--- layout: global title: Running Spark on Mesos --- * This will become a table of contents (this text will be scraped). {:toc} Spark can run on hardware clusters managed by [Apache Mesos](http://mesos.apache.org/). The advantages of deploying Spark with Mesos include: - dynamic partitioning between Spark and other [frameworks](https://mesos.apache.org/documentation/latest/frameworks/) - scalable partitioning between multiple instances of Spark # Security Security in Spark is OFF by default. This could mean you are vulnerable to attack by default. Please see [Spark Security](security.html) and the specific security sections in this doc before running Spark. # How it Works In a standalone cluster deployment, the cluster manager in the below diagram is a Spark master instance. When using Mesos, the Mesos master replaces the Spark master as the cluster manager.
Now when a driver creates a job and starts issuing tasks for scheduling, Mesos determines what machines handle what tasks. Because it takes into account other frameworks when scheduling these many short-lived tasks, multiple frameworks can coexist on the same cluster without resorting to a static partitioning of resources. To get started, follow the steps below to install Mesos and deploy Spark jobs via Mesos. # Installing Mesos Spark {{site.SPARK_VERSION}} is designed for use with Mesos {{site.MESOS_VERSION}} or newer and does not require any special patches of Mesos. File and environment-based secrets support requires Mesos 1.3.0 or newer. If you already have a Mesos cluster running, you can skip this Mesos installation step. Otherwise, installing Mesos for Spark is no different than installing Mesos for use by other frameworks. You can install Mesos either from source or using prebuilt packages. ## From Source To install Apache Mesos from source, follow these steps: 1. Download a Mesos release from a [mirror](http://www.apache.org/dyn/closer.lua/mesos/{{site.MESOS_VERSION}}/) 2. Follow the Mesos [Getting Started](http://mesos.apache.org/getting-started) page for compiling and installing Mesos **Note:** If you want to run Mesos without installing it into the default paths on your system (e.g., if you lack administrative privileges to install it), pass the `--prefix` option to `configure` to tell it where to install. For example, pass `--prefix=/home/me/mesos`. By default the prefix is `/usr/local`. ## Third-Party Packages The Apache Mesos project only publishes source releases, not binary packages. But other third party projects publish binary releases that may be helpful in setting Mesos up. One of those is Mesosphere. To install Mesos using the binary releases provided by Mesosphere: 1. Download Mesos installation package from [downloads page](https://open.mesosphere.com/downloads/mesos/) 2. Follow their instructions for installation and configuration The Mesosphere installation documents suggest setting up ZooKeeper to handle Mesos master failover, but Mesos can be run without ZooKeeper using a single master as well. ## Verification To verify that the Mesos cluster is ready for Spark, navigate to the Mesos master webui at port `:5050` Confirm that all expected machines are present in the slaves tab. # Connecting Spark to Mesos To use Mesos from Spark, you need a Spark binary package available in a place accessible by Mesos, and a Spark driver program configured to connect to Mesos. Alternatively, you can also install Spark in the same location in all the Mesos slaves, and configure `spark.mesos.executor.home` (defaults to SPARK_HOME) to point to that location. ## Authenticating to Mesos When Mesos Framework authentication is enabled it is necessary to provide a principal and secret by which to authenticate Spark to Mesos. Each Spark job will register with Mesos as a separate framework. Depending on your deployment environment you may wish to create a single set of framework credentials that are shared across all users or create framework credentials for each user. Creating and managing framework credentials should be done following the Mesos [Authentication documentation](http://mesos.apache.org/documentation/latest/authentication/). Framework credentials may be specified in a variety of ways depending on your deployment environment and security requirements. The most simple way is to specify the `spark.mesos.principal` and `spark.mesos.secret` values directly in your Spark configuration. Alternatively you may specify these values indirectly by instead specifying `spark.mesos.principal.file` and `spark.mesos.secret.file`, these settings point to files containing the principal and secret. These files must be plaintext files in UTF-8 encoding. Combined with appropriate file ownership and mode/ACLs this provides a more secure way to specify these credentials. Additionally, if you prefer to use environment variables you can specify all of the above via environment variables instead, the environment variable names are simply the configuration settings uppercased with `.` replaced with `_` e.g. `SPARK_MESOS_PRINCIPAL`. ### Credential Specification Preference Order Please note that if you specify multiple ways to obtain the credentials then the following preference order applies. Spark will use the first valid value found and any subsequent values are ignored: - `spark.mesos.principal` configuration setting - `SPARK_MESOS_PRINCIPAL` environment variable - `spark.mesos.principal.file` configuration setting - `SPARK_MESOS_PRINCIPAL_FILE` environment variable An equivalent order applies for the secret. Essentially we prefer the configuration to be specified directly rather than indirectly by files, and we prefer that configuration settings are used over environment variables. ### Deploy to a Mesos running on Secure Sockets If you want to deploy a Spark Application into a Mesos cluster that is running in a secure mode there are some environment variables that need to be set. - `LIBPROCESS_SSL_ENABLED=true` enables SSL communication - `LIBPROCESS_SSL_VERIFY_CERT=false` verifies the ssl certificate - `LIBPROCESS_SSL_KEY_FILE=pathToKeyFile.key` path to key - `LIBPROCESS_SSL_CERT_FILE=pathToCRTFile.crt` the certificate file to be used All options can be found at http://mesos.apache.org/documentation/latest/ssl/ Then submit happens as described in Client mode or Cluster mode below ## Uploading Spark Package When Mesos runs a task on a Mesos slave for the first time, that slave must have a Spark binary package for running the Spark Mesos executor backend. The Spark package can be hosted at any Hadoop-accessible URI, including HTTP via `http://`, [Amazon Simple Storage Service](http://aws.amazon.com/s3) via `s3n://`, or HDFS via `hdfs://`. To use a precompiled package: 1. Download a Spark binary package from the Spark [download page](https://spark.apache.org/downloads.html) 2. Upload to hdfs/http/s3 To host on HDFS, use the Hadoop fs put command: `hadoop fs -put spark-{{site.SPARK_VERSION}}.tar.gz /path/to/spark-{{site.SPARK_VERSION}}.tar.gz` Or if you are using a custom-compiled version of Spark, you will need to create a package using the `dev/make-distribution.sh` script included in a Spark source tarball/checkout. 1. Download and build Spark using the instructions [here](index.html) 2. Create a binary package using `./dev/make-distribution.sh --tgz`. 3. Upload archive to http/s3/hdfs ## Using a Mesos Master URL The Master URLs for Mesos are in the form `mesos://host:5050` for a single-master Mesos cluster, or `mesos://zk://host1:2181,host2:2181,host3:2181/mesos` for a multi-master Mesos cluster using ZooKeeper. ## Client Mode In client mode, a Spark Mesos framework is launched directly on the client machine and waits for the driver output. The driver needs some configuration in `spark-env.sh` to interact properly with Mesos: 1. In `spark-env.sh` set some environment variables: * `export MESOS_NATIVE_JAVA_LIBRARY=
Property Name | Default | Meaning |
---|---|---|
spark.mesos.coarse |
true |
If set to true , runs over Mesos clusters in "coarse-grained" sharing mode, where Spark acquires one long-lived Mesos task on each machine.
If set to false , runs over Mesos cluster in "fine-grained" sharing mode, where one Mesos task is created per Spark task.
Detailed information in 'Mesos Run Modes'.
|
spark.mesos.extra.cores |
0 |
Set the extra number of cores for an executor to advertise. This does not result in more cores allocated. It instead means that an executor will "pretend" it has more cores, so that the driver will send it more tasks. Use this to increase parallelism. This setting is only used for Mesos coarse-grained mode. |
spark.mesos.mesosExecutor.cores |
1.0 |
(Fine-grained mode only) Number of cores to give each Mesos executor. This does not include the cores used to run the Spark tasks. In other words, even if no Spark task is being run, each Mesos executor will occupy the number of cores configured here. The value can be a floating point number. |
spark.mesos.executor.docker.image |
(none) |
Set the name of the docker image that the Spark executors will run in. The selected
image must have Spark installed, as well as a compatible version of the Mesos library.
The installed path of Spark in the image can be specified with spark.mesos.executor.home ;
the installed path of the Mesos library can be specified with spark.executorEnv.MESOS_NATIVE_JAVA_LIBRARY .
|
spark.mesos.executor.docker.forcePullImage |
false |
Force Mesos agents to pull the image specified in spark.mesos.executor.docker.image .
