Supporting Seccomp in Mesos

[Andrei Budnik]

Hi Folks,

Here is the design doc for Seccomp support in Mesos:
https://docs.google.com/document/d/146FJJ0sDi1sp_HQxVUg-vhqVSTEsdCeD4If3b1xCeec

Seccomp is a security facility in the Linux kernel, which allows a user to
specify syscall filtering rules per a process. This design doc includes
various aspects of the implementation of Seccomp in Mesos, including choice
of the configuration format for Seccomp profile.

Thanks for your time reviewing and providing feedback for the design!

Cheers,
Andrei

Re: [VOTE] Release Apache Mesos 1.6.1 (rc2)

[Greg Mann]

Whoops, I forgot to include the list of changes included in this release -
sorry!

1.6.1-rc2 includes the following notable bug fixes:

  * [MESOS-3790] - ZooKeeper connection should retry on `EAI_NONAME`.
  * [MESOS-8830] - Agent gc on old slave sandboxes could empty persistent
volume data
  * [MESOS-8871] - Agent may fail to recover if the agent dies before image
store cache checkpointed.
  * [MESOS-8904] - Master crash when removing quota.
  * [MESOS-8936] - Implement a Random Sorter for offer allocations.
  * [MESOS-8945] - Master check failure due to CHECK_SOME(providerId).
  * [MESOS-8963] - Executor crash trying to print container ID.
  * [MESOS-8980] - mesos-slave can deadlock with docker pull.
  * [MESOS-8986] - `slave.available()` in the allocator is expensive and
drags down allocation performance.
  * [MESOS-8987] - Master asks agent to shutdown upon auth errors.
  * [MESOS-9002] - GCC 8.1 build failure in os::Fork::Tree.
  * [MESOS-9024] - Mesos master segfaults with stack overflow under load.
  * [MESOS-9025] - The container which joins CNI network and has checkpoint
enabled will be mistakenly destroyed by agent.

Cheers,
Greg

On Wed, Jul 11, 2018 at 6:15 PM, Greg Mann  wrote:

> Hi all,
>
> Please vote on releasing the following candidate as Apache Mesos 1.6.1.
>
>
> 1.6.1 includes the following:
> 
> 
> *Announce major features here*
> *Announce major bug fixes here*
>
> The CHANGELOG for the release is available at:
> https://git-wip-us.apache.org/repos/asf?p=mesos.git;a=blob_
> plain;f=CHANGELOG;hb=1.6.1-rc2
> 
> 
>
> The candidate for Mesos 1.6.1 release is available at:
> https://dist.apache.org/repos/dist/dev/mesos/1.6.1-rc2/mesos-1.6.1.tar.gz
>
> The tag to be voted on is 1.6.1-rc2:
> https://git-wip-us.apache.org/repos/asf?p=mesos.git;a=commit;h=1.6.1-rc2
>
> The SHA512 checksum of the tarball can be found at:
> https://dist.apache.org/repos/dist/dev/mesos/1.6.1-rc2/
> mesos-1.6.1.tar.gz.sha512
>
> The signature of the tarball can be found at:
> https://dist.apache.org/repos/dist/dev/mesos/1.6.1-rc2/
> mesos-1.6.1.tar.gz.asc
>
> The PGP key used to sign the release is here:
> https://dist.apache.org/repos/dist/release/mesos/KEYS
>
> The JAR is in a staging repository here:
> https://repository.apache.org/content/repositories/orgapachemesos-1230
>
> Please vote on releasing this package as Apache Mesos 1.6.1!
>
> The vote is open until Mon Jul 16 18:15:00 PDT 2018 and passes if a
> majority of at least 3 +1 PMC votes are cast.
>
> [ ] +1 Release this package as Apache Mesos 1.6.1
> [ ] -1 Do not release this package because ...
>
> Thanks,
> Greg
>

[VOTE] Release Apache Mesos 1.6.1 (rc2)

[Greg Mann]

Hi all,

Please vote on releasing the following candidate as Apache Mesos 1.6.1.


