Repository: mesos Updated Branches: refs/heads/master 1ead3e669 -> 24a746d85
Improved documentation on resource reservations. Added explanation for authorizations on static reservations. Review: https://reviews.apache.org/r/64516 Project: http://git-wip-us.apache.org/repos/asf/mesos/repo Commit: http://git-wip-us.apache.org/repos/asf/mesos/commit/24a746d8 Tree: http://git-wip-us.apache.org/repos/asf/mesos/tree/24a746d8 Diff: http://git-wip-us.apache.org/repos/asf/mesos/diff/24a746d8 Branch: refs/heads/master Commit: 24a746d85780051d862db0697b63c3c52db4362a Parents: ae51537 Author: Jiang Yan Xu <xuj...@apple.com> Authored: Mon Dec 11 16:04:23 2017 -0800 Committer: Jiang Yan Xu <xuj...@apple.com> Committed: Wed Jan 17 11:29:55 2018 -0800 ---------------------------------------------------------------------- docs/reservation.md | 40 ++++++++++++++++++++++++++-------------- 1 file changed, 26 insertions(+), 14 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/mesos/blob/24a746d8/docs/reservation.md ---------------------------------------------------------------------- diff --git a/docs/reservation.md b/docs/reservation.md index fa1f309..269c652 100644 --- a/docs/reservation.md +++ b/docs/reservation.md @@ -33,10 +33,13 @@ __CAVEAT:__ In order to modify a static reservation, the operator must drain and restart the slave with the new configuration specified in the `--resources` flag. -**NOTE:** This feature is supported for backwards compatibility. The recommended -approach is to specify the total resources available on the slave as unreserved -via the `--resources` flag and manage reservations dynamically via the master -HTTP endpoints. +It's often more convenient to specify the total resources available on +the slave as unreserved via the `--resources` flag and manage reservations +dynamically (see below) via the master HTTP endpoints. However static reservation +provides a way for the operator to more deterministically control the reservations +(roles, amount, principals) before the agent is exposed to the master and +frameworks. One use case is for the operator to dedicate entire agents for +specific roles. ## Dynamic Reservation @@ -47,16 +50,6 @@ That is, statically reserved resources cannot be reserved for another role nor be unreserved. Dynamic reservation enables operators and authorized frameworks to reserve and unreserve resources after slave-startup. -By default, frameworks and operators are authorized to reserve resources for -any role and to unreserve dynamically reserved resources. -[Authorization](authorization.md) allows this behavior to be limited so that -only particular roles can be reserved for, and only particular resources can -be unreserved. For these operations to be authorized, the framework or operator -should provide a `principal` to identify itself. To use authorization with -reserve/unreserve operations, the Mesos master must be configured with the -appropriate ACLs. For more information, see the -[authorization documentation](authorization.md). - * `Offer::Operation::Reserve` and `Offer::Operation::Unreserve` messages are available for __frameworks__ to send back via the `acceptOffers` API as a response to a resource offer. @@ -80,6 +73,25 @@ running task or if a [persistent volume](persistent-volume.md) has been created using the reserved resources. In the latter case, the volume should be destroyed before unreserving the resources. +## Authorization + +By default, frameworks and operators are authorized to reserve resources for +any role and to unreserve dynamically reserved resources. +[Authorization](authorization.md) allows this behavior to be limited so that +resources can only be reserved for particular roles, and only particular +resources can be unreserved. For these operations to be authorized, the +framework or operator should provide a `principal` to identify itself. To use +authorization with reserve/unreserve operations, the Mesos master must be +configured with the appropriate ACLs. For more information, see the +[authorization documentation](authorization.md). + +Similarly, agents by default can register with the master with resources that +are statically reserved for arbitrary roles. +With [authorization](authorization.md), +the master can be configured to use the `reserve_resources` ACL to check that +the agent's `principal` is allowed to statically reserve resources for specific +roles. + ## Reservation Labels Dynamic reservations can optionally include a list of _labels_, which are