[
https://issues.apache.org/jira/browse/MESOS-6432?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15827823#comment-15827823
]
Benjamin Bannier edited comment on MESOS-6432 at 1/18/17 10:48 AM:
-------------------------------------------------------------------
[~bmahler]: I have posted a patch implementing the fix you suggested in the
original description (quota satisfied once a single resource kind is allocated
up to the quota limit).
Before going forward with this patch we should carefully evaluate if this
approach has the semantics we want, fixes the underlying issue, and is
ultimately worth it while more general fixes like MESOS-3765 being considered.
I believe we are replacing "gamebility" with a potentially steep penalty for
"unusual" quota setups (e.g., a quota of {{cpus:100000;disk:1}} would with this
change be satisfied once 1MB have been allocated towards the quota'ed role).
OTOH, the gamebility we are fixing would be restricted to users with the
ability to update or set quotas, i.e., operators should be able to curb gaming
of quota by arbitrary users.
was (Author: bbannier):
[~bmahler]: I have posted a patch implementing the fix you suggested in the
original description (quota satisfied once a single resource kinds is allocated
up to the quota limit).
Before going forward with this patch we should carefully evaluate if this
approach has the semantics we want, fixes the underlying issue, and is
ultimately worth it while more general fixes like MESOS-3765 being considered.
I believe we are replacing "gamebility" with a potentially steep penalty for
"unusual" quota setups (e.g., a quota of {{cpus:100000;disk:1}} would with this
change be satisfied once 1MB have been allocated towards the quota'ed role).
OTOH, the gamebility we are fixing would be restricted to users with the
ability to update or set quotas, i.e., operators should be able to curb gaming
of quota by arbitrary users.
> Roles with quota assigned can "game" the system to receive excessive
> resources.
> -------------------------------------------------------------------------------
>
> Key: MESOS-6432
> URL: https://issues.apache.org/jira/browse/MESOS-6432
> Project: Mesos
> Issue Type: Bug
> Components: allocation
> Reporter: Benjamin Mahler
> Assignee: Benjamin Bannier
> Priority: Critical
>
> The current implementation of quota allocation attempts to satisfy each
> resource quota for a role, but in doing so can far exceed the quota assigned
> to the role.
> For example, if a role has quota for {{\[30,20,10\]}}, it can consume up to:
> {{\[∞, ∞, 10\]}} or {{\[∞, 20, ∞\]}} or {{\[30, ∞, ∞\]}} as only once each
> resource in the quota vector is satisfied do we stop allocating agent's
> resources to the role!
> As a first step for preventing gaming, we could consider quota satisfied once
> any of the resources in the vector has quota satisfied. This approach works
> reasonably well for resources that are required and are present on every
> agent (cpus, mem, disk). However, it doesn't work well for resources that are
> optional / only present on some agents (e.g. gpus) (a.k.a. non-ubiquitous /
> scarce resources). For this we would need to determine which agents have
> resources that can satisfy the quota prior to performing the allocation.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
