I'll look into what's happening with the framework registration, but
meanwhile I've also taken a look at what's going on with the master
endpoints.
It looks like the issue is around authentication rather than the dynamic
reservation endpoints.
When using *JSON-based* credentials file, the password should be given
in *base64
encoded* format.
So your credentials file should be:
* {*
* "credentials": [*
* {*
* "principal": "mesos-mach5-beta",*
* "secret": " cGFzc3dvcmQ"*
* }*
* ]*
* }*
It looks like this behavior is not documented well on the master. I'll be
fixing that shortly.
Thanks,
MPark.
On Tue, Sep 29, 2015 at 4:27 PM DiGiorgio, Mr. Rinaldo S. <
[email protected]> wrote:
> MPark,
>
> Thanks for your identification of something that was not configured. I am
> using the mesos-plugin in Jenkins. I had not specified a principal. I added
> the principal and it appears to register with that principal if I don’t
> provide a password from the meson-plugin. When I try to perform a
> reservation I get the authentication issue. So I thought perhaps the
> framework must register with a password. I added the password and restarted
> both jenkins and the meson-master. I get the following in the logs.
>
>
> W0929 13:17:56.672214 346357760 master.cpp:5165] Failed to authenticate
> [email protected]:49817:
> Refused authentication
> *** Aborted at 1443557876 (unix time) try "date -d @1443557876" if you are
> using GNU date ***
> PC: @ 0x7fff8ad419a4 _pthread_mutex_check_init
> *** SIGSEGV (@0x1) received by PID 62883 (TID 0x114ad3000) stack trace: ***
> @ 0x7fff8d09f5aa _sigtramp
>
> I am sure ntp is the same since I have set the time with ntp and both the
> mesos master and jenkins are on the same machine. The authentication
> process requires accurate clocks — since it is just the framework
> registering I have not looked at the slaves.
>
>
>
> Rinaldo
>
>
> On Sep 29, 2015, at 3:03 PM, Michael Park <[email protected]> wrote:
>
> Hi Rinaldo,
>
> Sorry that you're having trouble using dynamic reservations.
>
> I see that you're specifying the *mesos-mach5-beta* principal on the
> resources, but I'm not sure if your framework is registered with the
> *mesos-mach5-beta* principal? The framework must set the *
> FrameworkInfo::principal* to be registered under that *principal*.
>
> Please let me know whether that is the case or not, and I'll follow up
> with you to resolve the issue.
>
> Thanks,
>
> MPark.
>
> On Tue, Sep 29, 2015 at 1:53 PM DiGiorgio, Mr. Rinaldo S. <
> [email protected]> wrote:
>
>> Joseph,
>>
>> I thought I tried that. So I must still not following the directions.
>> Here is what I have?
>>
>> mesos master running on OS X 10.10.5 mesos 0.26
>>
>> I perform the following curl operation below.
