Repository: mesos-site Updated Branches: refs/heads/asf-site bd7ae4122 -> acb6eb8a0
Updated the website built from mesos SHA: c1f9e94. Project: http://git-wip-us.apache.org/repos/asf/mesos-site/repo Commit: http://git-wip-us.apache.org/repos/asf/mesos-site/commit/acb6eb8a Tree: http://git-wip-us.apache.org/repos/asf/mesos-site/tree/acb6eb8a Diff: http://git-wip-us.apache.org/repos/asf/mesos-site/diff/acb6eb8a Branch: refs/heads/asf-site Commit: acb6eb8a02acfc79e5b3e9924c601a79ac337499 Parents: bd7ae41 Author: jenkins <[email protected]> Authored: Fri Jan 12 22:25:47 2018 +0000 Committer: jenkins <[email protected]> Committed: Fri Jan 12 22:25:47 2018 +0000 ---------------------------------------------------------------------- content/blog/feed.xml | 2 +- .../index.html | 2 +- .../latest/isolators/cgroups-devices/index.html | 236 +++++++++++++++++++ .../latest/mesos-containerizer/index.html | 2 +- .../mesos-containerizer/index.html | 2 +- content/sitemap.xml | 4 + 6 files changed, 244 insertions(+), 4 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/mesos-site/blob/acb6eb8a/content/blog/feed.xml ---------------------------------------------------------------------- diff --git a/content/blog/feed.xml b/content/blog/feed.xml index 5218499..a271c58 100644 --- a/content/blog/feed.xml +++ b/content/blog/feed.xml @@ -168,7 +168,7 @@ To learn more about CSI work in Mesos, you can dig into the design document < </ul> -<p>If you are a user and would like to suggest some areas for performance improvement, please let us know by emailing <a href="&#x6d;&#97;&#105;&#x6c;&#116;&#x6f;&#58;&#x64;&#101;&#x76;&#x40;&#97;&#112;&#x61;&#x63;&#104;&#101;&#x2e;&#x6d;&#x65;&#115;&#111;&#115;&#x2e;&#111;&#x72;&#x67;">&#100;&#x65;&#118;&#x40;&#x61;&#112;&#x61;&#99;&#x68;&#101;&#x2e;&#109;&#101;&#115;&#x6f;&#115;&#46;&#x6f;&#x72;&#103;</a>.</p> +<p>If you are a user and would like to suggest some areas for performance improvement, please let us know by emailing <a href="&#x6d;&#97;&#x69;&#108;&#x74;&#111;&#x3a;&#x64;&#x65;&#118;&#64;&#97;&#x70;&#x61;&#x63;&#x68;&#x65;&#x2e;&#x6d;&#x65;&#x73;&#111;&#x73;&#46;&#x6f;&#114;&#x67;">&#x64;&#x65;&#x76;&#64;&#x61;&#x70;&#x61;&#x63;&#104;&#101;&#46;&#x6d;&#x65;&#115;&#111;&#x73;&#46;&#x6f;&#114;&#x67;</a>.</p> </content> </entry> http://git-wip-us.apache.org/repos/asf/mesos-site/blob/acb6eb8a/content/blog/performance-working-group-progress-report/index.html ---------------------------------------------------------------------- diff --git a/content/blog/performance-working-group-progress-report/index.html b/content/blog/performance-working-group-progress-report/index.html index 323bc30..1136f36 100644 --- a/content/blog/performance-working-group-progress-report/index.html +++ b/content/blog/performance-working-group-progress-report/index.html @@ -248,7 +248,7 @@ </ul> -<p>If you are a user and would like to suggest some areas for performance improvement, please let us know by emailing <a href="mailto:dev@apache.mesos.org">dev@apache.mesos.org</a>.</p> +<p>If you are a user and would like to suggest some areas for performance improvement, please let us know by emailing <a href="mailto:dev@apache.mesos.org">dev@apache.mesos.org</a>.</p> </div> </div> http://git-wip-us.apache.org/repos/asf/mesos-site/blob/acb6eb8a/content/documentation/latest/isolators/cgroups-devices/index.html ---------------------------------------------------------------------- diff --git a/content/documentation/latest/isolators/cgroups-devices/index.html b/content/documentation/latest/isolators/cgroups-devices/index.html new file mode 100644 index 0000000..4dab5c0 --- /dev/null +++ b/content/documentation/latest/isolators/cgroups-devices/index.html @@ -0,0 +1,236 @@ +<!DOCTYPE html> +<html> + <head> + <meta charset="utf-8"> + <title>Apache Mesos - Cgroups 'devices' Subsystem Support in Mesos Containerizer</title> + <meta name="viewport" content="width=device-width, initial-scale=1.0"> + + <meta property="og:locale" content="en_US"/> + <meta property="og:type" content="website"/> + <meta property="og:title" content="Apache Mesos"/> + <meta property="og:site_name" content="Apache Mesos"/> + <meta property="og:url" content="http://mesos.apache.org/"/> + <meta property="og:image" content="http://mesos.apache.org/assets/img/mesos_logo_fb_preview.png"/> + <meta property="og:description" + content="Apache Mesos abstracts resources away from machines, + enabling fault-tolerant and elastic distributed systems + to easily be built and run effectively."