If you're new to Mesos

See the getting started page for more information about downloading, building, and deploying Mesos.

If you'd like to get involved or you're looking for support

See our community page for more details.

Mesos Containerizer

The Mesos Containerizer provides lightweight containerization and resource isolation of executors using Linux-specific functionality such as control cgroups and namespaces. It is composable so operators can selectively enable different isolators.

It also provides basic support for POSIX systems (e.g., OSX) but without any actual isolation, only resource usage reporting.

Isolators

Isolators are components that each define an aspect of how a tasks execution environment (or container) is constructed. Isolators can control how containers are isolated from each other, how task resource limits are enforced, how networking is configured, how security policies are applied.

Since the isolator interface is modularized, operators can write modules that implement custom isolators.

Mesos supports the following built-in isolators.

• appc/runtime
• cgroups/blkio
• cgroups/cpu
• cgroups/cpuset
• cgroups/devices
• cgroups/hugetlb
• cgroups/mem
• cgroups/net_cls
• cgroups/net_prio
• cgroups/perf_event
• cgroups/pids
• disk/du
• disk/xfs
• docker/runtime
• docker/volume
• environment_secret
• filesystem/linux
• filesystem/posix
• filesystem/shared
• filesystem/windows
• gpu/nvidia
• linux/capabilities
• linux/devices
• linux/nnp
• linux/seccomp
• namespaces/ipc
• namespaces/pid
• network/cni
• network/port_mapping
• network/ports
• posix/cpu
• posix/mem
• posix/rlimits
• volume/csi
• volume/host_path
• volume/image
• volume/sandbox_path
• volume/secret
• windows/cpu
• windows/mem

Systemd Integration

To prevent systemd from manipulating cgroups managed by the agent, it’s recommended to add ‘Delegate’ under ‘Service’ in the service unit file of Mesos agent, for example:

[Service]
Delegate=true