class="container-fluid section-footer buffer">
+ <div class="container">
+ <div class="row">
+ <div class="col-md-2 col-md-offset-1"><h3>Quick Links</h3>
+ <ul>
+ <li><a href="/downloads/">Downloads</a></li>
+ <li><a href="/community/">Mailing Lists</a></li>
+ <li><a
href="http://issues.apache.org/jira/browse/AURORA";>Issue Tracking</a></li>
+ <li><a href="/documentation/latest/contributing/">How
To Contribute</a></li>
+ </ul>
+ </div>
+ <div class="col-md-2"><h3>The ASF</h3>
+ <ul>
+ <li><a href="http://www.apache.org/licenses/";>License</a></li>
+ <li><a
href="http://www.apache.org/foundation/sponsorship.html";>Sponsorship</a></li>
+ <li><a
href="http://www.apache.org/foundation/thanks.html";>Thanks</a></li>
+ <li><a href="http://www.apache.org/security/";>Security</a></li>
+ </ul>
+ </div>
+ <div class="col-md-6">
+ <p class="disclaimer">Copyright 2014 <a
href="http://www.apache.org/";>Apache Software Foundation</a>. Licensed under
the <a href="http://www.apache.org/licenses/";>Apache License v2.0</a>. The <a
href="https://www.flickr.com/photos/trondk/12706051375/";>Aurora Borealis IX
photo</a> displayed on the homepage is available under a <a
href="https://creativecommons.org/licenses/by-nc-nd/2.0/";>Creative Commons
BY-NC-ND 2.0 license</a>. Apache, Apache Aurora, and the Apache feather logo
are trademarks of The Apache Software Foundation.</p>
+ </div>
+ </div>
+ </div>
+ </body>
+</html>
\ No newline at end of file
Modified: aurora/site/publish/documentation/latest/sla/index.html
URL:
http://svn.apache.org/viewvc/aurora/site/publish/documentation/latest/sla/index.html?rev=1678852&r1=1678851&r2=1678852&view=diff
==============================================================================
--- aurora/site/publish/documentation/latest/sla/index.html (original)
+++ aurora/site/publish/documentation/latest/sla/index.html Tue May 12 03:06:06
2015
@@ -145,7 +145,7 @@ percentiles (50th,75th,90th,95th and 99t
You can also get customized real-time stats from aurora client. See
<code>aurora sla -h</code> for
more details.</p>
-<h3 id="median-time-to-assigned-(mtta)">Median Time To Assigned (MTTA)</h3>
+<h3 id="median-time-to-assigned-mtta-">Median Time To Assigned (MTTA)</h3>
<p><em>Median time a job spends waiting for its tasks to be assigned to a
host. This is a combined
metric that helps track the dependency of scheduling performance on the
requested resources
@@ -187,7 +187,7 @@ metric that helps track the dependency o
that are still PENDING. This ensures straggler instances (e.g. with
unreasonable resource
constraints) do not affect metric curves.</p>
-<h3 id="median-time-to-running-(mttr)">Median Time To Running (MTTR)</h3>
+<h3 id="median-time-to-running-mttr-">Median Time To Running (MTTR)</h3>
<p><em>Median time a job waits for its tasks to reach RUNNING state. This is a
comprehensive metric
reflecting on the overall time it takes for the Aurora/Mesos to start
executing user content.</em></p>
Modified: aurora/site/publish/documentation/latest/storage/index.html
URL:
http://svn.apache.org/viewvc/aurora/site/publish/documentation/latest/storage/index.html?rev=1678852&r1=1678851&r2=1678852&view=diff
==============================================================================
--- aurora/site/publish/documentation/latest/storage/index.html (original)
+++ aurora/site/publish/documentation/latest/storage/index.html Tue May 12
03:06:06 2015
@@ -88,7 +88,7 @@ in case of a complete loss or corruption
<p><img alt="Storage hierarchy" src="../images/storage_hierarchy.png" /></p>
-<h2 id="reads,-writes,-modifications">Reads, writes, modifications</h2>
+<h2 id="reads-writes-modifications">Reads, writes, modifications</h2>
<p>All services in Aurora access data via a set of predefined store interfaces
(aka stores) logically
grouped by the type of data they serve. Every interface defines a specific set
of operations allowed
@@ -114,7 +114,7 @@ key-value storage is unable to match.</p
appended to the replicated log. Data is not available for reads until fully
ack-ed by both
replicated log and volatile storage.</p>
-<h2 id="atomicity,-consistency-and-isolation">Atomicity, consistency and
isolation</h2>
+<h2 id="atomicity-consistency-and-isolation">Atomicity, consistency and
isolation</h2>
<p>Aurora uses <a
href="http://en.wikipedia.org/wiki/Write-ahead_logging";>write-ahead logging</a>
to ensure
consistency between replicated and volatile storage. In Aurora, data is first
written into the
Modified: aurora/site/publish/documentation/latest/thrift-deprecation/index.html
URL:
http://svn.apache.org/viewvc/aurora/site/publish/documentation/latest/thrift-deprecation/index.html?rev=1678852&r1=1678851&r2=1678852&view=diff
==============================================================================
--- aurora/site/publish/documentation/latest/thrift-deprecation/index.html
(original)
+++ aurora/site/publish/documentation/latest/thrift-deprecation/index.html Tue
May 12 03:06:06 2015
@@ -82,7 +82,7 @@ See <a href="../src/main/java/org/apache
* Add a deprecation jira ticket into the vCurrent+1 release candidate
* Add a TODO for the deprecated field mentioning the jira ticket</p>
-<h3 id="vcurrent+1">vCurrent+1</h3>
+<h3 id="vcurrent-1">vCurrent+1</h3>
<p>Finalize the change by removing the deprecated fields from the Thrift
schema.
