MesosphereDC/OS Docs

Release Notes for 1.9.8

DC/OS 1.9.8 was released on March 28, 2018.

Issues Fixed in DC/OS 1.9.8

  • COPS-1879 - Fixed a failure to kill a docker task in staging.
  • DCOS-20631 - Fixed deadlock in the go-zookeeper library which can lead to an outage of the DC/OS Secrets service. Enterprise
  • DCOS-21002 - Fixed Marathon’s authorization logic to support the ‘full’ action. Enterprise
  • DCOS-21451 - Fixed a bug where the Admin Router would not pick up Mesos leader changes (leading to unexpected 404 HTTP responses when using the service endpoint).

Notable Changes in DC/OS 1.9.8

Issues Fixed in DC/OS 1.9.7

  • CORE-1375 - Docker executor no longer hangs due to lost messages.
  • DCOS-19893 - Reduced number of threads to 18 and set dump_log_write_threshold to 10, reducing startup time for dcos-net.
  • DCOS-20158 - Updated marked npm package to address two security vulnerabilities: CVE-2017-17461 and CVE-2017-1000427.
  • DCOS_OSS-1943 - Changed the LIBPROCESS_NUM_WORKER_THREADS environment variable from 8 to 16, to increase the minimum number of librocess worker threads.
  • DCOS_OSS-2003 - Modified DC/OS overlay networking to work with systemd networkd.

Notable Changes in DC/OS 1.9.7

Issues Fixed in DC/OS 1.9.6

  • COPS-980 - Marathon’s default task unreachable behavior reinstated.
  • DCOS-17947 - cluster_docker_credentials example corrected.
  • DCOS-19217 - Metronome adheres to crontab standard.
  • DCOS-19453 - TLS compression disabled because TLS is vulnerable to the CRIME attack. Enterprise
  • DCOS-19508 - Non-superusers can now edit an app that uses secrets. Enterprise
  • DOCS-2130 - Security hardening guide improvements. Enterprise
  • DOCS-2153 - Metrics documentation improvements.

Notable Changes in DC/OS 1.9.6

Issues Fixed in DC/OS 1.9.5

  • CORE-1292 - Remove the systemd prereq requirement of leader.mesos for Mesos agent.
  • DOCS-2077 - DC/OS 1.9 Custom Installation documentation: clarified where the opt/mesosphere directory must be.
  • DCOS-18830 - Dashboard CPU allocation not rounding correctly.
  • DCOS-18350 - DC/OS IAM (Bouncer): set TMPDIR to /var/lib/dcos/bouncer/tmp. This allows /tmp, and other directories, to be mounted as noexec.
  • DCOS_OSS-1574 - Navstar updated due to crashes on Core OS 1465+.
  • MARATHON-7576 - Change default UnreachableStrategy to 0,0.

About DC/OS 1.9

DC/OS 1.9 includes many new capabilities for Operators, and expands the collection of Data and Developer Services with a focus on:

  • Tools for Production Operations - Monitoring and troubleshooting for distributed apps.
  • Broader Workload Support - From traditional apps to machine learning.
  • Security - New CLI capabilities, enhanced LDAP support, and many small improvements. Enterprise
  • New data and developer services.

Contents

Breaking Changes

The DC/OS Identity and Access Management (IAM) SAML service provider implementation no longer accepts transient subject NameIDs.

What’s New

Apache Mesos 1.2.2 and Marathon 1.4.8 integrated

  • Marathon 1.4.8 release notes.
  • Apache Mesos 1.2.2 CHANGELOG. We also include patches from the forthcoming Apache Mesos 1.2.3.

Container Orchestration

Added support for pods, GPUs, and made significant scalability improvements.

Pods Preview

Multiple co-located containers per instance, scheduled on the same host. For more information, see the documentation.

GPU Preview

  • Leverage GPUs to run novel algorithms.
  • Because DC/OS GPU support is compatible with nvidia-docker, you can test locally with nvidia-docker and then deploy to production with DC/OS.
  • Allocate GPUs on a per container basis, including isolation guarantees

For more information, see the documentation.

DC/OS Monitoring and Operations

Remote Process Injection for Debugging Preview

The new dcos task exec command allows you to remotely execute a process inside the container of a deployed Mesos task, providing the following features.

  • An optional --interactive flag for interactive sessions.
  • Attach to a remote pseudoterminal (aka PTY) inside a container via the optional --tty flag.
  • Combine the --interactive and --tty flags to launch an interactive bash session or to run top and see the resource usage of your container in real time.

For more information, see the debugging documentation.

Logging Preview

Stream task and system logs to journald by setting the mesos_container_log_sink install-time parameter to journald or journald+logrotate. This allows you to:

  • Include task metadata like container ID in your queries to more easily locate the logs that you want.
  • Use the new DC/OS CLI commands dcos node log and dcos task log to query logs. You can also make HTTP requests directly against the new Logging API.
  • Set up log aggregation solutions such as Logstash to get logs into their aggregated storage solutions.

