DC/OS 1.9.8 was released on March 28, 2018.
Issues Fixed in DC/OS 1.9.8
- COPS-1879 - Fixed a failure to kill a docker task in staging.
- DCOS-20631 - Fixed deadlock in the go-zookeeper library which can lead to an outage of the DC/OS Secrets service. Enterprise
- DCOS-21002 - Fixed Marathon’s authorization logic to support the ‘full’ action. Enterprise
- DCOS-21451 - Fixed a bug where the Admin Router would not pick up Mesos leader changes (leading to unexpected 404 HTTP responses when using the service endpoint).
Notable Changes in DC/OS 1.9.8
- Updated to Metronome 0.3.5 (changelog).
Issues Fixed in DC/OS 1.9.7
- CORE-1375 - Docker executor no longer hangs due to lost messages.
- DCOS-19893 - Reduced number of threads to 18 and set dump_log_write_threshold to 10, reducing startup time for dcos-net.
- DCOS-20158 - Updated marked npm package to address two security vulnerabilities: CVE-2017-17461 and CVE-2017-1000427.
- DCOS_OSS-1943 - Changed the LIBPROCESS_NUM_WORKER_THREADS environment variable from 8 to 16, to increase the minimum number of librocess worker threads.
- DCOS_OSS-2003 - Modified DC/OS overlay networking to work with systemd networkd.
Notable Changes in DC/OS 1.9.7
- Updated to Mesos 1.2.3 (changelog).
- Updated to Marathon 1.4.11 (changelog).
- Updated to Metronome 0.3.2 (changelog).
Issues Fixed in DC/OS 1.9.6
- COPS-980 - Marathon’s default task unreachable behavior reinstated.
- DCOS-17947 -
cluster_docker_credentials
example corrected. - DCOS-19217 - Metronome adheres to crontab standard.
- DCOS-19453 - TLS compression disabled because TLS is vulnerable to the CRIME attack. Enterprise
- DCOS-19508 - Non-superusers can now edit an app that uses secrets. Enterprise
- DOCS-2130 - Security hardening guide improvements. Enterprise
- DOCS-2153 - Metrics documentation improvements.
Notable Changes in DC/OS 1.9.6
- Latest Mesos 1.2.x integrated (f8706e5).
- Marathon 1.4.9 integrated.
- Open SSL 1.0.2m integrated.
- Latest JDK 8 integrated.
Issues Fixed in DC/OS 1.9.5
- CORE-1292 - Remove the systemd prereq requirement of
leader.mesos
for Mesos agent. - DOCS-2077 - DC/OS 1.9 Custom Installation documentation: clarified where the
opt/mesosphere
directory must be. - DCOS-18830 - Dashboard CPU allocation not rounding correctly.
- DCOS-18350 - DC/OS IAM (Bouncer): set TMPDIR to
/var/lib/dcos/bouncer/tmp
. This allows/tmp
, and other directories, to be mounted asnoexec
. - DCOS_OSS-1574 - Navstar updated due to crashes on Core OS 1465+.
- MARATHON-7576 - Change default
UnreachableStrategy
to0,0
.
About DC/OS 1.9
DC/OS 1.9 includes many new capabilities for Operators, and expands the collection of Data and Developer Services with a focus on:
- Tools for Production Operations - Monitoring and troubleshooting for distributed apps.
- Broader Workload Support - From traditional apps to machine learning.
- Security - New CLI capabilities, enhanced LDAP support, and many small improvements. Enterprise
- New data and developer services.
Contents
Breaking Changes
The DC/OS Identity and Access Management (IAM) SAML service provider implementation no longer accepts transient subject NameIDs.
What’s New
Apache Mesos 1.2.2 and Marathon 1.4.8 integrated
- Marathon 1.4.8 release notes.
- Apache Mesos 1.2.2 CHANGELOG. We also include patches from the forthcoming Apache Mesos 1.2.3.
Container Orchestration
Added support for pods, GPUs, and made significant scalability improvements.
Preview
PodsMultiple co-located containers per instance, scheduled on the same host. For more information, see the documentation.
Preview
GPU- Leverage GPUs to run novel algorithms.
- Because DC/OS GPU support is compatible with nvidia-docker, you can test locally with nvidia-docker and then deploy to production with DC/OS.
- Allocate GPUs on a per container basis, including isolation guarantees
For more information, see the documentation.
DC/OS Monitoring and Operations
Preview
Remote Process Injection for DebuggingThe new dcos task exec
command allows you to remotely execute a process inside the container of a deployed Mesos task, providing the following features.
- An optional
--interactive
flag for interactive sessions. - Attach to a remote pseudoterminal (aka PTY) inside a container via the optional
--tty
flag. - Combine the
--interactive
and--tty
flags to launch an interactive bash session or to runtop
and see the resource usage of your container in real time.
For more information, see the debugging documentation.
Preview
LoggingStream task and system logs to journald by setting the mesos_container_log_sink
install-time parameter to journald
or journald+logrotate
. This allows you to:
- Include task metadata like container ID in your queries to more easily locate the logs that you want.