* Drop any dual read/write routines added in the previous version
Modified: aurora/site/publish/documentation/latest/tutorial/index.html
URL:
http://svn.apache.org/viewvc/aurora/site/publish/documentation/latest/tutorial/index.html?rev=1678852&r1=1678851&r2=1678852&view=diff
==============================================================================
--- aurora/site/publish/documentation/latest/tutorial/index.html (original)
+++ aurora/site/publish/documentation/latest/tutorial/index.html Tue May 12
03:06:06 2015
@@ -71,7 +71,7 @@ getting up to speed on the system.</p>
<p>To get help, email questions to the Aurora Developer List,
<a href="mailto:[email protected]";>[email protected]</a></p>
-<h2 id="setup:-install-aurora">Setup: Install Aurora</h2>
+<h2 id="setup-install-aurora">Setup: Install Aurora</h2>
<p>You use the Aurora client and web UI to interact with Aurora jobs. To
install it locally, see <a
href="/documentation/latest/vagrant/">vagrant.md</a>. The remainder of this
@@ -149,7 +149,7 @@ Tutorial</a> and the <a href="/documenta
Reference</a> (preferably after finishing this
tutorial).</p>
-<h2 id="what's-going-on-in-that-configuration-file?">What’s Going On
In That Configuration File?</h2>
+<h2 id="what-39-s-going-on-in-that-configuration-file-">What’s Going On
In That Configuration File?</h2>
<p>More than you might think.</p>
@@ -265,7 +265,7 @@ we will try again.</p>
<p><img alt="Running Task page" src="../images/runningtask.png" /></p>
-<p>We then inspect the output by clicking on <code>stdout</code> and see our
process'
+<p>We then inspect the output by clicking on <code>stdout</code> and see our
process’
output:</p>
<p><img alt="stdout page" src="../images/stdout.png" /></p>
Modified: aurora/site/publish/documentation/latest/user-guide/index.html
URL:
http://svn.apache.org/viewvc/aurora/site/publish/documentation/latest/user-guide/index.html?rev=1678852&r1=1678851&r2=1678852&view=diff
==============================================================================
--- aurora/site/publish/documentation/latest/user-guide/index.html (original)
+++ aurora/site/publish/documentation/latest/user-guide/index.html Tue May 12
03:06:06 2015
@@ -310,7 +310,7 @@ disabled health checks.</p>
not proceed with subsequent steps. Note that graceful shutdown is
best-effort, and due to the many
inevitable realities of distributed systems, it may not be performed.</p>
-<h3 id="giving-priority-to-production-tasks:-preempting">Giving Priority to
Production Tasks: PREEMPTING</h3>
+<h3 id="giving-priority-to-production-tasks-preempting">Giving Priority to
Production Tasks: PREEMPTING</h3>
<p>Sometimes a Task needs to be interrupted, such as when a non-production
Task’s resources are needed by a higher priority production Task. This
@@ -332,7 +332,7 @@ production task. At some point, tasks in
<p>Note that non-production tasks consuming many resources are likely to be
preempted in favor of production tasks.</p>
-<h3 id="natural-termination:-finished,-failed">Natural Termination: FINISHED,
FAILED</h3>
+<h3 id="natural-termination-finished-failed">Natural Termination: FINISHED,
FAILED</h3>
<p>A <code>RUNNING</code> <code>Task</code> can terminate without direct user
interaction. For
example, it may be a finite computation that finishes, even something as
@@ -342,7 +342,7 @@ processes have succeeded with exit statu
reaching failure limits) it moves into <code>FINISHED</code> state. If it
finished
after reaching a set of failure limits, it goes into <code>FAILED</code>
