From 2054324d471a6152ba34284b4259d4fd09c71704 Mon Sep 17 00:00:00 2001 From: Brahma Reddy Battula Date: Sun, 23 Jul 2017 12:56:18 +0800 Subject: [PATCH] Revert "YARN-6804. [YARN core changes] Allow custom hostname for docker containers in native services. Contributed by Billie Rinaldi" This reverts commit 4a771d9010de0867ac901bead075383ddf1f30dc. --- .../client/binding/RegistryPathUtils.java | 2 +- .../registry/client/types/Endpoint.java | 4 +- .../registry/client/types/ServiceRecord.java | 4 +- .../hadoop-yarn-server-nodemanager/pom.xml | 4 -- .../runtime/DockerLinuxContainerRuntime.java | 67 +++++-------------- .../runtime/docker/DockerRunCommand.java | 6 -- .../impl/container-executor.c | 4 -- .../test/test-container-executor.c | 16 ++--- .../runtime/TestDockerContainerRuntime.java | 58 ++++------------ 9 files changed, 44 insertions(+), 121 deletions(-) diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-registry/src/main/java/org/apache/hadoop/registry/client/binding/RegistryPathUtils.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-registry/src/main/java/org/apache/hadoop/registry/client/binding/RegistryPathUtils.java index 5fa45f913d0..5d8ea3f5b15 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-registry/src/main/java/org/apache/hadoop/registry/client/binding/RegistryPathUtils.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-registry/src/main/java/org/apache/hadoop/registry/client/binding/RegistryPathUtils.java @@ -213,6 +213,6 @@ public class RegistryPathUtils { * @return a string suitable for use in registry paths. */ public static String encodeYarnID(String yarnId) { - return yarnId.replace("container", "ctr").replace("_", "-"); + return yarnId.replace("_", "-"); } } diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-registry/src/main/java/org/apache/hadoop/registry/client/types/Endpoint.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-registry/src/main/java/org/apache/hadoop/registry/client/types/Endpoint.java index 392884faf87..395f8366f1a 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-registry/src/main/java/org/apache/hadoop/registry/client/types/Endpoint.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-registry/src/main/java/org/apache/hadoop/registry/client/types/Endpoint.java @@ -19,7 +19,7 @@ package org.apache.hadoop.registry.client.types; import com.fasterxml.jackson.annotation.JsonIgnoreProperties; -import com.fasterxml.jackson.annotation.JsonInclude; +import com.fasterxml.jackson.databind.annotation.JsonSerialize; import com.google.common.base.Preconditions; import org.apache.hadoop.classification.InterfaceAudience; import org.apache.hadoop.classification.InterfaceStability; @@ -46,7 +46,7 @@ import java.util.Map; @InterfaceAudience.Public @InterfaceStability.Evolving @JsonIgnoreProperties(ignoreUnknown = true) -@JsonInclude(JsonInclude.Include.NON_NULL) +@JsonSerialize(include = JsonSerialize.Inclusion.NON_NULL) public final class Endpoint implements Cloneable { /** diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-registry/src/main/java/org/apache/hadoop/registry/client/types/ServiceRecord.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-registry/src/main/java/org/apache/hadoop/registry/client/types/ServiceRecord.java index d40866a8150..674d6d34e1b 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-registry/src/main/java/org/apache/hadoop/registry/client/types/ServiceRecord.