>>
>> server reads credentials file
>>
>> I0929 10:48:42.062871 291536896 credentials.hpp:37] Loading credentials
>> for authentication from '/etc/mesos-master/attributes/credentials'
>> I0929 10:48:42.065512 291536896 master.cpp:467] Using default 'crammd5'
>> authenticator
>>
>>
>> The result of trying to reserve is: *Could not authenticate
>> 'mesos-mach5-beta'*
>>
>> ======= the credentials file is =======
>>
>> {
>> "credentials": [
>> {
>> "principal": "*mesos-mach5-beta*",
>> "secret": "*password*"
>> }
>> ]
>> }
>> ===============================
>>
>> ========================User curl post to reserve a slave not a framework
>> =============
>> SLAVE_ID="efb748eb-e1ce-423d-a795-7589c92b2a32-S1"
>> OPERATOR_PRINCIPAL="mach5"
>> CPUS="3"
>> MESOS_HOST="scaaa979.us.oracle.com:5050"
>> curl -u "*mesos-mach5-beta*:password" -d slaveId="$SLAVE_ID" -d @- -X
>> POST http://$MESOS_HOST/master/reserve <<HERE
>> resources=[
>> {
>> "name": "cpus",
>> "type": "SCALAR",
>> "scalar": { "value": 8 },
>> "role": "mach5",
>> "reservation": {
>> "principal": "*mesos-mach5-beta*"
>> }
>> },
>> {
>> "name": "mem",
>> "type": "SCALAR",
>> "scalar": { "value": 4096 },
>> "role": "mach5",
>> "reservation": {
>> "principal": * "mesos-mach5-beta*"
>> }
>> }
>> ]
>> =================================================================
>>
>> On Sep 29, 2015, at 12:34 PM, Joseph Wu <[email protected]> wrote:
>>
>> Rinaldo,
>>
>> The principle is taken from authentication, rather than from the body of
>> the resources. In this case, you'll be using Basic Authentication:
>> https://en.wikipedia.org/wiki/Basic_access_authentication#Client_side
>>
>> With curl, you'd add something like: -H "Authorization: Basic
>> bWVzb3MtbWFjaDUtYmV0YTpwYXNzd29yZA=="
>> That base64 blurb is the encoded version of "mesos-mach5-beta:password".
>>
>> ~Joseph
>>
>> On Mon, Sep 28, 2015 at 8:25 PM, DiGiorgio, Mr. Rinaldo S. <
>> [email protected]> wrote:
>>
>>>
>>> On Sep 28, 2015, at 8:03 PM, Joseph Wu <[email protected]> wrote:
>>>
>>> Hi Rinaldo,
>>>
>>> I'd like to point out a small error in your ACLs.
>>>
>>> If you want to specify "ANY", you should set the "type" field. i.e. For
>>> the RegisterFramework ACL:
>>> "register_frameworks": [
>>> {
>>> "principals": { "values": "mesos-mach5-beta" },
>>> "roles": { "type": 1 }
>>> }
>>> ]
>>>
>>>
>>> Thanks — can’t keep my eyes open any more. This is the response I get
>>> to the following request.
>>>
>>> *Invalid RESERVE operation: Cannot reserve resources without a
>>> principal. *
>>>
>>> The example shows -u principal:password in curl which is an auentycation
>>> string for the browser so I am totally confused on how to provide a
>>> principal. The documentation for the framework reserve
>>>
>>>
>>>
>>> curl -i -d slaveId="$SLAVE_ID" -d @- -X POST
>>> http://$MESOS_HOST/master/reserve <<HERE
>>> resources=[
>>> {
>>> "name": "cpus",
>>> "type": "SCALAR",
>>> "scalar": { "value": 8 },
>>> "role": "mach5",
>>> "reservation": {
>>> "principal": "mach5"
>>> }
>>> },
>>> {
>>> "name": "mem",
>>> "type": "SCALAR",
>>> "scalar": { "value": 4096 },
>>> "role": "mach5",
>>> "reservation": {
>>> "principal": "mach5"
>>> }
>>> }
>>> ]
>>> <<HERE
>>>
>>>
>>> The ANY "type" is part of an enumeration, defined here:
>>>
>>> https://github.com/apache/mesos/blob/master/include/mesos/authorizer/authorizer.proto#L33-L45
>>>
>>> Hope that helps,
>>> ~Joseph
>>>
>>> On Mon, Sep 28, 2015 at 2:51 PM, DiGiorgio, Mr. Rinaldo S. <
>>> [email protected]> wrote:
>>>
>>>>
>>>> On Sep 28, 2015, at 5:27 PM, Marco Massenzio <[email protected]>
>>>> wrote:
>>>>
>>>> Hi Rinaldo,
>>>>
>>>> sorry about the trouble you're having in getting this to work!
>>>> If I got this one right, the original requirement was...
>>>>
>>>> I have some tasks that need to run on different types of agents.