state.</p>
-<h3 id="forceful-termination:-killing,-restarting">Forceful Termination:
KILLING, RESTARTING</h3>
+<h3 id="forceful-termination-killing-restarting">Forceful Termination:
KILLING, RESTARTING</h3>
<p>You can terminate a <code>Task</code> by issuing an <code>aurora job
kill</code> command, which
moves it into <code>KILLING</code> state. The scheduler then sends the slave a
Modified: aurora/site/publish/downloads/index.html
URL:
http://svn.apache.org/viewvc/aurora/site/publish/downloads/index.html?rev=1678852&r1=1678851&r2=1678852&view=diff
==============================================================================
--- aurora/site/publish/downloads/index.html (original)
+++ aurora/site/publish/downloads/index.html Tue May 12 03:06:06 2015
@@ -46,18 +46,23 @@
<h2 id="current-release">Current Release</h2>
-<p>The current released version is <em>0.7.0-incubating</em>. <a
href="https://www.apache.org/dyn/mirrors/mirrors.cgi/aurora/0.7.0/apache-aurora-0.7.0-incubating.tar.gz";>(tar.gz)</a>
-<a
href="https://www.apache.org/dyn/mirrors/mirrors.cgi/aurora/0.7.0/apache-aurora-0.7.0-incubating.tar.gz.md5";>(md5)</a>
-<a
href="https://www.apache.org/dyn/mirrors/mirrors.cgi/aurora/0.7.0/apache-aurora-0.7.0-incubating.tar.gz.sha";>(sha)</a>
-<a
href="https://www.apache.org/dyn/mirrors/mirrors.cgi/aurora/0.7.0/apache-aurora-0.7.0-incubating.tar.gz.asc";>(sig)</a></p>
+<p>The current released version is <em>0.8.0</em>. <a
href="https://www.apache.org/dyn/mirrors/mirrors.cgi/aurora/0.8.0/apache-aurora-0.8.0.tar.gz";>(tar.gz)</a>
+<a
href="https://www.apache.org/dyn/mirrors/mirrors.cgi/aurora/0.8.0/apache-aurora-0.8.0.tar.gz.md5";>(md5)</a>
+<a
href="https://www.apache.org/dyn/mirrors/mirrors.cgi/aurora/0.8.0/apache-aurora-0.8.0.tar.gz.sha";>(sha)</a>
+<a
href="https://www.apache.org/dyn/mirrors/mirrors.cgi/aurora/0.8.0/apache-aurora-0.8.0.tar.gz.asc";>(sig)</a></p>
<p>To quickly get started, we reccomend using Vagrant and following the <a
href="/documentation/latest/vagrant/">Getting Started guide</a>.</p>
-<h2 id="previous-releases">Previous Releases</h2>
+<h2 id="incubating-releases">Incubating Releases</h2>
+
+<p><em>0.7.0-incubating</em>. <a
href="https://archive.apache.org/dist/aurora/0.7.0/apache-aurora-0.7.0-incubating.tar.gz";>(tar.gz)</a>
+<a
href="https://archive.apache.org/dist/aurora/0.7.0/apache-aurora-0.7.0-incubating.tar.gz.md5";>(md5)</a>
+<a
href="https://archive.apache.org/dist/aurora/0.7.0/apache-aurora-0.7.0-incubating.tar.gz.sha";>(sha)</a>
+<a
href="https://archive.apache.org/dist/aurora/0.7.0/apache-aurora-0.7.0-incubating.tar.gz.asc";>(sig)</a></p>
<p><em>0.6.0-incubating</em>. <a
href="https://archive.apache.org/dist/aurora/0.6.0/apache-aurora-0.6.0-incubating.tar.gz";>(tar.gz)</a>
<a
href="https://archive.apache.org/dist/aurora/0.6.0/apache-aurora-0.6.0-incubating.tar.gz.md5";>(md5)</a>
-<a
href="https://archive.apache.org/dist/aurora/0.6.0/apache-aurora-0.6.0-incubating.tar.gz.sha";>(sha)</a>
+<a
href="https://archive.apache.org/dist/aurora/0.6.0/apache-aurora-0.6.0-incubating.tar.gz.sha";>(sha)</a>
<a
href="https://archive.apache.org/dist/aurora/0.6.0/apache-aurora-0.6.0-incubating.tar.gz.asc";>(sig)</a></p>
<p><em>0.5.0-incubating</em> <a
href="https://archive.apache.org/dist/aurora/0.5.0/apache-aurora-0.5.0-incubating.tar.gz";>(tar.gz)</a>
Modified: aurora/site/publish/sitemap.xml
URL:
http://svn.apache.org/viewvc/aurora/site/publish/sitemap.xml?rev=1678852&r1=1678851&r2=1678852&view=diff