By default Mesos agents will not pull images they already have cached.
|
spark.mesos.executor.docker.parameters |
(none) |
Set the list of custom parameters which will be passed into the docker run command when launching the Spark executor on Mesos using the docker containerizer. The format of this property is a comma-separated list of
key/value pairs. Example:
key1=val1,key2=val2,key3=val3 |
spark.mesos.executor.docker.volumes |
(none) |
Set the list of volumes which will be mounted into the Docker image, which was set using
spark.mesos.executor.docker.image . The format of this property is a comma-separated list of
mappings following the form passed to docker run -v . That is they take the form:
[host_path:]container_path[:ro|:rw] |
spark.mesos.task.labels |
(none) | Set the Mesos labels to add to each task. Labels are free-form key-value pairs. Key-value pairs should be separated by a colon, and commas used to list more than one. If your label includes a colon or comma, you can escape it with a backslash. Ex. key:value,key2:a\:b. |
spark.mesos.executor.home |
driver side SPARK_HOME |
Set the directory in which Spark is installed on the executors in Mesos. By default, the
executors will simply use the driver's Spark home directory, which may not be visible to
them. Note that this is only relevant if a Spark binary package is not specified through
spark.executor.uri .
|
spark.mesos.executor.memoryOverhead |
executor memory * 0.10, with minimum of 384 |
The amount of additional memory, specified in MiB, to be allocated per executor. By default,
the overhead will be larger of either 384 or 10% of spark.executor.memory . If set,
the final overhead will be this value.
|
spark.mesos.uris |
(none) | A comma-separated list of URIs to be downloaded to the sandbox when driver or executor is launched by Mesos. This applies to both coarse-grained and fine-grained mode. |
spark.mesos.principal |
(none) | Set the principal with which Spark framework will use to authenticate with Mesos. You can also specify this via the environment variable `SPARK_MESOS_PRINCIPAL`. |
spark.mesos.principal.file |
(none) | Set the file containing the principal with which Spark framework will use to authenticate with Mesos. Allows specifying the principal indirectly in more security conscious deployments. The file must be readable by the user launching the job and be UTF-8 encoded plaintext. You can also specify this via the environment variable `SPARK_MESOS_PRINCIPAL_FILE`. |
spark.mesos.secret |
(none) | Set the secret with which Spark framework will use to authenticate with Mesos. Used, for example, when authenticating with the registry. You can also specify this via the environment variable `SPARK_MESOS_SECRET`. |
spark.mesos.secret.file |
(none) | Set the file containing the secret with which Spark framework will use to authenticate with Mesos. Used, for example, when authenticating with the registry. Allows for specifying the secret indirectly in more security conscious deployments. The file must be readable by the user launching the job and be UTF-8 encoded plaintext. You can also specify this via the environment variable `SPARK_MESOS_SECRET_FILE`. |
spark.mesos.role |
* |
Set the role of this Spark framework for Mesos. Roles are used in Mesos for reservations and resource weight sharing. |
spark.mesos.constraints |
(none) |
Attribute-based constraints on mesos resource offers. By default, all resource offers will be accepted. This setting
applies only to executors. Refer to Mesos
Attributes & Resources for more information on attributes.
|
spark.mesos.driver.constraints |
(none) |
Same as spark.mesos.constraints except applied to drivers when launched through the dispatcher. By default,
all offers with sufficient resources will be accepted.
|
spark.mesos.containerizer |
docker |
This only affects docker containers, and must be one of "docker" or "mesos". Mesos supports two types of containerizers for docker: the "docker" containerizer, and the preferred "mesos" containerizer. Read more here: http://mesos.apache.org/documentation/latest/container-image/ |
spark.mesos.driver.webui.url |
(none) |
Set the Spark Mesos driver webui_url for interacting with the framework. If unset it will point to Spark's internal web UI. |
spark.mesos.driver.labels |
(none) |
Mesos labels to add to the driver. See spark.mesos.task.labels
for formatting information.
|
spark.mesos.driver.secret.values ,
spark.mesos.driver.secret.names ,
spark.mesos.executor.secret.values ,
spark.mesos.executor.secret.names ,
|
(none) |
A secret is specified by its contents and destination. These properties specify a secret's contents. To specify a secret's destination, see the cell below. You can specify a secret's contents either (1) by value or (2) by reference.
(1) To specify a secret by value, set the
spark.mesos.driver.secret.values=guessme
(2) To specify a secret that has been placed in a secret store
by reference, specify its name within the secret store
by setting the spark.mesos.driver.secret.names=password Note: To use a secret store, make sure one has been integrated with Mesos via a custom SecretResolver module. To specify multiple secrets, provide a comma-separated list: spark.mesos.driver.secret.values=guessme,passwd123or spark.mesos.driver.secret.names=password1,password2 |
spark.mesos.driver.secret.envkeys ,
spark.mesos.driver.secret.filenames ,
spark.mesos.executor.secret.envkeys ,
spark.mesos.executor.secret.filenames ,
|
(none) |
A secret is specified by its contents and destination. These properties specify a secret's destination. To specify a secret's contents, see the cell above. You can specify a secret's destination in the driver or executors as either (1) an environment variable or (2) as a file.
(1) To make an environment-based secret, set the
spark.mesos.driver.secret.envkeys=PASSWORD
(2) To make a file-based secret, set the
spark.mesos.driver.secret.filenames=pwdfile Paths are relative to the container's work directory. Absolute paths must already exist. Note: File-based secrets require a custom SecretResolver module. To specify env vars or file names corresponding to multiple secrets, provide a comma-separated list: spark.mesos.driver.secret.envkeys=PASSWORD1,PASSWORD2or spark.mesos.driver.secret.filenames=pwdfile1,pwdfile2 |
spark.mesos.driverEnv.[EnvironmentVariableName] |
(none) |
This only affects drivers submitted in cluster mode. Add the environment variable specified by EnvironmentVariableName to the driver process. The user can specify multiple of these to set multiple environment variables. |
spark.mesos.dispatcher.webui.url |
(none) |
Set the Spark Mesos dispatcher webui_url for interacting with the framework. If unset it will point to Spark's internal web UI. |
spark.mesos.dispatcher.driverDefault.[PropertyName] |
(none) |
Set default properties for drivers submitted through the dispatcher. For example, spark.mesos.dispatcher.driverProperty.spark.executor.memory=32g results in the executors for all drivers submitted in cluster mode to run in 32g containers. |
spark.mesos.dispatcher.historyServer.url |
(none) |
Set the URL of the history server. The dispatcher will then link each driver to its entry in the history server. |
spark.mesos.gpus.max |
0 |
Set the maximum number GPU resources to acquire for this job. Note that executors will still launch when no GPU resources are found since this configuration is just an upper limit and not a guaranteed amount. |
spark.mesos.network.name |
(none) |
Attach containers to the given named network. If this job is launched in cluster mode, also launch the driver in the given named network. See the Mesos CNI docs for more details. |
spark.mesos.network.labels |
(none) |
Pass network labels to CNI plugins. This is a comma-separated list
of key-value pairs, where each key-value pair has the format key:value.
Example:
key1:val1,key2:val2See the Mesos CNI docs for more details. |
spark.mesos.fetcherCache.enable |
false |
If set to `true`, all URIs (example: `spark.executor.uri`, `spark.mesos.uris`) will be cached by the Mesos Fetcher Cache |
spark.mesos.driver.failoverTimeout |
0.0 |
The amount of time (in seconds) that the master will wait for the driver to reconnect, after being temporarily disconnected, before it tears down the driver framework by killing all its executors. The default value is zero, meaning no timeout: if the driver disconnects, the master immediately tears down the framework. |
spark.mesos.rejectOfferDuration |
120s |
Time to consider unused resources refused, serves as a fallback of `spark.mesos.rejectOfferDurationForUnmetConstraints`, `spark.mesos.rejectOfferDurationForReachedMaxCores` |
spark.mesos.rejectOfferDurationForUnmetConstraints |
spark.mesos.rejectOfferDuration |
Time to consider unused resources refused with unmet constraints |
spark.mesos.rejectOfferDurationForReachedMaxCores |
spark.mesos.rejectOfferDuration |
Time to consider unused resources refused when maximum number of cores
spark.cores.max is reached
|
spark.mesos.appJar.local.resolution.mode |
host |
Provides support for the `local:///` scheme to reference the app jar resource in cluster mode. If user uses a local resource (`local:///path/to/jar`) and the config option is not used it defaults to `host` eg. the mesos fetcher tries to get the resource from the host's file system. If the value is unknown it prints a warning msg in the dispatcher logs and defaults to `host`. If the value is `container` then spark submit in the container will use the jar in the container's path: `/path/to/jar`. |