Enterprise DC/OS 1.7: Security and Stateful Services | D2iQ

Mesosphere Enterprise DC/OS 1.7 is now generally available and introduces new features across the board. They include support for integrated service discovery, distributed load balancing mechanisms, and the ability to run stateful services using persistent local and external storage volumes. These included containerized stateful services such as MySQL as well as distributed stateful services such as Cassandra.

Security is also beefed up to provide fine-grained access control to various business groups within an organization—all managed centrally and integrated with existing corporate LDAP/AD infrastructure.

Enterprise DC/OS 1.7 also includes the latest releases of Apache Mesos (0.28) and Marathon, the latter of which reached 1.0 status in March! Keep reading to find out more about everything that's new.

Improved installation from top to bottom

You can now install packages from the DC/OS Universe with a single click in the GUI web interface. The packages can be installed with defaults or customized directly in the UI.

We've also improved the experience of installing DC/OS itself. Updates include:

• Faster automated CLI mode by use of concurrent SSH sessions and fully asynchronous execution.
• Improved validation of configuration parameters.
• Distributed DNS Server to enable highly available DNS deployment for service discovery and service availability.
• Simplified process for ZooKeeper Exhibitor orchestration.

DC/OS system component health monitoring

You can monitor the health of your cluster components from the DC/OS web interface. The component health page provides the health status of all DC/OS system components that are running in systemd. You can drill down by health status, host IP address, or specific systemd unit.

DC/OS distributed load balancer

DC/OS can now map traffic from a single Virtual IP (VIP) to multiple IP addresses and ports. You can assign a VIP to your application by using the DC/OS Marathon web interface.

Additionally, you can now use the DC/OS Networking tab in the web interface to view aggregated metrics for VIPs, and you can monitor VIP performance metrics across DC/OS cluster.

DC/OS persistent and external volumes to enable stateful services

DC/OS 1.7 now allows you to run stateful containerized services such as MySQL using persistent local volumes configuration and Marathon resident tasks. For more information, see the documentation.

The latest version also adds (experimental) support for stateful applications that depend on specific storage platforms, via external volumes consumption. This feature allows users to attach and detach storage volumes to containers, and supports Amazon Elastic Block Store, OpenStack Cinder, EMC Isilon, ScaleIO, VMAX, XtremeIO and Google Compute Engine. For more information, see the documentation.

Fine-grained team-level access control for self service application development

Users can now define fine-grained access to Marathon applications that are running in DC/OS by defining advanced ACL groups. Advanced ACL groups can provide multi-tenancy by isolating application teams and individual users.

DC/OS Marathon updates

There is a lot of new capabilities in Marathon 1.0 that make it an even more-productive platform for running Docker containers and other long-running, highly available applications. Among them:

• Applications and search: Improved global search with better ranking (fuzzy matching). Groups are now shown as part of search results too. Application list supports for browsing empty groups. Create empty groups directly from the UI. A new sidebar filter to match apps with attached volumes.
• Create and edit form improvements: Redesigned form with improved usability. We added a completely new JSON editor. Create resident tasks with persistent local volumes from the UI. Greatly simplified port management.
• Support for persistent storage: You can now launch tasks that use persistent volumes by specifying volumes either via the UI or the REST API. Marathon will reserve all required resources on a matching agent, and subsequently launch a task on that same agent if needed. Data within the volume will be retained even after relaunching the associated task.
• Support for scheduler upgrades: Scheduler are specific applications to Marathon, since they can also launch tasks. A deployment in Marathon for upgrading schedulers also includes the migration of all tasks, the scheduler has started via a protocol.
• Support for ports metadata: The v2 REST API was extended to support additional ports metadata (protocol, name, and labels) through the port Definition application field. Marathon will pass this new information to Mesos, who will in turn make it available for service discovery purposes.
• Support for HTTP-based plugin extensions: Plugins can now implement HTTP endpoints.
• Updated auth plugin interface: The Authentication and Authorization plugin interface was redesigned in order to support more sophisticated plugins.
• Leader duration metric: The metrics include now a gauge that measures the time elapsed since the last leader election happened. This is helpful to diagnose stability problems and how often leader election happens.
• Better error messages: API error messages are now more consistent and easier to understand for both humans and computers.
• Improved task kill behavior: When stopping/restarting an application, Marathon will now perform the kills in batches, in order to avoid overwhelming Mesos. Support the TASK_KILLING state available in Mesos 0.28.
• Support for authentication and authorization: It is now possible to authorize operations to applications in Marathon. The authentication service in DC/OS allows defining actions, that are allowed to perform on applications. Marathon will enforce those rules.

For the full set of changes, please refer to the Marathon release notes.

For more information about Mesosphere Enterprise DC/OS, check out our documentation site and the product website, or contact us. To learn more about our open source DC/OS community, visit its website at dcos.io.