==============================================================================
--- aurora/site/publish/sitemap.xml (original)
+++ aurora/site/publish/sitemap.xml Tue May 12 03:06:06 2015
@@ -2,138 +2,138 @@
<urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9";>
<url>
<loc>http://aurora.apache.org/blog/aurora-0-6-0-incubating-released/</loc>
- <lastmod>2015-04-30T00:00:00-04:00</lastmod>
+ <lastmod>2015-05-11T00:00:00-04:00</lastmod>
</url>
<url>
<loc>http://aurora.apache.org/blog/aurora-0-7-0-incubating-released/</loc>
- <lastmod>2015-04-30T00:00:00-04:00</lastmod>
+ <lastmod>2015-05-11T00:00:00-04:00</lastmod>
</url>
<url>
<loc>http://aurora.apache.org/blog/2015-upcoming-apache-aurora-meetups/</loc>
- <lastmod>2015-04-30T00:00:00-04:00</lastmod>
+ <lastmod>2015-05-11T00:00:00-04:00</lastmod>
</url>
<url>
<loc>http://aurora.apache.org/blog/</loc>
- <lastmod>2015-04-30T00:00:00-04:00</lastmod>
+ <lastmod>2015-05-11T00:00:00-04:00</lastmod>
</url>
<url>
<loc>http://aurora.apache.org/community/</loc>
- <lastmod>2015-04-30T00:00:00-04:00</lastmod>
+ <lastmod>2015-05-11T00:00:00-04:00</lastmod>
</url>
<url>
<loc>http://aurora.apache.org/developers/</loc>
- <lastmod>2015-04-30T00:00:00-04:00</lastmod>
+ <lastmod>2015-05-11T00:00:00-04:00</lastmod>
</url>
<url>
<loc>http://aurora.apache.org/docs/gettingstarted/</loc>
- <lastmod>2015-04-30T00:00:00-04:00</lastmod>
+ <lastmod>2015-05-11T00:00:00-04:00</lastmod>
</url>
<url>
<loc>http://aurora.apache.org/docs/howtocontribute/</loc>
- <lastmod>2015-04-30T00:00:00-04:00</lastmod>
+ <lastmod>2015-05-11T00:00:00-04:00</lastmod>
</url>
<url>
<loc>http://aurora.apache.org/documentation/latest/client-cluster-configuration/</loc>
- <lastmod>2015-04-30T00:00:00-04:00</lastmod>
+ <lastmod>2015-05-11T00:00:00-04:00</lastmod>
</url>
<url>
<loc>http://aurora.apache.org/documentation/latest/client-commands/</loc>
- <lastmod>2015-04-30T00:00:00-04:00</lastmod>
+ <lastmod>2015-05-11T00:00:00-04:00</lastmod>
</url>
<url>
<loc>http://aurora.apache.org/documentation/latest/committers/</loc>
- <lastmod>2015-04-30T00:00:00-04:00</lastmod>
+ <lastmod>2015-05-11T00:00:00-04:00</lastmod>
</url>
<url>
<loc>http://aurora.apache.org/documentation/latest/configuration-reference/</loc>
- <lastmod>2015-04-30T00:00:00-04:00</lastmod>
+ <lastmod>2015-05-11T00:00:00-04:00</lastmod>
</url>
<url>
<loc>http://aurora.apache.org/documentation/latest/configuration-tutorial/</loc>
- <lastmod>2015-04-30T00:00:00-04:00</lastmod>
+ <lastmod>2015-05-11T00:00:00-04:00</lastmod>
</url>
<url>
<loc>http://aurora.apache.org/documentation/latest/contributing/</loc>
- <lastmod>2015-04-30T00:00:00-04:00</lastmod>
+ <lastmod>2015-05-11T00:00:00-04:00</lastmod>
</url>
<url>
<loc>http://aurora.apache.org/documentation/latest/cron-jobs/</loc>
- <lastmod>2015-04-30T00:00:00-04:00</lastmod>
+ <lastmod>2015-05-11T00:00:00-04:00</lastmod>
</url>
<url>
<loc>http://aurora.apache.org/documentation/latest/deploying-aurora-scheduler/</loc>
- <lastmod>2015-04-30T00:00:00-04:00</lastmod>
+ <lastmod>2015-05-11T00:00:00-04:00</lastmod>
</url>
<url>
<loc>http://aurora.apache.org/documentation/latest/developing-aurora-client/</loc>
- <lastmod>2015-04-30T00:00:00-04:00</lastmod>
+ <lastmod>2015-05-11T00:00:00-04:00</lastmod>
</url>
<url>
<loc>http://aurora.apache.org/documentation/latest/developing-aurora-scheduler/</loc>
- <lastmod>2015-04-30T00:00:00-04:00</lastmod>
+ <lastmod>2015-05-11T00:00:00-04:00</lastmod>
</url>
<url>
<loc>http://aurora.apache.org/documentation/latest/hooks/</loc>
- <lastmod>2015-04-30T00:00:00-04:00</lastmod>
+ <lastmod>2015-05-11T00:00:00-04:00</lastmod>
</url>
<url>
<loc>http://aurora.apache.org/documentation/latest/monitoring/</loc>
- <lastmod>2015-04-30T00:00:00-04:00</lastmod>
+ <lastmod>2015-05-11T00:00:00-04:00</lastmod>
</url>
<url>
<loc>http://aurora.apache.org/documentation/latest/resource-isolation/</loc>
- <lastmod>2015-04-30T00:00:00-04:00</lastmod>
+ <lastmod>2015-05-11T00:00:00-04:00</lastmod>
</url>
<url>
<loc>http://aurora.apache.org/documentation/latest/scheduler-storage/</loc>
- <lastmod>2015-04-30T00:00:00-04:00</lastmod>
+ <lastmod>2015-05-11T00:00:00-04:00</lastmod>
</url>
<url>
<loc>http://aurora.apache.org/documentation/latest/security/</loc>
- <lastmod>2015-04-30T00:00:00-04:00</lastmod>
+ <lastmod>2015-05-11T00:00:00-04:00</lastmod>
</url>
<url>
<loc>http://aurora.apache.org/documentation/latest/sla/</loc>
- <lastmod>2015-04-30T00:00:00-04:00</lastmod>
+ <lastmod>2015-05-11T00:00:00-04:00</lastmod>
</url>
<url>
<loc>http://aurora.apache.org/documentation/latest/storage-config/</loc>
- <lastmod>2015-04-30T00:00:00-04:00</lastmod>
+ <lastmod>2015-05-11T00:00:00-04:00</lastmod>
</url>
<url>
<loc>http://aurora.apache.org/documentation/latest/storage/</loc>
- <lastmod>2015-04-30T00:00:00-04:00</lastmod>
+ <lastmod>2015-05-11T00:00:00-04:00</lastmod>
</url>
<url>
<loc>http://aurora.apache.org/documentation/latest/test-resource-generation/</loc>
- <lastmod>2015-04-30T00:00:00-04:00</lastmod>
+ <lastmod>2015-05-11T00:00:00-04:00</lastmod>
</url>
<url>
<loc>http://aurora.apache.org/documentation/latest/thrift-deprecation/</loc>
- <lastmod>2015-04-30T00:00:00-04:00</lastmod>
+ <lastmod>2015-05-11T00:00:00-04:00</lastmod>
</url>
<url>
<loc>http://aurora.apache.org/documentation/latest/tutorial/</loc>
- <lastmod>2015-04-30T00:00:00-04:00</lastmod>
+ <lastmod>2015-05-11T00:00:00-04:00</lastmod>
</url>
<url>
<loc>http://aurora.apache.org/documentation/latest/user-guide/</loc>
- <lastmod>2015-04-30T00:00:00-04:00</lastmod>
+ <lastmod>2015-05-11T00:00:00-04:00</lastmod>
</url>
<url>
<loc>http://aurora.apache.org/documentation/latest/vagrant/</loc>
- <lastmod>2015-04-30T00:00:00-04:00</lastmod>
+ <lastmod>2015-05-11T00:00:00-04:00</lastmod>
</url>
<url>
<loc>http://aurora.apache.org/documentation/latest/</loc>
- <lastmod>2015-04-30T00:00:00-04:00</lastmod>
+ <lastmod>2015-05-11T00:00:00-04:00</lastmod>
</url>
<url>
<loc>http://aurora.apache.org/downloads/</loc>
- <lastmod>2015-04-30T00:00:00-04:00</lastmod>
+ <lastmod>2015-05-11T00:00:00-04:00</lastmod>
</url>
<url>
<loc>http://aurora.apache.org/</loc>
- <lastmod>2015-04-30T00:00:00-04:00</lastmod>
+ <lastmod>2015-05-11T00:00:00-04:00</lastmod>
</url>
</urlset>
\ No newline at end of file
Added: aurora/site/source/documentation/latest/security.md
URL:
http://svn.apache.org/viewvc/aurora/site/source/documentation/latest/security.md?rev=1678852&view=auto
==============================================================================
--- aurora/site/source/documentation/latest/security.md (added)
+++ aurora/site/source/documentation/latest/security.md Tue May 12 03:06:06 2015
@@ -0,0 +1,271 @@
+Aurora integrates with [Apache Shiro](http://shiro.apache.org/) to provide
security
+controls for its API. In addition to providing some useful features out of the
box, Shiro
+also allows Aurora cluster administrators to adapt the security system to
their organizationâs
+existing infrastructure.