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-registry/src/main/java/org/apache/hadoop/registry/client/types/ServiceRecord.java @@ -20,7 +20,7 @@ package org.apache.hadoop.registry.client.types; import com.fasterxml.jackson.annotation.JsonAnyGetter; import com.fasterxml.jackson.annotation.JsonAnySetter; -import com.fasterxml.jackson.annotation.JsonInclude; +import com.fasterxml.jackson.databind.annotation.JsonSerialize; import com.google.common.base.Preconditions; import org.apache.hadoop.classification.InterfaceAudience; import org.apache.hadoop.classification.InterfaceStability; @@ -37,7 +37,7 @@ import java.util.Map; */ @InterfaceAudience.Public @InterfaceStability.Evolving -@JsonInclude(JsonInclude.Include.NON_NULL) +@JsonSerialize(include = JsonSerialize.Inclusion.NON_NULL) public class ServiceRecord implements Cloneable { /** diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/pom.xml b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/pom.xml index 094519afe6c..a0f4ef76df6 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/pom.xml +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/pom.xml @@ -51,10 +51,6 @@ org.apache.hadoop hadoop-yarn-api - - org.apache.hadoop - hadoop-yarn-registry - javax.xml.bind jaxb-api diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/DockerLinuxContainerRuntime.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/DockerLinuxContainerRuntime.java index e058d6ef14d..8db03bc7818 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/DockerLinuxContainerRuntime.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/DockerLinuxContainerRuntime.java @@ -27,7 +27,6 @@ import org.apache.hadoop.classification.InterfaceAudience; import org.apache.hadoop.classification.InterfaceStability; import org.apache.hadoop.conf.Configuration; import org.apache.hadoop.fs.Path; -import org.apache.hadoop.registry.client.binding.RegistryPathUtils; import org.apache.hadoop.security.UserGroupInformation; import org.apache.hadoop.security.authorize.AccessControlList; import org.apache.hadoop.util.StringUtils; @@ -102,11 +101,6 @@ import static org.apache.hadoop.yarn.server.nodemanager.containermanager.linux.r * property. * *
  • - * {@code YARN_CONTAINER_RUNTIME_DOCKER_CONTAINER_HOSTNAME} sets the - * hostname to be used by the Docker container. If not specified, a - * hostname will be derived from the container ID. - *
  • - *
  • * {@code YARN_CONTAINER_RUNTIME_DOCKER_RUN_PRIVILEGED_CONTAINER} * controls whether the Docker container is a privileged container. In order * to use privileged containers, the @@ -140,10 +134,6 @@ public class DockerLinuxContainerRuntime implements LinuxContainerRuntime { "^(([a-zA-Z0-9.-]+)(:\\d+)?/)?([a-z0-9_./-]+)(:[\\w.-]+)?$"; private static final Pattern dockerImagePattern = Pattern.compile(DOCKER_IMAGE_PATTERN); - public static final String HOSTNAME_PATTERN = - "^[a-zA-Z0-9][a-zA-Z0-9_.-]+$"; - private static final Pattern hostnamePattern = Pattern.compile( - HOSTNAME_PATTERN); @InterfaceAudience.Private public static final String ENV_DOCKER_CONTAINER_IMAGE = @@ -157,10 +147,6 @@ public class DockerLinuxContainerRuntime implements LinuxContainerRuntime { @InterfaceAudience.Private public static final String ENV_DOCKER_CONTAINER_NETWORK = "YARN_CONTAINER_RUNTIME_DOCKER_CONTAINER_NETWORK"; - @InterfaceAudience.Private - public static final String ENV_DOCKER_CONTAINER_HOSTNAME = - "YARN_CONTAINER_RUNTIME_DOCKER_CONTAINER_HOSTNAME"; - @InterfaceAudience.Private public static final String ENV_DOCKER_CONTAINER_RUN_PRIVILEGED_CONTAINER = "YARN_CONTAINER_RUNTIME_DOCKER_RUN_PRIVILEGED_CONTAINER"; @InterfaceAudience.Private @@ -225,7 +211,9 @@ public class DockerLinuxContainerRuntime implements LinuxContainerRuntime { this.privilegedOperationExecutor = privilegedOperationExecutor; if (cGroupsHandler == null) { - LOG.info("cGroupsHandler is null - cgroups not in use."); + if (LOG.isInfoEnabled()) { + LOG.info("cGroupsHandler is null - cgroups not in use."); + } } else { this.cGroupsHandler = cGroupsHandler; } @@ -279,29 +267,6 @@ public class DockerLinuxContainerRuntime implements LinuxContainerRuntime { throw new ContainerExecutionException(msg); } - public static void validateHostname(String hostname) throws - ContainerExecutionException { - if (hostname != null && !hostname.isEmpty()) { - if (!hostnamePattern.matcher(hostname).matches()) { - throw new ContainerExecutionException("Hostname '" + hostname - + "' doesn't match docker hostname pattern"); - } - } - } - - /** Set a DNS friendly hostname. */ - private void setHostname(DockerRunCommand runCommand, String - containerIdStr, String name) - throws ContainerExecutionException { - if (name == null || name.isEmpty()) { - name = RegistryPathUtils.encodeYarnID(containerIdStr); - validateHostname(name); - } - - LOG.info("setting hostname in container to: " + name); - runCommand.setHostname(name); - } - /** * If CGROUPS in enabled and not set to none, then set the CGROUP parent for * the command instance. @@ -378,8 +343,10 @@ public class DockerLinuxContainerRuntime implements LinuxContainerRuntime { return false; } - LOG.info("Privileged container requested for : " + container - .getContainerId().toString()); + if (LOG.isInfoEnabled()) { + LOG.info("Privileged container requested for : " + container + .getContainerId().toString()); + } //Ok, so we have been asked to run a privileged container. Security // checks need to be run. Each violation is an error. @@ -408,8 +375,10 @@ public class DockerLinuxContainerRuntime implements LinuxContainerRuntime { throw new ContainerExecutionException(message); } - LOG.info("All checks pass. Launching privileged container for : " - + container.getContainerId().toString()); + if (LOG.isInfoEnabled()) { + LOG.info("All checks pass. Launching privileged container for : " + + container.getContainerId().toString()); + } return true; } @@ -444,7 +413,6 @@ public class DockerLinuxContainerRuntime implements LinuxContainerRuntime { .getEnvironment(); String imageName = environment.get(ENV_DOCKER_CONTAINER_IMAGE); String network = environment.get(ENV_DOCKER_CONTAINER_NETWORK); - String hostname = environment.get(ENV_DOCKER_CONTAINER_HOSTNAME); if(network == null || network.isEmpty()) { network = defaultNetwork; @@ -452,8 +420,6 @@ public class DockerLinuxContainerRuntime implements LinuxContainerRuntime { validateContainerNetworkType(network); - validateHostname(hostname); - validateImageName(imageName); String containerIdStr = container.getContainerId().toString(); @@ -484,13 +450,12 @@ public class DockerLinuxContainerRuntime implements LinuxContainerRuntime { runAsUser, imageName) .detachOnRun() .setContainerWorkDir(containerWorkDir.toString()) - .setNetworkType(network); - setHostname(runCommand, containerIdStr, hostname); - runCommand.setCapabilities(capabilities) + .setNetworkType(network) + .setCapabilities(capabilities) .addMountLocation(CGROUPS_ROOT_DIRECTORY, CGROUPS_ROOT_DIRECTORY + ":ro", false); - List allDirs = new ArrayList<>(containerLocalDirs); + allDirs.addAll(filecacheDirs); allDirs.add(containerWorkDir.toString()); allDirs.addAll(containerLogDirs); @@ -528,7 +493,9 @@ public class DockerLinuxContainerRuntime implements LinuxContainerRuntime { ENV_DOCKER_CONTAINER_RUN_OVERRIDE_DISABLE); if (disableOverride != null && disableOverride.equals("true")) { - LOG.info("command override disabled"); + if (LOG.isInfoEnabled()) { + LOG.info("command override disabled"); + } } else { List overrideCommands = new ArrayList<>(); Path launchDst = diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/docker/DockerRunCommand.