- Mesos version v0.28.0 or greater.
- The connection between Mesos and Marathon has to be authenticated.
-
Create a file with the credentials that Mesos will use to authenticate Marathon, the format of this file is
<principal> <secret>
:
echo "marathon marathonsecret" >/opt/mesosphere/etc/mesos-credentials
2. Create a file with ACLs:
```bash
cat <<EOD >/opt/mesosphere/etc/mesos-acls
{
"run_tasks": [
{
"principals": {
"type": "ANY"
},
"users": {
"type": "ANY"
}
}
],
"register_frameworks": [
{
"principals": {
"type": "ANY"
},
"roles": {
"type": "ANY"
}
}
]
}
EOD
-
When starting the Mesos Masters use an additional role and provide the location of the files you've created.
Example additional flags:
--roles=volumes
--acls=file:///opt/mesosphere/etc/mesos-acls
--credentials=file:///opt/mesosphere/etc/mesos-credentials
### Configuring Marathon
1. Create a file with the secret that Marathon will provide to Mesos:
```bash
echo -n "marathonsecret" >/opt/mesosphere/etc/marathon-secret
-
When starting Marathon, specify the principal and secret to use when connecting to Mesos, and the role to use for volume reservations:
Example additional flags:
--mesos_authentication_principal marathon
--mesos_authentication_secret_file /opt/mesosphere/etc/marathon-secret
--mesos_role volumes
## Example
You can use the following application definition to run postgres with one persistent volume:
```json
{
"id": "/postgres",
"container": {
"type": "DOCKER",
"volumes": [
{
"containerPath": "pgdata",
"mode": "RW",
"persistent": {
"size": 10000
}
}
],
"docker": {
"image": "postgres:latest",
"network": "BRIDGE",
"portMappings": [
{
"containerPort": 5432,
"hostPort": 0,
"protocol": "tcp",
"name": "postgres"
}
]
}
},
"env": {
"POSTGRES_PASSWORD": "password",
"PGDATA": "/mnt/mesos/sandbox/pgdata"
},
"mem": 512,
"residency": {
"taskLostBehavior": "WAIT_FOREVER"
},
"upgradeStrategy": {
"maximumOverCapacity": 0,
"minimumHealthCapacity": 0
}
}
Here is the alternative instruction: https://gist.github.com/adyatlov/d4e83b3f5ebd668017f4