+
+- [Enabling Security](#enabling-security)
+- [Authentication](#authentication)
+ - [HTTP Basic Authentication](#http-basic-authentication)
+ - [Server Configuration](#server-configuration)
+ - [Client Configuration](#client-configuration)
+ - [HTTP SPNEGO Authentication
(Kerberos)](#http-spnego-authentication-kerberos)
+ - [Server Configuration](#server-configuration-1)
+ - [Client Configuration](#client-configuration-1)
+- [Authorization](#authorization)
+ - [Using an INI file to define security
controls](#using-an-ini-file-to-define-security-controls)
+ - [Caveats](#caveats)
+- [Implementing a Custom Realm](#implementing-a-custom-realm)
+ - [Packaging a realm module](#packaging-a-realm-module)
+- [Known Issues](#known-issues)
+
+# Enabling Security
+
+There are two major components of security:
+[authentication and
authorization](http://en.wikipedia.org/wiki/Authentication#Authorization). A
+cluster administrator may choose the approach used for each, and may also
implement custom
+mechanisms for either. Later sections describe the options available.
+
+# Authentication
+
+The scheduler must be configured with instructions for how to process
authentication
+credentials at a minimum. There are currently two built-in authentication
schemes -
+[HTTP Basic
Authentication](http://en.wikipedia.org/wiki/Basic_access_authentication), and
+[SPNEGO](http://en.wikipedia.org/wiki/SPNEGO) (Kerberos).
+
+## HTTP Basic Authentication
+
+Basic Authentication is a very quick way to add *some* security. It is
supported
+by all major browsers and HTTP client libraries with minimal work. However,
+before relying on Basic Authentication you should be aware of the [security
+considerations](http://tools.ietf.org/html/rfc2617#section-4).
+
+### Server Configuration
+
+At a minimum you need to set 4 command-line flags on the scheduler:
+
+```
+-http_authentication_mechanism=BASIC
+-shiro_realm_modules=INI_AUTHNZ
+-shiro_ini_path=path/to/security.ini
+```
+
+And create a security.ini file like so:
+
+```
+[users]
+sally = apple, admin
+
+[roles]
+admin = *
+```
+
+The details of the security.ini file are explained below. Note that this file
contains plaintext,
+unhashed passwords.
+
+### Client Configuration
+
+To configure the client for HTTP Basic authentication, add an entry to
~/.netrc with your credentials
+
+```
+% cat ~/.netrc
+# ...
+
+machine aurora.example.com
+login sally
+password apple
+
+# ...
+```
+
+No changes are required to `clusters.json`.
+
+## HTTP SPNEGO Authentication (Kerberos)
+
+### Server Configuration
+At a minimum you need to set 6 command-line flags on the scheduler:
+
+```
+-http_authentication_mechanism=NEGOTIATE
+-shiro_realm_modules=KERBEROS5_AUTHN,INI_AUTHNZ
+-kerberos_server_principal=HTTP/[email protected]
+-kerberos_server_keytab=path/to/aurora.example.com.keytab
+-shiro_ini_path=path/to/security.ini
+```
+
+And create a security.ini file like so:
+
+```
+% cat path/to/security.ini
+[users]
+sally = _, admin
+
+[roles]
+admin = *
+```
+
+What's going on here? First, Aurora must be configured to request Kerberos
credentials when presented with an
+unauthenticated request. This is achieved by setting
+
+```
+-http_authentication_mechanism=NEGOTIATE
+```
+
+Next, a Realm module must be configured to **authenticate** the current
request using the Kerberos
+credentials that were requested. Aurora ships with a realm module that can do
this
+
+```
+-shiro_realm_modules=KERBEROS5_AUTHN[,...]
+```
+
+The Kerberos5Realm requires a keytab file and a server principal name. The
principal name will usually
+be in the form `HTTP/[email protected]`.
+
+```
+-kerberos_server_principal=HTTP/[email protected]
+-kerberos_server_keytab=path/to/aurora.example.com.keytab
+```
+
+The Kerberos5 realm module is authentication-only. For scheduler security to
work you must also
+enable a realm module that provides an Authorizer implementation. For example,
to do this using the
+IniShiroRealmModule:
+
+```
+-shiro_realm_modules=KERBEROS5_AUTHN,INI_AUTHNZ
+```
+
+You can then configure authorization using a security.ini file as described
below
+(the password field is ignored). You must configure the realm module with the
path to this file:
+
+```
+-shiro_ini_path=path/to/security.ini
+```
+
+### Client Configuration
+To use Kerberos on the client-side you must build Kerberos-enabled client
binaries. Do this with
+
+```
+./pants binary src/main/python/apache/aurora/client/cli:kaurora
+./pants binary src/main/python/apache/aurora/admin:kaurora_admin
+```
+
+You must also configure each cluster where you've enabled Kerberos on the
scheduler
+to use Kerberos authentication. Do this by setting `auth_mechanism` to
`KERBEROS`
+in `clusters.json`.