>>>>
>>>>
>>>> for that, I think you can use either (or both) of `roles` and
>>>> `attributes` (see the Configuration doc [0] for more info).
>>>>
>>>> If you would like to run a 0.24 Mesos on your Mac for testing, you
>>>> could use the Mesosphere published packages[1] or, if Vagrant is more your
>>>> thing, feel free to "take inspiration" form [2].
>>>>
>>>> Marco,
>>>>
>>>> Thanks — We are running 0.23, 0.24 and the current branch as of
>>>> this morning in three mesos environments with linux and mac nodes and
>>>> working on porting Solaris. We have had various issues with building but
>>>> are past most of them. We are making progess on the Solaris build and
>>>> there is an issue with libsvn-1 as you mentioned with OL7.
>>>>
>>>>
>>>> *Why do we need Dynamic Reservations?*
>>>>
>>>> We are also working with the mesos-plugin 0.8 and 0.9 and would like to
>>>> change some of the behaviors of the plugin. One of the changes we want to
>>>> make and we may move this out of the meson-plugin into workflow plugin in
>>>> jenkins is to be able to reserve all the resources we need before we start
>>>> a series of tasks. That is what we want to use dynamic reservations for.
>>>> There may be issues with the jenkins workflow architecture in that “slaves”
>>>> have to be requested via plugins. Mesos is new and I am sure it will
>>>> provide a framework to innovate on all the following currently supported
>>>> scheduling options in LSF.
>>>>
>>>> Fair share, preemptive, backfill and SLA scheduling
>>>> High throughput scheduling
>>>> Multicluster scheduling
>>>> Topology-, resource-, and energy-aware scheduling
>>>>
>>>>
>>>>
>>>>
>>>> I am trying to ask for a reservation and maybe I just don’t understand
>>>> the definitions. I seem to be unsure about what a principal is. Maybe that
>>>> is the root of my current issue. Unfortunately I am also a teacher so I
>>>> notice things like I still can’t find a definition of *principal* on
>>>> all those web pages.
>>>>
>>>> Thanks for all the links below but Docker is not a good technology for
>>>> us because it has the usual linuxism’s runs best and mostly on Linux.
>>>> Vagrant has the same issues so we will have to put more ports on our list.
>>>> Docker don’t have separation that is equal to the task so we need to match
>>>> the resources of the machine to the size of the task and not share in some
>>>> circumstances. Our apps tend to open lots of ports and use advanced
>>>> features of the operating system that may not be supported in Docker
>>>> native, but may actually work in Docker on a VM. Containers have different
>>>> definitions of separation.
>>>>
>>>> Rinaldo
>>>>
>>>>
>>>> Finally, to build on OSX, you'll need to install libsvn-1 as described
>>>> in [3].
>>>>
>>>> I'm afraid I don't know enough about Dynamic Reservation to really be
>>>> able to help here; but I suspect that, if you run *without*
>>>> authentication enabled, it will accept *any* principal (did you try
>>>> that already? what error did you get?)
>>>>
>>>> Feel free to drop me a line if you're still having trouble.
>>>>
>>>>
>>>> [0] http://mesos.apache.org/documentation/latest/configuration/
>>>> [1] http://mesosphere.com/downloads
>>>> [2] https://github.com/massenz/zk-mesos/tree/develop/vagrant
>>>> [3] http://mesos.apache.org/gettingstarted/ (see the OSX section; in
>>>> particular:
>>>> `$ brew install autoconf automake libtool subversion maven`)
>>>>
>>>> *Marco Massenzio*
>>>>
>>>> *Distributed Systems Engineer http://codetrips.com
>>>> <http://codetrips.com/>*
>>>>
>>>> On Mon, Sep 28, 2015 at 1:59 PM, DiGiorgio, Mr. Rinaldo S. <
>>>> [email protected]> wrote:
>>>>
>>>>>
>>>>> On Sep 21, 2015, at 7:33 PM, Guangya Liu <[email protected]> wrote:
>>>>>
>>>>> HI Rinaldo,
>>>>>
>>>>> I think that you can use dynamic reservation feature to achieve this:
>>>>> You can launch your tasks after reservation succeeds. Actually, all of
>>>>> the
>>>>> dynamic reservation feature with endpoint has been finished except ACL
>>>>> part, so you can use this feature now if you do not care ACL part.
