DC/OS is composed of many open source microservice components meticulously tuned and configured to work together.
Mesosphere DC/OS Enterprise includes most of the open source DC/OS components but also includes several additional components, modules, and plugins.
From the top, DC/OS is a batteries-included container platform that handles container orchestration, package management, and security.
From the bottom, DC/OS is an operating system built on top of Apache Mesos that handles cluster management and software defined networking while simplifying logging and metrics collection.
DC/OS provides a way to view and operate a large number of individual machine-level systems as a single cluster-level system. It hides the complexity of Mesos, the distributed systems kernel, with higher level abstractions, interfaces, and tools. Cluster management is the core of that functionality, including the kernel, its dependencies, and its user interfaces.
Description: Mesos manages resources and tasks as a distributed systems kernel. Mesos Master exposes scheduler, executor, and operator interfaces to facilitate cluster management. Mesos Agent manages individual executors, tasks, and resources on each DC/OS agent node. Mesos Agent Public is a Mesos Agent configured to run on DC/OS public agent nodes.
Description: The DC/OS Installer (dcos_generate_config.ee.sh) generates install artifacts and installs DC/OS. As part of the install process on each node, the DC/OS Download service downloads the install artifacts from the bootstrap machine and the DC/OS Setup service installs components using the DC/OS Component Package Manager (Pkgpanda).
Container orchestration is the continuous, automated scheduling, coordination, and management of containerized processes and the resources they consume.
DC/OS includes built-in orchestration of the most commonly used high level container-based abstractions: jobs and services. Many use cases are handled directly by these basic abstractions, but they also enable the deployment of custom schedulers for tasks that require more flexible programmatic lifecycle management automation.
DC/OS Jobs (Metronome)
Container runtimes execute and manage machine level processes in isolated operating system level environments.
DC/OS supports multiple container runtimes using Mesos’ containerizer abstraction.
Universal Container Runtime
Description: Universal Container Runtime (Mesos Containerizer) is a logical component built-in to the Mesos Agent, not technically a separate process. It containerizes Mesos tasks with configurable isolators. Universal Container Runtime supports multiple image formats, including Docker images without using Docker Engine.
System Service(s): N/A - Universal Container Runtime is part of Mesos Agent.
Description: Docker Engine is not installed by the DC/OS Installer, but rather is a system dependency that runs on each node. Mesos Agent also includes a separate logical component called Docker Containerizer which delegates the containerization of Mesos task to Docker Engine.
docker.service- Docker Engine is not installed by the DC/OS installer.
NEW IN 1.9.0
Description: Docker GC periodically garbage collects Docker containers and images.
Logging and Metrics
No software runs perfectly, especially not the first time. Distribute tasks across a cluster and the normal patterns of analyzing and debugging these services become tedious and painful. So DC/OS includes several components to help ease the pain of debugging distributed systems by aggregating, caching, and streaming logs, metrics, and cluster state metadata.
DC/OS Network Metrics ENTERPRISE
Description: DC/OS Network Metrics exposes networking-related metrics. DC/OS Network Metrics is also known as the DC/OS Networking API.
- (Documentation Coming Soon)
DC/OS Diagnostics (3DT)
In a world where machines are are given numbers instead of names, tasks are scheduled automatically, dependencies are declaratively defined, and services run in distributed sets, network administration also needs to be elevated from plugging in cables to configuring software-defined networks. To accomplish this, DC/OS includes a fleet of networking components for routing, proxying, name resolution, virtual IPs, load balancing, and distributed reconfiguration.
Description: Admin Router exposes a unified control plane proxy for components and services using NGINX. Admin Router Agent proxies node-specific health, logs, metrics, and package management internal endpoints.
DNS Forwarder (Spartan)
Description: DNS Forwarder (Spartan) forwards DNS requests to multiple DNS servers. Spartan Watchdog restarts Spartan when it is unhealthy.
Description: Generate resolv.conf configures network name resolution by updating
/etc/resolv.conf to facilitate DC/OS's software defined networking.
Erlang Port Mapping Daemon (EPMD)
Description: Erlang Port Mapping Daemon (EPMD) facilitates communication between distributed Erlang programs.
Just as machine operating systems need package management to install, upgrade, configure, and remove individual applications and services, a datacenter operating system needs package management to do the same for distributed services. In DC/OS there are two levels of package management: machine-level for components; and cluster-level for user services.
DC/OS Package Manager (Cosmos)
DC/OS Component Package Manager (Pkgpanda)
EnterpriseIAM and Security
Identity and access management in DC/OS Enterprise is governed by an internal database of users, user groups, and permissions. External identity providers can also be attached to take advantage of existing databases. Permissions are enforced both at the edge by Admin Router’s reverse proxy and also at the component level for controlling access to specific actions. Secrets, like SSL certificates, can also be securely generated, managed, stored, and injected into user services.