+
+```
+% cat ~/.aurora/clusters.json
+{
+ "devcluser": {
+ "auth_mechanism": "KERBEROS",
+ ...
+ },
+ ...
+}
+```
+
+# Authorization
+Given a means to authenticate the entity a client claims they are, we need to
define what privileges they have.
+
+## Using an INI file to define security controls
+
+The simplest security configuration for Aurora is an INI file on the
scheduler. For small
+clusters, or clusters where the users and access controls change relatively
infrequently, this is
+likely the preferred approach. However you may want to avoid this approach if
access permissions
+are rapidly changing, or if your access control information already exists in
another system.
+
+You can enable INI-based configuration with following scheduler command line
arguments:
+
+```
+-http_authentication_mechanism=BASIC
+-shiro_ini_path=path/to/security.ini
+```
+
+*note* As the argument name reveals, this is using Shiroâs
+[IniRealm](http://shiro.apache.org/configuration.html#Configuration-INIConfiguration)
behind
+the scenes.
+
+The INI file will contain two sections - users and roles. Hereâs an example
for what might
+be in security.ini:
+
+```
+[users]
+sally = apple, admin
+jim = 123456, accounting
+becky = letmein, webapp
+larry = 654321,accounting
+steve = password
+
+[roles]
+admin = *
+accounting = thrift.AuroraAdmin:setQuota
+webapp = thrift.AuroraSchedulerManager:*:webapp
+```
+
+The users section defines user user credentials and the role(s) they are
members of. These lines
+are of the format `<user> = <password>[, <role>...]`. As you probably
noticed, the passwords are
+in plaintext and as a result read access to this file should be restricted.
+
+In this configuration, each user has different privileges for actions in the
cluster because
+of the roles they are a part of:
+
+* admin is granted all privileges
+* accounting may adjust the amount of resource quota for any role
+* webapp represents a collection of jobs that represents a service, and its
members may create and modify any jobs owned by it
+
+### Caveats
+You might find documentation on the Internet suggesting there are additional
sections in `shiro.ini`,
+like `[main]` and `[urls]`. These are not supported by Aurora as it uses a
different mechanism to configure
+those parts of Shiro. Think of Aurora's `security.ini` as a subset with only
`[users]` and `[roles]` sections.
+
+# Implementing a Custom Realm
+
+Since Auroraâs security is backed by [Apache
Shiro](https://shiro.apache.org), you can implement a
+custom [Realm](http://shiro.apache.org/realm.html) to define
organization-specific security behavior.
+
+In addition to using Shiro's standard APIs to implement a Realm you can link
against Aurora to
+access the type-safe Permissions Aurora uses. See the Javadoc for
`org.apache.aurora.scheduler.spi`
+for more information.
+
+## Packaging a realm module
+Package your custom Realm(s) with a Guice module that exposes a `Set<Realm>`
multibinding.
+
+```java
+package com.example;
+
+import com.google.inject.AbstractModule;
+import com.google.inject.multibindings.Multibinder;
+import org.apache.shiro.realm.Realm;
+
+public class MyRealmModule extends AbstractModule {
+ @Override
+ public void configure() {
+ Realm myRealm = new MyRealm();
+
+ Multibinder.newSetBinder(binder(),
Realm.class).addBinding().toInstance(myRealm);
+ }
+
+ static class MyRealm implements Realm {
+ // Realm implementation.
+ }
+}
+```
+
+To use your module in the scheduler, include it as a realm module based on its
fully-qualified
+class name:
+
+```
+-shiro_realm_modules=KERBEROS5_AUTHN,INI_AUTHNZ,com.example.MyRealmModule
+```
+
+# Known Issues
+
+While the APIs and SPIs we ship with are stable as of 0.8.0, we are aware of
several incremental
+improvements. Please follow, vote, or send patches.
