Starting with Marathon 0.12, we allow you to extend Marathon functionality with plugins. The plugin mechanism has the following components:
A separate Marathon plugin interface jar is published in the following Maven repository with every Marathon release:
http://downloads.mesosphere.com/maven
with following dependency:
SBT:
"mesosphere.marathon" %% "plugin-interface" % "x.x.x" % "provided"
Maven:
<dependency>
<groupId>mesosphere.marathon</groupId>
<artifactId>plugin-interface_2.11</artifactId>
<version>x.x.x</version>
</dependency>
Be sure to always use the same version of the plugin interface as the version of Marathon in production.
To create an extension, you must implement an extension interface from the plugin interface and put it in a location available to Marathon so that it can be loaded by the ServiceLoader.
Marathon uses the ServiceLoader to make a service provider available to a running Marathon instance. For background information on that topic, please see Creating Extensible Applications.
The writer of the plugin can define dependencies on other libraries and use those dependencies if following requirements are met:
sbt dependencyTree
. Such a dependency should be defined as provided
in your build tool of choice.
Please make sure, you use the exact same version as Marathon!compile
dependency in your build tool of choice.Dependent libraries that are not already provided by Marathon have to be shipped along with the plugin itself.
The plugin has to be compiled and packaged as jar
file.
Inside that jar file the ServiceLoader-specific provider-configuration file needs to be included.
Marathon uses slf4j
for logging. If you use these logger classes, all log statements will be included in Marathon’s log.
Since the plugin mechanism in Marathon relies on the ServiceLoader
, the plugin class has to implement a default constructor.
To pass a certain configuration to the plugin, you can use whatever functionality you like.
We built one optional way to pass a configuration to your plugin. The PluginConfiguration interface passes the configuration from the plugin descriptor to every created instance of that plugin before any other method is called.
You can also extend Marathon with a set of several plugins. You must provide a plugin descriptor to make sure you are using only valid combinations of plugins. The descriptor defines which plugin interface is extended by which service provider. Marathon will load this descriptor with all defined plugins during startup.
plugin
(required): the name of the plugin interface.implementation
(required): the name of the implementing class.enabled
(optional): disable or enable plugin. By default plugin is enabled.configuration
(optional): configuration that is available to the plugin via the PluginConfiguration trait.tags
(optional): meta data attached to this plugin as simple strings.info
(optional): meta data attached to this plugin as key/value pair.Example:
{
"plugins": {
"authorizer": {
"plugin": "mesosphere.marathon.plugin.auth.Authorizer",
"implementation": "my.company.ExampleAuthorizer",
"tags": ["some", "tag"],
"info": {
"some": "info"
}
},
"authenticator": {
"plugin": "mesosphere.marathon.plugin.auth.Authenticator",
"implementation": "my.company.ExampleAuthenticator",
"enabled": false,
"configuration": {
"users": [
{
"user": "ernie",
"password" : "ernie",
"permissions": [
{ "allowed": "create", "on": "/dev/" }
]
}
]
}
}
}
}
The configuration attribute is optional. If you provide it, the JSON object will be passed to the plugin as-is.
In order to make your plugins available to Marathon you have to:
Start Marathon with this options:
--plugin_dir path
where path is the directory in which the plugin jars are stored.--plugin_conf conf.json
where conf.json is the full path of the plugin configuration file.The security plugins are interceptors on the HTTP REST endpoint. The plugins will be in a multi-threaded environment invoked for each HTTP request. The execution time of the HTTP request (which includes the plugin) must be within the configured timeout. By default this is 10 seconds.
Marathon exposes an HTTP REST API. To make sure only authenticated identities can access the system, the plugin developer must implement the Authenticator interface. This interface relies purely on the HTTP Layer. Please see the Authenticator trait for documentation, as well as the Example Scala Plugin or the Example Java Plugin.
This plugin works along with the Authentication plugin. With this interface you can refine which actions an authenticated identity can perform on Marathon’s resources. Please see the Authorizer trait for documentation as well as Example Scala Plugin or the Example Java Plugin.
This plugin allows for the modification of an app TaskInfo or the pod TaskGroupInfo. This could be used to modify the runSpec by adding labels or to enforce the use of a custom executor. Please see the RunSpecTaskProcessor trait for documentation as well as Example Scala Plugin.
When working with the RunSpecTaskProcessor
is best to be familiar with ProtocolBuffers and the Apache Mesos org.apache.mesos.Protos.TaskInfo
This plugin allow for the validation of an app or pod at the time the runspec is added or updated. This allows for the enforcement of specific rules on the runspec.
Please see the RunSpecValidator trait for documentation as well as Example Scala Plugin.
Marathon and the RunSpecValidator
use the Accord validation library which is useful to understand when creating validator rules.
This plugin allows to reject offers. Possible use-cases are: