[jira] [Comment Edited] (MESOS-8306) Restrict which agents can statically reserve resources for which roles
[
https://issues.apache.org/jira/browse/MESOS-8306?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16286857#comment-16286857
]
Yan Xu edited comment on MESOS-8306 at 12/12/17 12:35 AM:
--
https://reviews.apache.org/r/64514
https://reviews.apache.org/r/64515
https://reviews.apache.org/r/64516
was (Author: xujyan):
{noformat:title=}
https://reviews.apache.org/r/64514
https://reviews.apache.org/r/64515
https://reviews.apache.org/r/64516
{noformat}
> Restrict which agents can statically reserve resources for which roles
> --
>
> Key: MESOS-8306
> URL: https://issues.apache.org/jira/browse/MESOS-8306
> Project: Mesos
> Issue Type: Improvement
>Reporter: Yan Xu
>Assignee: Yan Xu
>
> In some use cases part of a Mesos cluster could be reserved for certain
> frameworks/roles. A common approach is to use static reservation so the
> resources of an agent are only offered to frameworks of the designated roles.
> However without proper authorization any (compromised) agent can register
> with these special roles and accept workload from these frameworks.
> We can enhance the {{RegisterAgent}} ACL to express: agent principal {{foo}}
> is allowed to register with static reservation roles {{bar, baz}}; no other
> principals are allowed to register with static reservation roles {{bar, baz}}.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
[jira] [Comment Edited] (MESOS-8306) Restrict which agents can statically reserve resources for which roles
[
https://issues.apache.org/jira/browse/MESOS-8306?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16286509#comment-16286509
]
James Peach edited comment on MESOS-8306 at 12/11/17 9:26 PM:
--
Can you be more specific about the proposal? I can't match your description up
to the ACLs docs.
was (Author: jamespeach):
That generally sounds reasonable to me. I expect you want to mirror this into
{{UnreserveResources}} for consistency. Think about how this could be extended,
e.g. reserve only {{disk}} or {{cpu}} resources.
> Restrict which agents can statically reserve resources for which roles
> --
>
> Key: MESOS-8306
> URL: https://issues.apache.org/jira/browse/MESOS-8306
> Project: Mesos
> Issue Type: Improvement
>Reporter: Yan Xu
>Assignee: Yan Xu
>
> In some use cases part of a Mesos cluster could be reserved for certain
> frameworks/roles. A common approach is to use static reservation so the
> resources of an agent are only offered to frameworks of the designated roles.
> However without proper authorization any (compromised) agent can register
> with these special roles and accept workload from these frameworks.
> We can enhance the {{RegisterAgent}} ACL to express: agent principal {{foo}}
> is allowed to register with static reservation roles {{bar, baz}}; no other
> principals are allowed to register with static reservation roles {{bar, baz}}.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