/> + + <meta name="twitter:card" content="summary"/> + <meta name="twitter:site" content="@ApacheMesos"/> + <meta name="twitter:title" content="Apache Mesos"/> + <meta name="twitter:image" content="http://mesos.apache.org/assets/img/mesos_logo_fb_preview.png"/> + <meta name="twitter:description" + content="Apache Mesos abstracts resources away from machines, + enabling fault-tolerant and elastic distributed systems + to easily be built and run effectively."/> + + <link href="//netdna.bootstrapcdn.com/bootstrap/3.1.1/css/bootstrap.min.css" rel="stylesheet"> + <link rel="alternate" type="application/atom+xml" title="Apache Mesos Blog" href="/blog/feed.xml"> + <link href="../../../../assets/css/main.css" media="screen" rel="stylesheet" type="text/css" /> + + + + <!-- Google Analytics Magic --> + <script type="text/javascript"> + var _gaq = _gaq || []; + _gaq.push(['_setAccount', 'UA-20226872-1']); + _gaq.push(['_setDomainName', 'apache.org']); + _gaq.push(['_trackPageview']); + + (function() { + var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true; + ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js'; + var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s); + })(); + </script> + + </head> + <body> + <!-- magical breadcrumbs --> + <div class="topnav"> + <div class="container"> + <ul class="breadcrumb"> + <li> + <div class="dropdown"> + <a data-toggle="dropdown" href="#">Apache Software Foundation <span class="caret"></span></a> + <ul class="dropdown-menu" role="menu" aria-labelledby="dLabel"> + <li><a href="http://www.apache.org";>Apache Homepage</a></li> + <li><a href="http://www.apache.org/licenses/";>License</a></li> + <li><a href="http://www.apache.org/foundation/sponsorship.html";>Sponsorship</a></li> + <li><a href="http://www.apache.org/foundation/thanks.html";>Thanks</a></li> + <li><a href="http://www.apache.org/security/";>Security</a></li> + </ul> + </div> + </li> + + <li><a href="http://mesos.apache.org";>Apache Mesos</a></li> + + + <li><a href="/documentation +/">Documentation +</a></li> + + + </ul><!-- /.breadcrumb --> + </div><!-- /.container --> + </div><!-- /.topnav --> + + <!-- navbar excitement --> +<div class="navbar navbar-default navbar-static-top" role="navigation"> + <div class="container"> + <div class="navbar-header"> + <button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#mesos-menu" aria-expanded="false"> + <span class="sr-only">Toggle navigation</span> + <span class="icon-bar"></span> + <span class="icon-bar"></span> + <span class="icon-bar"></span> + </button> + <a class="navbar-brand" href="/"><img src="/assets/img/mesos_logo.png" alt="Apache Mesos logo"/></a> + </div><!-- /.navbar-header --> + + <div class="navbar-collapse collapse" id="mesos-menu"> + <ul class="nav navbar-nav navbar-right"> + <li><a href="/getting-started/">Getting Started</a></li> + <li><a href="/blog/">Blog</a></li> + <li><a href="/documentation/latest/">Documentation</a></li> + <li><a href="/downloads/">Downloads</a></li> + <li><a href="/community/">Community</a></li> + </ul> + </div><!-- /#mesos-menu --> + </div><!-- /.container --> +</div><!-- /.navbar --> + +<div class="content"> + <div class="container"> + <div class="row-fluid"> + <div class="col-md-4"> + <h4>If you're new to Mesos</h4> + <p>See the <a href="/getting-started/">getting started</a> page for more + information about downloading, building, and deploying Mesos.</p> + + <h4>If you'd like to get involved or you're looking for support</h4> + <p>See our <a href="/community/">community</a> page for more details.