- Use the new DC/OS CLI commands
dcos node log
anddcos task log
to query logs. You can also make HTTP requests directly against the new Logging API. - Set up log aggregation solutions such as Logstash to get logs into their aggregated storage solutions.
For more information, see the documentation.
Preview
Metrics- Node-level HTTP API that returns metrics from tasks, cgroup allocations per container, and host level metrics such as load and memory allocation.
- StatsD endpoint in every container for forwarding metrics to the DC/OS metrics service. This service is what exposes the HTTP API.
- Any metric sent to STATSD_UDP_HOST/PORT is available in the HTTP API’s
/container/<container_id>/app
endpoint.
For more information, see the documentation.
Tool for Troubleshooting Service Deployment Failures
-
The new service deployment troubleshooting tool allows you to find out why your applications aren’t starting from the GUI and CLI.
Improved GUI
-
New look and feel and improved navigation.
-
Usability improvements to the service create workflow.
Networking Services
- CNI support for 3rd party CNI plugins.
- Performance improvements across all networking features.
Enterprise
Security and Governance-
DC/OS Identity and Access Management (IAM) highlights: Enterprise
- LDAP group import: support importing
posixGroup
objects according to RFC2307 and RFC2307bis, and ensure compatibility with FreeIPA and OpenLDAP. Enterprise - SAML 2.0: ensure that the authentication flow works against Shibboleth and improve compatibility with a wide range of identity provider configurations. Enterprise
- OpenID Connect: ensure that the authentication flow works against dex as well as against Azure Active Directory, and allow for customizing the identity provider certificate verification in back-channel communication. Enhance configuration validation for a better user experience. Enterprise
- LDAP group import: support importing
-
DC/OS CLI highlights: Enterprise
- Support single sign-on authentication via OpenID Connect and SAML 2.0 against the DC/OS IAM. Enterprise
- Support authentication with service account credentials. Enterprise
-
Introduce various secrets improvements (for more information, see the secrets documentation). Enterprise
-
Security hardening across the platform, including Mesos, Marathon, and Admin Router. Enterprise
Developer Services
-
Jenkins
- The Jenkins DC/OS service will now work with DC/OS clusters in strict mode. Enterprise
- Marathon plugin now supports service accounts, allowing easy automated and secure deploys to DC/OS clusters. Enterprise
Other Improvements
DC/OS Internals
- Update DC/OS internal JDK to 8u112 for security fixes.
- Update DC/OS internal Python from 3.4 to 3.5. Enterprise
- The
dcos_generate_config.sh --aws-cloudformation
command will now determine the region of the s3 bucket automatically, preventing region mistakes. - Added
dcos-shell
which activates the DC/OS environment for running other DC/OS command line tools. Enterprise - Added the
reset-superuser
script which attempts to create or restore superuser privileges for a given DC/OS user. Enterprise
Enterprise
Expanded OS Support- If you install DC/OS 1.9 using the GUI or CLI installation methods, your system will be automatically upgraded to the latest version of CentOS.
- CoreOS 1235.12.0.
Enterprise
Expanded Docker Engine Support- Docker 1.12 and 1.13 are now supported. Docker 1.13 is the default version.
Enterprise
UpgradesImproved upgrade tooling and experience for on-premise installations. Upgrades now use internal DC/OS APIs to ensure nodes can be upgraded with minimal disruption to running DC/OS services on a node. The upgrade procedure has also been simplified to improve user experience.
For more information, see the documentation.
Known Issues and Limitations
-
DCOS_OSS-691 - DNS becomes unavailable during DC/OS version upgrades.
-
DCOS-14005 - Marathon-LB does not support pods.
-
DCOS-14021 - Task logging to journald disabled by default, so task logs will continue to be written to their sandboxes, and logrotated out. The
dcos task log
command will work as it did before. -
DCOS-16737 - You cannot generate and publish AWS Advanced Templates to AWS GovCloud regions. Enterprise When running the command
dcos_generate_config.ee.sh --aws-cloudformation
with GovCloud credentials you will see an error similar to this:$ ./dcos_generate_config.sh --aws-cloudformation ====> EXECUTING AWS CLOUD FORMATION TEMPLATE GENERATION Generating configuration files... Starting new HTTPS connection (1): s3.amazonaws.com aws_template_storage_region_name: Unable to determine region location of s3 bucket testbucket: An error occurred (InvalidAccessKeyId) when calling the GetBucketLocation operation: The AWS Access Key Id you provided does not exist in our records.
-
Marathon-7133 - Marathon application history is lost after Marathon restart.
-
CORE-1191 - The Mesos master’s event queue can get backlogged with the default settings, causing performance problems. These can be mitigated by setting the following configuration parameter in your
config.yaml
file at install time. See the Configuration Reference for more information. Note: Lowering this parameter also reduces the number of tasks per framework that thedcos task
subcommands can access for debugging. If you run a framework with many short tasks, such as Spark, you may not want to reduce this value.mesos_max_completed_tasks_per_framework: 20