+
+Relevant tickets:
+* [AURORA-343](https://issues.apache.org/jira/browse/AURORA-343): HTTPS support
+* [AURORA-1248](https://issues.apache.org/jira/browse/AURORA-1248): Client
retries 4xx errors
+* [AURORA-1279](https://issues.apache.org/jira/browse/AURORA-1279): Remove
kerberos-specific build targets
+* [AURORA-1293](https://issues.apache.org/jira/browse/AURORA-1291): Consider
defining a JSON format in place of INI
+* [AURORA-1179](https://issues.apache.org/jira/browse/AURORA-1179): Supported
hashed passwords in security.ini
+* [AURORA-1295](https://issues.apache.org/jira/browse/AURORA-1295): Support
security for the ReadOnlyScheduler service
Modified: aurora/site/source/downloads.html.md
URL:
http://svn.apache.org/viewvc/aurora/site/source/downloads.html.md?rev=1678852&r1=1678851&r2=1678852&view=diff
==============================================================================
--- aurora/site/source/downloads.html.md (original)
+++ aurora/site/source/downloads.html.md Tue May 12 03:06:06 2015
@@ -6,17 +6,22 @@
--->
## Current Release
-The current released version is *0.7.0-incubating*.
[(tar.gz)](https://www.apache.org/dyn/mirrors/mirrors.cgi/aurora/0.7.0/apache-aurora-0.7.0-incubating.tar.gz)
-[(md5)](https://www.apache.org/dyn/mirrors/mirrors.cgi/aurora/0.7.0/apache-aurora-0.7.0-incubating.tar.gz.md5)
-[(sha)](https://www.apache.org/dyn/mirrors/mirrors.cgi/aurora/0.7.0/apache-aurora-0.7.0-incubating.tar.gz.sha)
-[(sig)](https://www.apache.org/dyn/mirrors/mirrors.cgi/aurora/0.7.0/apache-aurora-0.7.0-incubating.tar.gz.asc)
+The current released version is *0.8.0*.
[(tar.gz)](https://www.apache.org/dyn/mirrors/mirrors.cgi/aurora/0.8.0/apache-aurora-0.8.0.tar.gz)
+[(md5)](https://www.apache.org/dyn/mirrors/mirrors.cgi/aurora/0.8.0/apache-aurora-0.8.0.tar.gz.md5)
+[(sha)](https://www.apache.org/dyn/mirrors/mirrors.cgi/aurora/0.8.0/apache-aurora-0.8.0.tar.gz.sha)
+[(sig)](https://www.apache.org/dyn/mirrors/mirrors.cgi/aurora/0.8.0/apache-aurora-0.8.0.tar.gz.asc)
To quickly get started, we reccomend using Vagrant and following the [Getting
Started guide](/documentation/latest/vagrant/).
-## Previous Releases
+## Incubating Releases
+*0.7.0-incubating*.
[(tar.gz)](https://archive.apache.org/dist/aurora/0.7.0/apache-aurora-0.7.0-incubating.tar.gz)
+[(md5)](https://archive.apache.org/dist/aurora/0.7.0/apache-aurora-0.7.0-incubating.tar.gz.md5)
+[(sha)](https://archive.apache.org/dist/aurora/0.7.0/apache-aurora-0.7.0-incubating.tar.gz.sha)
+[(sig)](https://archive.apache.org/dist/aurora/0.7.0/apache-aurora-0.7.0-incubating.tar.gz.asc)
+
*0.6.0-incubating*.
[(tar.gz)](https://archive.apache.org/dist/aurora/0.6.0/apache-aurora-0.6.0-incubating.tar.gz)
[(md5)](https://archive.apache.org/dist/aurora/0.6.0/apache-aurora-0.6.0-incubating.tar.gz.md5)
-[(sha)](https://archive.apache.org/dist/aurora/0.6.0/apache-aurora-0.6.0-incubating.tar.gz.sha)
+[(sha)](https://archive.apache.org/dist/aurora/0.6.0/apache-aurora-0.6.0-incubating.tar.gz.sha)
[(sig)](https://archive.apache.org/dist/aurora/0.6.0/apache-aurora-0.6.0-incubating.tar.gz.asc)
*0.5.0-incubating*
[(tar.gz)](https://archive.apache.org/dist/aurora/0.5.0/apache-aurora-0.5.0-incubating.tar.gz)
Modified: aurora/site/source/index.html.md
URL:
http://svn.apache.org/viewvc/aurora/site/source/index.html.md?rev=1678852&r1=1678851&r2=1678852&view=diff
==============================================================================
--- aurora/site/source/index.html.md (original)
+++ aurora/site/source/index.html.md Tue May 12 03:06:06 2015
@@ -26,4 +26,4 @@
<div class="col-md-4"><h3>Service Registration</h3><p>Aurora <a
href="/documentation/latest/configuration-reference/#announcer-objects">announces</a>
services to Apache ZooKeeper for discovery by clients like Finagle.</p></div>
</div>
</div>
-</div>
\ No newline at end of file
+</div>