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/docker/DockerRunCommand.java index b6457540b3a..f79f4ed08c8 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/docker/DockerRunCommand.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/docker/DockerRunCommand.java @@ -91,12 +91,6 @@ public class DockerRunCommand extends DockerCommand { return this; } - - public DockerRunCommand setHostname(String hostname) { - super.addCommandArguments("--hostname=" + hostname); - return this; - } - public DockerRunCommand addDevice(String sourceDevice, String destinationDevice) { super.addCommandArguments("--device=" + sourceDevice + ":" + diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/impl/container-executor.c b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/impl/container-executor.c index 5070d62a945..5d138f35772 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/impl/container-executor.c +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/impl/container-executor.c @@ -1215,7 +1215,6 @@ char* sanitize_docker_command(const char *line) { {"rm", no_argument, 0, 'r' }, {"workdir", required_argument, 0, 'w' }, {"net", required_argument, 0, 'e' }, - {"hostname", required_argument, 0, 'h' }, {"cgroup-parent", required_argument, 0, 'g' }, {"privileged", no_argument, 0, 'p' }, {"cap-add", required_argument, 0, 'a' }, @@ -1257,9 +1256,6 @@ char* sanitize_docker_command(const char *line) { case 'e': quote_and_append_arg(&output, &output_size, "--net=", optarg); break; - case 'h': - quote_and_append_arg(&output, &output_size, "--hostname=", optarg); - break; case 'v': quote_and_append_arg(&output, &output_size, "-v ", optarg); break; diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/test/test-container-executor.c b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/test/test-container-executor.c index b7d0e442f03..83d11ec06d9 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/test/test-container-executor.c +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/test/test-container-executor.c @@ -1088,17 +1088,17 @@ void test_trim_function() { void test_sanitize_docker_command() { char *input[] = { - "run --name=cname --user=nobody -d --workdir=/yarn/local/cdir --privileged --rm --device=/sys/fs/cgroup/device:/sys/fs/cgroup/device --detach=true --cgroup-parent=/sys/fs/cgroup/cpu/yarn/cid --net=host --hostname=test.host.name --cap-drop=ALL --cap-add=SYS_CHROOT --cap-add=MKNOD --cap-add=SETFCAP --cap-add=SETPCAP --cap-add=FSETID --cap-add=CHOWN --cap-add=AUDIT_WRITE --cap-add=SETGID --cap-add=NET_RAW --cap-add=FOWNER --cap-add=SETUID --cap-add=DAC_OVERRIDE --cap-add=KILL --cap-add=NET_BIND_SERVICE -v /sys/fs/cgroup:/sys/fs/cgroup:ro -v /yarn/local/cdir:/yarn/local/cdir -v /yarn/local/usercache/test/:/yarn/local/usercache/test/ ubuntu bash /yarn/local/usercache/test/appcache/aid/cid/launch_container.sh", - "run --name=$CID --user=nobody -d --workdir=/yarn/local/cdir --privileged --rm --device=/sys/fs/cgroup/device:/sys/fs/cgroup/device --detach=true --cgroup-parent=/sys/fs/cgroup/cpu/yarn/cid --net=host --hostname=test.host.name --cap-drop=ALL --cap-add=SYS_CHROOT --cap-add=MKNOD --cap-add=SETFCAP --cap-add=SETPCAP --cap-add=FSETID --cap-add=CHOWN --cap-add=AUDIT_WRITE --cap-add=SETGID --cap-add=NET_RAW --cap-add=FOWNER --cap-add=SETUID --cap-add=DAC_OVERRIDE --cap-add=KILL --cap-add=NET_BIND_SERVICE -v /sys/fs/cgroup:/sys/fs/cgroup:ro -v /yarn/local/cdir:/yarn/local/cdir -v /yarn/local/usercache/test/:/yarn/local/usercache/test/ ubuntu bash /yarn/local/usercache/test/appcache/aid/cid/launch_container.sh", - "run --name=cname --user=nobody -d --workdir=/yarn/local/cdir --privileged --rm --device=/sys/fs/cgroup/device:/sys/fs/cgroup/device --detach=true --cgroup-parent=/sys/fs/cgroup/cpu/yarn/cid --net=host --hostname=test.host.name --cap-drop=ALL --cap-add=SYS_CHROOT --cap-add=MKNOD --cap-add=SETFCAP --cap-add=SETPCAP --cap-add=FSETID --cap-add=CHOWN --cap-add=AUDIT_WRITE --cap-add=SETGID --cap-add=NET_RAW --cap-add=FOWNER --cap-add=SETUID --cap-add=DAC_OVERRIDE --cap-add=KILL --cap-add=NET_BIND_SERVICE -v /sys/fs/cgroup:/sys/fs/cgroup:ro -v /yarn/local/cdir:/yarn/local/cdir -v /yarn/local/usercache/test/:/yarn/local/usercache/test/ ubuntu || touch /tmp/file # bash /yarn/local/usercache/test/appcache/aid/cid/launch_container.sh", - "run --name=cname --user=nobody -d --workdir=/yarn/local/cdir --privileged --rm --device=/sys/fs/cgroup/device:/sys/fs/cgroup/device --detach=true --cgroup-parent=/sys/fs/cgroup/cpu/yarn/cid --net=host --hostname=test.host.name --cap-drop=ALL --cap-add=SYS_CHROOT --cap-add=MKNOD --cap-add=SETFCAP --cap-add=SETPCAP --cap-add=FSETID --cap-add=CHOWN --cap-add=AUDIT_WRITE --cap-add=SETGID --cap-add=NET_RAW --cap-add=FOWNER --cap-add=SETUID --cap-add=DAC_OVERRIDE --cap-add=KILL --cap-add=NET_BIND_SERVICE -v /sys/fs/cgroup:/sys/fs/cgroup:ro -v /yarn/local/cdir:/yarn/local/cdir -v /yarn/local/usercache/test/:/yarn/local/usercache/test/ ubuntu' || touch /tmp/file # bash /yarn/local/usercache/test/appcache/aid/cid/launch_container.sh", + "run --name=cname --user=nobody -d --workdir=/yarn/local/cdir --privileged --rm --device=/sys/fs/cgroup/device:/sys/fs/cgroup/device --detach=true --cgroup-parent=/sys/fs/cgroup/cpu/yarn/cid --net=host --cap-drop=ALL --cap-add=SYS_CHROOT --cap-add=MKNOD --cap-add=SETFCAP --cap-add=SETPCAP --cap-add=FSETID --cap-add=CHOWN --cap-add=AUDIT_WRITE --cap-add=SETGID --cap-add=NET_RAW --cap-add=FOWNER --cap-add=SETUID --cap-add=DAC_OVERRIDE --cap-add=KILL --cap-add=NET_BIND_SERVICE -v /sys/fs/cgroup:/sys/fs/cgroup:ro -v /yarn/local/cdir:/yarn/local/cdir -v /yarn/local/usercache/test/:/yarn/local/usercache/test/ ubuntu bash /yarn/local/usercache/test/appcache/aid/cid/launch_container.sh", + "run --name=$CID --user=nobody -d --workdir=/yarn/local/cdir --privileged --rm --device=/sys/fs/cgroup/device:/sys/fs/cgroup/device --detach=true --cgroup-parent=/sys/fs/cgroup/cpu/yarn/cid --net=host --cap-drop=ALL --cap-add=SYS_CHROOT --cap-add=MKNOD --cap-add=SETFCAP --cap-add=SETPCAP --cap-add=FSETID --cap-add=CHOWN --cap-add=AUDIT_WRITE --cap-add=SETGID --cap-add=NET_RAW --cap-add=FOWNER --cap-add=SETUID --cap-add=DAC_OVERRIDE --cap-add=KILL --cap-add=NET_BIND_SERVICE -v /sys/fs/cgroup:/sys/fs/cgroup:ro -v /yarn/local/cdir:/yarn/local/cdir -v /yarn/local/usercache/test/:/yarn/local/usercache/test/ ubuntu bash /yarn/local/usercache/test/appcache/aid/cid/launch_container.sh", + "run --name=cname --user=nobody -d --workdir=/yarn/local/cdir --privileged --rm --device=/sys/fs/cgroup/device:/sys/fs/cgroup/device --detach=true --cgroup-parent=/sys/fs/cgroup/cpu/yarn/cid --net=host --cap-drop=ALL --cap-add=SYS_CHROOT --cap-add=MKNOD --cap-add=SETFCAP --cap-add=SETPCAP --cap-add=FSETID --cap-add=CHOWN --cap-add=AUDIT_WRITE --cap-add=SETGID --cap-add=NET_RAW --cap-add=FOWNER --cap-add=SETUID --cap-add=DAC_OVERRIDE --cap-add=KILL --cap-add=NET_BIND_SERVICE -v /sys/fs/cgroup:/sys/fs/cgroup:ro -v /yarn/local/cdir:/yarn/local/cdir -v /yarn/local/usercache/test/:/yarn/local/usercache/test/ ubuntu || touch /tmp/file # bash /yarn/local/usercache/test/appcache/aid/cid/launch_container.sh", + "run --name=cname --user=nobody -d --workdir=/yarn/local/cdir --privileged --rm --device=/sys/fs/cgroup/device:/sys/fs/cgroup/device --detach=true --cgroup-parent=/sys/fs/cgroup/cpu/yarn/cid --net=host --cap-drop=ALL --cap-add=SYS_CHROOT --cap-add=MKNOD --cap-add=SETFCAP --cap-add=SETPCAP --cap-add=FSETID --cap-add=CHOWN --cap-add=AUDIT_WRITE --cap-add=SETGID --cap-add=NET_RAW --cap-add=FOWNER --cap-add=SETUID --cap-add=DAC_OVERRIDE --cap-add=KILL --cap-add=NET_BIND_SERVICE -v /sys/fs/cgroup:/sys/fs/cgroup:ro -v /yarn/local/cdir:/yarn/local/cdir -v /yarn/local/usercache/test/:/yarn/local/usercache/test/ ubuntu' || touch /tmp/file # bash /yarn/local/usercache/test/appcache/aid/cid/launch_container.sh", "run ''''''''" }; char *expected_output[] = { - "run --name='cname' --user='nobody' -d --workdir='/yarn/local/cdir' --privileged --rm --device='/sys/fs/cgroup/device:/sys/fs/cgroup/device' --detach='true' --cgroup-parent='/sys/fs/cgroup/cpu/yarn/cid' --net='host' --hostname='test.host.name' --cap-drop='ALL' --cap-add='SYS_CHROOT' --cap-add='MKNOD' --cap-add='SETFCAP' --cap-add='SETPCAP' --cap-add='FSETID' --cap-add='CHOWN' --cap-add='AUDIT_WRITE' --cap-add='SETGID' --cap-add='NET_RAW' --cap-add='FOWNER' --cap-add='SETUID' --cap-add='DAC_OVERRIDE' --cap-add='KILL' --cap-add='NET_BIND_SERVICE' -v '/sys/fs/cgroup:/sys/fs/cgroup:ro' -v '/yarn/local/cdir:/yarn/local/cdir' -v '/yarn/local/usercache/test/:/yarn/local/usercache/test/' 'ubuntu' 'bash' '/yarn/local/usercache/test/appcache/aid/cid/launch_container.sh' ", - "run --name='$CID' --user='nobody' -d --workdir='/yarn/local/cdir' --privileged --rm --device='/sys/fs/cgroup/device:/sys/fs/cgroup/device' --detach='true' --cgroup-parent='/sys/fs/cgroup/cpu/yarn/cid' --net='host' --hostname='test.host.name' --cap-drop='ALL' --cap-add='SYS_CHROOT' --cap-add='MKNOD' --cap-add='SETFCAP' --cap-add='SETPCAP' --cap-add='FSETID' --cap-add='CHOWN' --cap-add='AUDIT_WRITE' --cap-add='SETGID' --cap-add='NET_RAW' --cap-add='FOWNER' --cap-add='SETUID' --cap-add='DAC_OVERRIDE' --cap-add='KILL' --cap-add='NET_BIND_SERVICE' -v '/sys/fs/cgroup:/sys/fs/cgroup:ro' -v '/yarn/local/cdir:/yarn/local/cdir' -v '/yarn/local/usercache/test/:/yarn/local/usercache/test/' 'ubuntu' 'bash' '/yarn/local/usercache/test/appcache/aid/cid/launch_container.sh' ", - "run --name='cname' --user='nobody' -d --workdir='/yarn/local/cdir' --privileged --rm --device='/sys/fs/cgroup/device:/sys/fs/cgroup/device' --detach='true' --cgroup-parent='/sys/fs/cgroup/cpu/yarn/cid' --net='host' --hostname='test.host.name' --cap-drop='ALL' --cap-add='SYS_CHROOT' --cap-add='MKNOD' --cap-add='SETFCAP' --cap-add='SETPCAP' --cap-add='FSETID' --cap-add='CHOWN' --cap-add='AUDIT_WRITE' --cap-add='SETGID' --cap-add='NET_RAW' --cap-add='FOWNER' --cap-add='SETUID' --cap-add='DAC_OVERRIDE' --cap-add='KILL' --cap-add='NET_BIND_SERVICE' -v '/sys/fs/cgroup:/sys/fs/cgroup:ro' -v '/yarn/local/cdir:/yarn/local/cdir' -v '/yarn/local/usercache/test/:/yarn/local/usercache/test/' 'ubuntu' '||' 'touch' '/tmp/file' '#' 'bash' '/yarn/local/usercache/test/appcache/aid/cid/launch_container.sh' ", - "run --name='cname' --user='nobody' -d --workdir='/yarn/local/cdir' --privileged --rm --device='/sys/fs/cgroup/device:/sys/fs/cgroup/device' --detach='true' --cgroup-parent='/sys/fs/cgroup/cpu/yarn/cid' --net='host' --hostname='test.host.name' --cap-drop='ALL' --cap-add='SYS_CHROOT' --cap-add='MKNOD' --cap-add='SETFCAP' --cap-add='SETPCAP' --cap-add='FSETID' --cap-add='CHOWN' --cap-add='AUDIT_WRITE' --cap-add='SETGID' --cap-add='NET_RAW' --cap-add='FOWNER' --cap-add='SETUID' --cap-add='DAC_OVERRIDE' --cap-add='KILL' --cap-add='NET_BIND_SERVICE' -v '/sys/fs/cgroup:/sys/fs/cgroup:ro' -v '/yarn/local/cdir:/yarn/local/cdir' -v '/yarn/local/usercache/test/:/yarn/local/usercache/test/' 'ubuntu'\"'\"'' '||' 'touch' '/tmp/file' '#' 'bash' '/yarn/local/usercache/test/appcache/aid/cid/launch_container.sh' ", + "run --name='cname' --user='nobody' -d --workdir='/yarn/local/cdir' --privileged --rm --device='/sys/fs/cgroup/device:/sys/fs/cgroup/device' --detach='true' --cgroup-parent='/sys/fs/cgroup/cpu/yarn/cid' --net='host' --cap-drop='ALL' --cap-add='SYS_CHROOT' --cap-add='MKNOD' --cap-add='SETFCAP' --cap-add='SETPCAP' --cap-add='FSETID' --cap-add='CHOWN' --cap-add='AUDIT_WRITE' --cap-add='SETGID' --cap-add='NET_RAW' --cap-add='FOWNER' --cap-add='SETUID' --cap-add='DAC_OVERRIDE' --cap-add='KILL' --cap-add='NET_BIND_SERVICE' -v '/sys/fs/cgroup:/sys/fs/cgroup:ro' -v '/yarn/local/cdir:/yarn/local/cdir' -v '/yarn/local/usercache/test/:/yarn/local/usercache/test/' 'ubuntu' 'bash' '/yarn/local/usercache/test/appcache/aid/cid/launch_container.sh' ", + "run --name='$CID' --user='nobody' -d --workdir='/yarn/local/cdir' --privileged --rm --device='/sys/fs/cgroup/device:/sys/fs/cgroup/device' --detach='true' --cgroup-parent='/sys/fs/cgroup/cpu/yarn/cid' --net='host' --cap-drop='ALL' --cap-add='SYS_CHROOT' --cap-add='MKNOD' --cap-add='SETFCAP' --cap-add='SETPCAP' --cap-add='FSETID' --cap-add='CHOWN' --cap-add='AUDIT_WRITE' --cap-add='SETGID' --cap-add='NET_RAW' --cap-add='FOWNER' --cap-add='SETUID' --cap-add='DAC_OVERRIDE' --cap-add='KILL' --cap-add='NET_BIND_SERVICE' -v '/sys/fs/cgroup:/sys/fs/cgroup:ro' -v '/yarn/local/cdir:/yarn/local/cdir' -v '/yarn/local/usercache/test/:/yarn/local/usercache/test/' 'ubuntu' 'bash' '/yarn/local/usercache/test/appcache/aid/cid/launch_container.sh' ", + "run --name='cname' --user='nobody' -d --workdir='/yarn/local/cdir' --privileged --rm --device='/sys/fs/cgroup/device:/sys/fs/cgroup/device' --detach='true' --cgroup-parent='/sys/fs/cgroup/cpu/yarn/cid' --net='host' --cap-drop='ALL' --cap-add='SYS_CHROOT' --cap-add='MKNOD' --cap-add='SETFCAP' --cap-add='SETPCAP' --cap-add='FSETID' --cap-add='CHOWN' --cap-add='AUDIT_WRITE' --cap-add='SETGID' --cap-add='NET_RAW' --cap-add='FOWNER' --cap-add='SETUID' --cap-add='DAC_OVERRIDE' --cap-add='KILL' --cap-add='NET_BIND_SERVICE' -v '/sys/fs/cgroup:/sys/fs/cgroup:ro' -v '/yarn/local/cdir:/yarn/local/cdir' -v '/yarn/local/usercache/test/:/yarn/local/usercache/test/' 'ubuntu' '||' 'touch' '/tmp/file' '#' 'bash' '/yarn/local/usercache/test/appcache/aid/cid/launch_container.sh' ", + "run --name='cname' --user='nobody' -d --workdir='/yarn/local/cdir' --privileged --rm --device='/sys/fs/cgroup/device:/sys/fs/cgroup/device' --detach='true' --cgroup-parent='/sys/fs/cgroup/cpu/yarn/cid' --net='host' --cap-drop='ALL' --cap-add='SYS_CHROOT' --cap-add='MKNOD' --cap-add='SETFCAP' --cap-add='SETPCAP' --cap-add='FSETID' --cap-add='CHOWN' --cap-add='AUDIT_WRITE' --cap-add='SETGID' --cap-add='NET_RAW' --cap-add='FOWNER' --cap-add='SETUID' --cap-add='DAC_OVERRIDE' --cap-add='KILL' --cap-add='NET_BIND_SERVICE' -v '/sys/fs/cgroup:/sys/fs/cgroup:ro' -v '/yarn/local/cdir:/yarn/local/cdir' -v '/yarn/local/usercache/test/:/yarn/local/usercache/test/' 'ubuntu'\"'\"'' '||' 'touch' '/tmp/file' '#' 'bash' '/yarn/local/usercache/test/appcache/aid/cid/launch_container.sh' ", "run ''\"'\"''\"'\"''\"'\"''\"'\"''\"'\"''\"'\"''\"'\"''\"'\"'' ", }; diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/test/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/TestDockerContainerRuntime.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/test/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/TestDockerContainerRuntime.java index 9894dcd90fc..f61184334c3 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/test/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/TestDockerContainerRuntime.