>>>>>
>>>>> Thanks,
>>>>>
>>>>>
>>>>> Hi Guangya,
>>>>>
>>>>> I have bene trying to get dynamic reservations to work. I downloaded
>>>>> the latest from git and created a small environment on OS X 10.10. I am
>>>>> trying to use reservations and I am not making much progress. I tried to
>>>>> get it to work without authentication and was unable to. I used the ANY
>>>>> option and it still required a principal. I am unable to configure the
>>>>> master to work without authentication. Do you have some simple configs
>>>>> for
>>>>> starting a master with no authentication required so that it can be used
>>>>> to
>>>>> set dynamic reservations.
>>>>>
>>>>> The output below is for authentication. I tried to authenticate from a
>>>>> slave and it failed with a coredump.
>>>>>
>>>>>
>>>>>
>>>>> I start mesos like this:
>>>>>
>>>>> mesos-master.sh —ip=nnn,nnn,nnn,nnn --work_dir=/var/lib/mesos
>>>>> --acls=$BASE/acls --credentials=$BASE/credentials
>>>>>
>>>>> bash-3.2# cat attributes/acls
>>>>> {
>>>>> "register_frameworks": [
>>>>> {
>>>>> "principals": { "type": "mesos-mach5-beta" },
>>>>> "roles": { "values": "ANY" }
>>>>> }
>>>>> ],
>>>>> "run_tasks": [
>>>>> {
>>>>> "principals": { "values": "ANY" },
>>>>> "users": { "values": "ANY" }
>>>>> }
>>>>> ],
>>>>> "shutdown_frameworks": [
>>>>> {
>>>>> "principals": { "values": "mesos-mach5-beta" },
>>>>> "framework_principals": { "values": "ANY" }
>>>>> }
>>>>> ]
>>>>> }
>>>>>
>>>>> bash-3.2# cat attributes/credentials
>>>>> {
>>>>> "credentials": [
>>>>> {
>>>>> "principal": "mesos-mach5-beta",
>>>>> "secret": "password"
>>>>> }
>>>>> ]
>>>>> }
>>>>>
>>>>>
>>>>>
>>>>> When I try the following I am told I am not authorized.
>>>>>
>>>>>
>>>>>
>>>>> Guangya
>>>>>
>>>>> On Tue, Sep 22, 2015 at 6:32 AM, DiGiorgio, Mr. Rinaldo S. <
>>>>> [email protected]> wrote:
>>>>>
>>>>>> Hi,
>>>>>>
>>>>>> I have some tasks that need to run on different types of agents. I
>>>>>> don’t want the tasks to run unless I am going to have all the resources.
>>>>>> Can someone suggest how I could accomplish that with mesos. I read about
>>>>>> reservations here:
>>>>>> http://mesos.apache.org/documentation/latest/reservation/
>>>>>>
>>>>>> I could iterate over all the resources I need and if I get them
>>>>>> proceed.
>>>>>>
>>>>>> Is that the only way to do it?
>>>>>>
>>>>>> Any idea when coming soon will be available?
>>>>>>
>>>>>> /reserve (*Coming Soon*)
>>>>>>
>>>>>> Suppose we want to reserve 8 CPUs and 4096 MB of RAM for the ads role
>>>>>> on a slave with id=<slave_id>. We send an HTTP POST request to the
>>>>>> /reserve HTTP endpoint like so:
>>>>>>
>>>>>>
>>>>>> Rinaldo
>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
