[ https://issues.apache.org/jira/browse/MESOS-7651?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16044848#comment-16044848 ]
Yan Xu commented on MESOS-7651: ------------------------------- +1. Related to this is the headaches around the lifecycle of reservations and volumes. Not sure what you meant by "perhaps re-using roles for this" above but I think as part of this we should bind the lifecycle of reservations to the lifecycle of the framework the same way tasks are bound to the lifecycle of the framework. > Consider a more explicit way to bind reservations / volumes to a framework. > --------------------------------------------------------------------------- > > Key: MESOS-7651 > URL: https://issues.apache.org/jira/browse/MESOS-7651 > Project: Mesos > Issue Type: Improvement > Reporter: Benjamin Mahler > > Currently, when a framework creates a reservation or a persistent volume, and > it wants exclusive access to this volume or reservation, it must take a few > steps: > * Ensure that no other frameworks are running within the reservation role (or > the other frameworks are co-operative). > * With hierarchical roles, frameworks must also ensure that the role is a > leaf so that no descendant roles will have access to the reservation/volume. > This could be done by generating a role (e.g. eng/kafka/<instance id>). > It's not easy for the framework to ensure these things, since role ACLs are > controlled by the operator. > We should consider a more direct way for a framework to ensure that their > reservation/volume cannot be shared. E.g. by binding it to their framework id > (perhaps re-using roles for this rather than introducing something new?) -- This message was sent by Atlassian JIRA (v6.3.15#6346)