1.6.1 includes the following:

*Announce major features here*
*Announce major bug fixes here*

The CHANGELOG for the release is available at:
https://git-wip-us.apache.org/repos/asf?p=mesos.git;a=blob_plain;f=CHANGELOG;hb=1.6.1-rc2


The candidate for Mesos 1.6.1 release is available at:
https://dist.apache.org/repos/dist/dev/mesos/1.6.1-rc2/mesos-1.6.1.tar.gz

The tag to be voted on is 1.6.1-rc2:
https://git-wip-us.apache.org/repos/asf?p=mesos.git;a=commit;h=1.6.1-rc2

The SHA512 checksum of the tarball can be found at:
https://dist.apache.org/repos/dist/dev/mesos/1.6.1-rc2/mesos-1.6.1.tar.gz.sha512

The signature of the tarball can be found at:
https://dist.apache.org/repos/dist/dev/mesos/1.6.1-rc2/mesos-1.6.1.tar.gz.asc

The PGP key used to sign the release is here:
https://dist.apache.org/repos/dist/release/mesos/KEYS

The JAR is in a staging repository here:
https://repository.apache.org/content/repositories/orgapachemesos-1230

Please vote on releasing this package as Apache Mesos 1.6.1!

The vote is open until Mon Jul 16 18:15:00 PDT 2018 and passes if a
majority of at least 3 +1 PMC votes are cast.

[ ] +1 Release this package as Apache Mesos 1.6.1
[ ] -1 Do not release this package because ...

Thanks,
Greg

Re: Operations Working Group proposal

[Adam Cecile]

Hello,

If you're interested in I suggest not starting over Debian/Ubuntu stuff 
from scratch.

I already did the work here:

http://packages.le-vert.net/mesos/debian/
http://packages.le-vert.net/mesos/ubuntu/

I also have some Puppet (kinda dirty resources) but I'm not sure I'm 
allowed to share, I'll ask.


Mesos and Chronos available. Last time I tried building Marathon it 
failed. Still interrested in btw, as Marathon UI is completely fucked 
since newer Mesos release but had no time to dig into at the moment...


Best regards, Adam.

On 07/10/2018 09:02 AM, sundeep.kum...@cognizant.com wrote:


Hi,

I too would be interested in this group.

In real world, it does makes sense to have best practices around 
operations.


Regards,

Sundeep Kumar

*From:*Armand Grillet 
*Sent:* Tuesday, July 10, 2018 11:51 AM
*To:* user@mesos.apache.org
*Subject:* Re:

I would be interested.

Le mar. 10 juil. 2018 à 02:46, Harold Dost > a écrit :


Also interested



Harold Dost | @hdost

On Mon, Jul 9, 2018, 17:50 Gastón Kleiman mailto:gas...@mesosphere.io>> wrote:

Hi all,

I'm considering creating an "Operations Working Group".

It could focus on making Mesos clusters easier to manage,
deploy, and operate.

Some possible topics that could be discussed in the working group:

  * Best practices for operating a Mesos cluster
  * Packaging
  * Tools to deploy, upgrade, and operate Mesos clusters
(Puppet, Saltstack, Terraform, Mesos CLI, etc.)
  * Observability through metrics, logging, and
debug/information endpoints

Please let me know if you think that such a working group
would be useful for the community and if you would be
interesting in joining its meetings.

Thanks!

-Gastón


--

Armand Grillet

Software Engineer, Mesosphere

This e-mail and any files transmitted with it are for the sole use of 
the intended recipient(s) and may contain confidential and privileged 
information. If you are not the intended recipient(s), please reply to 
the sender and destroy all copies of the original message. Any 
unauthorized review, use, disclosure, dissemination, forwarding, 
printing or copying of this email, and/or any action taken in reliance 
on the contents of this e-mail is strictly prohibited and may be 
unlawful. Where permitted by applicable law, this e-mail and other 
e-mail communications sent to and from Cognizant e-mail addresses may 
be monitored.