For more information, see the documentation.

Metrics Preview

  • Node-level HTTP API that returns metrics from tasks, cgroup allocations per container, and host level metrics such as load and memory allocation.
  • StatsD endpoint in every container for forwarding metrics to the DC/OS metrics service. This service is what exposes the HTTP API.
  • Any metric sent to STATSD_UDP_HOST/PORT is available in the HTTP API’s /container/<container_id>/app endpoint.

For more information, see the documentation.

Tool for Troubleshooting Service Deployment Failures

  • The new service deployment troubleshooting tool allows you to find out why your applications aren’t starting from the GUI and CLI.

    Service deploy GUI

Improved GUI

  • New look and feel and improved navigation.

    New GUI

  • Usability improvements to the service create workflow.

    Improved GUI

Networking Services

  • CNI support for 3rd party CNI plugins.
  • Performance improvements across all networking features.

Security and Governance Enterprise

  • DC/OS Identity and Access Management (IAM) highlights: Enterprise

    • LDAP group import: support importing posixGroup objects according to RFC2307 and RFC2307bis, and ensure compatibility with FreeIPA and OpenLDAP. Enterprise
    • SAML 2.0: ensure that the authentication flow works against Shibboleth and improve compatibility with a wide range of identity provider configurations. Enterprise
    • OpenID Connect: ensure that the authentication flow works against dex as well as against Azure Active Directory, and allow for customizing the identity provider certificate verification in back-channel communication. Enhance configuration validation for a better user experience. Enterprise

  • DC/OS CLI highlights: Enterprise

    • Support single sign-on authentication via OpenID Connect and SAML 2.0 against the DC/OS IAM. Enterprise
    • Support authentication with service account credentials. Enterprise

  • Introduce various secrets improvements (for more information, see the secrets documentation). Enterprise

  • Security hardening across the platform, including Mesos, Marathon, and Admin Router. Enterprise

Developer Services

  • Jenkins

    • The Jenkins DC/OS service will now work with DC/OS clusters in strict mode. Enterprise
    • Marathon plugin now supports service accounts, allowing easy automated and secure deploys to DC/OS clusters. Enterprise

Other Improvements

DC/OS Internals

  • Update DC/OS internal JDK to 8u112 for security fixes.
  • Update DC/OS internal Python from 3.4 to 3.5. Enterprise
  • The dcos_generate_config.sh --aws-cloudformation command will now determine the region of the s3 bucket automatically, preventing region mistakes.
  • Added dcos-shell which activates the DC/OS environment for running other DC/OS command line tools. Enterprise
  • Added the reset-superuser script which attempts to create or restore superuser privileges for a given DC/OS user. Enterprise

Expanded OS Support Enterprise

Expanded Docker Engine Support Enterprise

  • Docker 1.12 and 1.13 are now supported. Docker 1.13 is the default version.

Upgrades Enterprise

Improved upgrade tooling and experience for on-premise installations. Upgrades now use internal DC/OS APIs to ensure nodes can be upgraded with minimal disruption to running DC/OS services on a node. The upgrade procedure has also been simplified to improve user experience.

For more information, see the documentation.

Known Issues and Limitations

  • DCOS_OSS-691 - DNS becomes unavailable during DC/OS version upgrades.

  • DCOS-14005 - Marathon-LB does not support pods.

  • DCOS-14021 - Task logging to journald disabled by default, so task logs will continue to be written to their sandboxes, and logrotated out. The dcos task log command will work as it did before.

  • DCOS-16737 - You cannot generate and publish AWS Advanced Templates to AWS GovCloud regions. Enterprise When running the command dcos_generate_config.ee.sh --aws-cloudformation with GovCloud credentials you will see an error similar to this:

    $ ./dcos_generate_config.sh --aws-cloudformation
====> EXECUTING AWS CLOUD FORMATION TEMPLATE GENERATION
Generating configuration files...
Starting new HTTPS connection (1): s3.amazonaws.com
aws_template_storage_region_name: Unable to determine region location of s3 bucket testbucket: An error occurred (InvalidAccessKeyId) when calling the GetBucketLocation operation: The AWS Access Key Id you provided does not exist in our records.

  • Marathon-7133 - Marathon application history is lost after Marathon restart.

  • CORE-1191 - The Mesos master’s event queue can get backlogged with the default settings, causing performance problems. These can be mitigated by setting the following configuration parameter in your config.yaml file at install time. See the Configuration Reference for more information. Note: Lowering this parameter also reduces the number of tasks per framework that the dcos task subcommands can access for debugging. If you run a framework with many short tasks, such as Spark, you may not want to reduce this value.

    mesos_max_completed_tasks_per_framework: 20