DC/OS Identity and Access Manager (Bouncer)
Description: DC/OS Identity and Access Manager (Bouncer) controls access to DC/OS components and services by managing users, user groups, service accounts, permissions, and identity providers. In addition to managing a local user database, DC/OS IAM can delegate to external identity providers using LDAP, SAML, or Open ID Connect. For fine grained access control, other DC/OS components, like Mesos and Marathon, integrate with DC/OS IAM directly. DC/OS IAM is also known as Bouncer.
DC/OS Certificate Authority
Description: Vault is a tool for securely managing secrets. A secret is anything that you want to tightly control access to, such as API keys, passwords, certificates, and more. Vault provides a unified interface to any secret, while providing tight access control and recording a detailed audit log.
DC/OS provides multiple different ways to provision and allocate disk space and volumes to tasks. One of those methods, external persistent volumes, is managed by its own component.
Legacy Component Changes
The Cluster ID service was removed in DC/OS 1.9.0. The universally unique identifier (UUID) for each cluster is now generated by the DC/OS Setup service.
The Mesos Persistent Volume Discovery service was removed in DC/OS 1.9.0. Detection of mounted disk resources is now handled by the DC/OS Setup service.
Sockets and Timers
Several components are configured to use systemd sockets which allows them to be started on-demand when a request comes in, rather than running continuously and consuming resources unnecessarily. While these sockets are separate systemd units they are not considered separate components.
Several components are configured to use systemd timers which allows them to be periodically executed or restarted. Periodic execution avoids continuous execution and consuming resources unnecessarily. Periodic restarting allows for picking up new configurations from downstream dependencies, like time-based DNS cache expiration. While these timers are separate systemd units they are not considered separate components.
DC/OS components are installed, upgraded, and managed by DC/OS Component Package Manager (Pkgpanda), a package manager for systemd units.
To see the full list of packages managed by the DC/OS installer, see the packages directory of the DC/OS source repository.
Most DC/OS components run as systemd services on the DC/OS nodes.
To see a list of the systemd components running on any particular node, list the contents of the
/etc/systemd/system/dcos.target.wants/ directory or execute
systemctl | grep dcos- to see their current status.
[vagrant@m1 ~]ls /etc/systemd/system/dcos.target.wants/ dcos-3dt.service dcos-marathon.service dcos-3dt.socket dcos-mesos-dns.service dcos-adminrouter-reload.service dcos-mesos-master.service dcos-adminrouter-reload.timer dcos-metrics-master.service dcos-adminrouter.service dcos-metrics-master.socket dcos-bouncer.service dcos-metronome.service dcos-ca.service dcos-navstar.service dcos-cosmos.service dcos-networking_api.service dcos-epmd.service dcos-pkgpanda-api.service dcos-exhibitor.service dcos-pkgpanda-api.socket dcos-gen-resolvconf.service dcos-secrets.service dcos-gen-resolvconf.timer dcos-signal.service dcos-history.service dcos-signal.timer dcos-log-master.service dcos-spartan.service dcos-log-master.socket dcos-spartan-watchdog.service dcos-logrotate-master.service dcos-spartan-watchdog.timer dcos-logrotate-master.timer dcos-vault.service
Private Agent Node
[vagrant@a1 ~]ls /etc/systemd/system/dcos.target.wants/ dcos-3dt.service dcos-logrotate-agent.timer dcos-3dt.socket dcos-mesos-slave.service dcos-adminrouter-agent-reload.service dcos-metrics-agent.service dcos-adminrouter-agent-reload.timer dcos-metrics-agent.socket dcos-adminrouter-agent.service dcos-navstar.service dcos-docker-gc.service dcos-pkgpanda-api.service dcos-docker-gc.timer dcos-pkgpanda-api.socket dcos-epmd.service dcos-rexray.service dcos-gen-resolvconf.service dcos-signal.timer dcos-gen-resolvconf.timer dcos-spartan.service dcos-log-agent.service dcos-spartan-watchdog.service dcos-log-agent.socket dcos-spartan-watchdog.timer dcos-logrotate-agent.service
Public Agent Node
[vagrant@p1 ~]ls /etc/systemd/system/dcos.target.wants/ dcos-3dt.service dcos-logrotate-agent.timer dcos-3dt.socket dcos-mesos-slave-public.service dcos-adminrouter-agent-reload.service dcos-metrics-agent.service dcos-adminrouter-agent-reload.timer dcos-metrics-agent.socket dcos-adminrouter-agent.service dcos-navstar.service dcos-docker-gc.service dcos-pkgpanda-api.service dcos-docker-gc.timer dcos-pkgpanda-api.socket dcos-epmd.service dcos-rexray.service dcos-gen-resolvconf.service dcos-signal.timer dcos-gen-resolvconf.timer dcos-spartan.service dcos-log-agent.service dcos-spartan-watchdog.service dcos-log-agent.socket dcos-spartan-watchdog.timer dcos-logrotate-agent.service