</p> + </div> + <div class="col-md-8"> + <h1>Cgroups ‘devices’ Subsystems Support in Mesos Containerizer</h1> + +<p>The <code>cgroups/devices</code> isolator allows operators to provide device isolation for +containers launched by Mesos Containerizer. It uses the cgroups +<a href="https://www.kernel.org/doc/Documentation/cgroup-v1/devices.txt";>device whitelist controller</a> to +track and enforce open and mknod restrictions on device files. To enable the +<code>cgroups/devices</code> isolator, append <code>cgroups/devices</code> to the <code>--isolation</code> flag +when starting the Mesos agent.</p> + +<h2>Default whitelisted devices</h2> + +<p>The following devices are, by default, whitelisted for each container, if you +turn on this isolator.</p> + +<p>Each whitelist entry has 4 fields. <code>type</code> is <code>a</code> (all), <code>c</code> (char), or <code>b</code> +(block). ‘all’ means it applies to all types and all major and minor numbers. +Major and minor are either an integer or <code>*</code> for all. Access is a composition +of <code>r</code> (<a href="http://man7.org/linux/man-pages/man2/read.2.html";>read</a>), +<code>w</code> (<a href="http://man7.org/linux/man-pages/man2/write.2.html";>write</a>), +and <code>m</code> (<a href="http://man7.org/linux/man-pages/man2/mknod.2.html";>mknod</a>).</p> + +<ul> +<li><code>c *:* m</code>: Make new character devices using <a href="http://man7.org/linux/man-pages/man2/mknod.2.html";>mknod(2)</a>.</li> +<li><code>b *:* m</code>: Make new block devices using <a href="http://man7.org/linux/man-pages/man2/mknod.2.html";>mknod(2)</a>.</li> +<li><code>c 5:1 rwm</code>: Read/write <code>/dev/console</code></li> +<li><code>c 4:0 rwm</code>: Read/write <code>/dev/tty0</code></li> +<li><code>c 4:1 rwm</code>: Read/write <code>/dev/tty1</code></li> +<li><code>c 136:* rwm</code>: Read/write <code>/dev/pts/*</code></li> +<li><code>c 5:2 rwm</code>: Read/write <code>/dev/ptmx</code></li> +<li><code>c 10:200 rwm</code>: Read/write <code>/dev/net/tun</code></li> +<li><code>c 1:3 rwm</code>: Read/write <code>/dev/null</code></li> +<li><code>c 1:5 rwm</code>: Read/write <code>/dev/zero</code></li> +<li><code>c 1:7 rwm</code>: Read/write <code>/dev/full</code></li> +<li><code>c 5:0 rwm</code>: Read/write <code>/dev/tty</code></li> +<li><code>c 1:9 rwm</code>: Read/write <code>/dev/urandom</code></li> +<li><code>c 1:8 rwm</code>: Read/write <code>/dev/random</code></li> +</ul> + + +<p>Note that the cgroups device whitelist control is based on device numbers. This +is orthogonal to populating <code>/dev</code>, which is typically done by udev or devtmpfs.</p> + +<p>Capability <code>CAP_MKNOD</code> is always required to perform +<a href="http://man7.org/linux/man-pages/man2/mknod.2.html";>mknod(2)</a> irrespective of +whether the device is whitelisted or not.</p> + +<h2>Additional whitelisted devices</h2> + +<p>The operator can configure the agent to add additional whitelisted devices using +the <code>--allowed_devices</code> flag on the agent. The flag takes a JSON object (or the +path to a file that contains the JSON object). For example:</p> + +<pre><code class="json">{ + "allowed_devices": [ + { + "device": { + "path": "/path/to/device" + }, + "access": { + "read": true, + "write": false, + "mknod": false + } + } + ] +} +</code></pre> + + </div> +</div> + + </div><!-- /.container --> +</div><!-- /.content --> + +<hr> + + + + <!-- footer --> + <div class="footer"> + <div class="container"> + <div class="col-md-4 social-blk"> + <span class="social"> + <a href="https://twitter.com/ApacheMesos"; + class="twitter-follow-button" + data-show-count="false" data-size="large">Follow @ApacheMesos</a> + <script>!function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0],p=/^http:/.test(d.location)?'http':'https';if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.src=p+'://platform.twitter.com/widgets.js';fjs.parentNode.insertBefore(js,fjs);}}(document, 'script', 'twitter-wjs');</script> + <a href="https://twitter.com/intent/tweet?button_hashtag=mesos"; + class="twitter-hashtag-button" + data-size="large" + data-related="ApacheMesos">Tweet #mesos</a> + <script>!function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0],p=/^http:/.test(d.location)?'http':'https';if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.src=p+'://platform.twitter.com/widgets.js';fjs.parentNode.insertBefore(js,fjs);}}(document, 'script', 'twitter-wjs');</script> + </span> + </div> + + <div class="col-md-8 trademark"> + <p>© 2012-2017 <a href="http://apache.org";>The Apache Software Foundation</a>. + Apache Mesos, the Apache feather logo, and the Apache Mesos project logo are trademarks of The Apache Software Foundation. + <p> + </div> + </div><!-- /.container --> + </div><!-- /.footer --> + + <!-- JS --> + <script src="//code.jquery.com/jquery-1.11.0.min.js" type="text/javascript"></script> + <script src="//netdna.bootstrapcdn.com/bootstrap/3.1.1/js/bootstrap.min.js" type="text/javascript"></script> + <script src="//cdnjs.cloudflare.com/ajax/libs/anchor-js/4.1.0/anchor.min.js" type="text/javascript"></script> + + <!-- Inject anchors for all headings on the page, see https://www.bryanbraun.com/anchorjs. --> + <script type="text/javascript"> + anchors.options = { + placement: 'right', + ariaLabel: 'Permalink', + }; + + // The default is to not add anchors to h1, but we have pages with multiple h1 headers, + // and we do want to put anchors on those. + anchors.add('h1, h2, h3, h4, h5, h6'); + </script> + </body> +</html> http://git-wip-us.apache.org/repos/asf/mesos-site/blob/acb6eb8a/content/documentation/latest/mesos-containerizer/index.html ---------------------------------------------------------------------- diff --git a/content/documentation/latest/mesos-containerizer/index.html b/content/documentation/latest/mesos-containerizer/index.html index 9d2fb94..c1cfba4 100644 --- a/content/documentation/latest/mesos-containerizer/index.html +++ b/content/documentation/latest/mesos-containerizer/index.html @@ -141,7 +141,7 @@ can write modules that implement custom isolators.</p> <li><a href="/documentation/latest/./isolators/cgroups-blkio/">cgroups/blkio</a></li> <li><a href="/documentation/latest/./isolators/cgroups-cpu/">cgroups/cpu</a></li> <li>cgroups/cpuset</li> -<li>cgroups/devices</li> +<li><a href="/documentation/latest/./isolators/cgroups-devices/">cgroups/devices</a></li> <li>cgroups/hugetlb</li> <li>cgroups/mem</li> <li><a href="/documentation/latest/./isolators/cgroups-net-cls/">cgroups/net_cls</a></li> http://git-wip-us.apache.org/repos/asf/mesos-site/blob/acb6eb8a/content/documentation/mesos-containerizer/index.html ---------------------------------------------------------------------- diff --git a/content/documentation/mesos-containerizer/index.html b/content/documentation/mesos-containerizer/index.html index 7926f9b..3b72562 100644 --- a/content/documentation/mesos-containerizer/index.html +++ b/content/documentation/mesos-containerizer/index.html @@ -141,7 +141,7 @@ can write modules that implement custom isolators.</p> <li><a href="/documentation/latest/./isolators/cgroups-blkio/">cgroups/blkio</a></li> <li><a href="/documentation/latest/./isolators/cgroups-cpu/">cgroups/cpu</a></li> <li>cgroups/cpuset</li> -<li>cgroups/devices</li> +<li><a href="/documentation/latest/./isolators/cgroups-devices/">cgroups/devices</a></li> <li>cgroups/hugetlb</li> <li>cgroups/mem</li> <li><a href="/documentation/latest/./isolators/cgroups-net-cls/">cgroups/net_cls</a></li> http://git-wip-us.apache.org/repos/asf/mesos-site/blob/acb6eb8a/content/sitemap.xml ---------------------------------------------------------------------- diff --git a/content/sitemap.xml b/content/sitemap.xml index 610dfa3..c2657cd 100644 --- a/content/sitemap.xml +++ b/content/sitemap.xml @@ -16849,6 +16849,10 @@ <lastmod>2018-01-12T00:00:00+00:00</lastmod> </url> <url> + <loc>http://mesos.apache.org/documentation/latest/isolators/cgroups-devices/</loc> + <lastmod>2018-01-12T00:00:00+00:00</lastmod> + </url> + <url> <loc>http://mesos.apache.org/documentation/latest/isolators/namespaces-pid/</loc> <lastmod>2018-01-12T00:00:00+00:00</lastmod> </url>
![http://mesos.apache.org/assets/img/mesos_logo_fb_preview.png"/](http://mesos.apache.org/assets/img/mesos_logo_fb_preview.png"/){kind=link}