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/test/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/TestDockerContainerRuntime.java @@ -25,7 +25,6 @@ import org.apache.commons.logging.LogFactory; import org.apache.hadoop.conf.Configuration; import org.apache.hadoop.fs.FileUtil; import org.apache.hadoop.fs.Path; -import org.apache.hadoop.registry.client.binding.RegistryPathUtils; import org.apache.hadoop.yarn.api.records.ContainerId; import org.apache.hadoop.yarn.api.records.ContainerLaunchContext; import org.apache.hadoop.yarn.conf.YarnConfiguration; @@ -70,7 +69,6 @@ public class TestDockerContainerRuntime { private PrivilegedOperationExecutor mockExecutor; private CGroupsHandler mockCGroupsHandler; private String containerId; - private String defaultHostname; private Container container; private ContainerId cId; private ContainerLaunchContext context; @@ -110,7 +108,6 @@ public class TestDockerContainerRuntime { .mock(PrivilegedOperationExecutor.class); mockCGroupsHandler = Mockito.mock(CGroupsHandler.class); containerId = "container_id"; - defaultHostname = RegistryPathUtils.encodeYarnID(containerId); container = mock(Container.class); cId = mock(ContainerId.class); context = mock(ContainerLaunchContext.class); @@ -290,7 +287,6 @@ public class TestDockerContainerRuntime { .append("--user=%2$s -d ") .append("--workdir=%3$s ") .append("--net=host ") - .append("--hostname=" + defaultHostname + " ") .append(getExpectedTestCapabilitiesArgumentString()) .append(getExpectedCGroupsMountString()) .append("-v %4$s:%4$s ") @@ -369,7 +365,7 @@ public class TestDockerContainerRuntime { String disallowedNetwork = "sdn" + Integer.toString(randEngine.nextInt()); try { - env.put(DockerLinuxContainerRuntime.ENV_DOCKER_CONTAINER_NETWORK, + env.put("YARN_CONTAINER_RUNTIME_DOCKER_CONTAINER_NETWORK", disallowedNetwork); runtime.launchContainer(builder.build()); Assert.fail("Network was expected to be disallowed: " + @@ -382,11 +378,8 @@ public class TestDockerContainerRuntime { .DEFAULT_NM_DOCKER_ALLOWED_CONTAINER_NETWORKS.length; String allowedNetwork = YarnConfiguration .DEFAULT_NM_DOCKER_ALLOWED_CONTAINER_NETWORKS[randEngine.nextInt(size)]; - env.put(DockerLinuxContainerRuntime.ENV_DOCKER_CONTAINER_NETWORK, + env.put("YARN_CONTAINER_RUNTIME_DOCKER_CONTAINER_NETWORK", allowedNetwork); - String expectedHostname = "test.hostname"; - env.put(DockerLinuxContainerRuntime.ENV_DOCKER_CONTAINER_HOSTNAME, - expectedHostname); //this should cause no failures. @@ -400,7 +393,6 @@ public class TestDockerContainerRuntime { new StringBuffer("run --name=%1$s ").append("--user=%2$s -d ") .append("--workdir=%3$s ") .append("--net=" + allowedNetwork + " ") - .append("--hostname=" + expectedHostname + " ") .append(getExpectedTestCapabilitiesArgumentString()) .append(getExpectedCGroupsMountString()) .append("-v %4$s:%4$s ").append("-v %5$s:%5$s ") @@ -456,7 +448,6 @@ public class TestDockerContainerRuntime { new StringBuffer("run --name=%1$s ").append("--user=%2$s -d ") .append("--workdir=%3$s ") .append("--net=" + customNetwork1 + " ") - .append("--hostname=" + defaultHostname + " ") .append(getExpectedTestCapabilitiesArgumentString()) .append(getExpectedCGroupsMountString()) .append("-v %4$s:%4$s ").append("-v %5$s:%5$s ") @@ -480,7 +471,7 @@ public class TestDockerContainerRuntime { //now set an explicit (non-default) allowedNetwork and ensure that it is // used. - env.put(DockerLinuxContainerRuntime.ENV_DOCKER_CONTAINER_NETWORK, + env.put("YARN_CONTAINER_RUNTIME_DOCKER_CONTAINER_NETWORK", customNetwork2); runtime.launchContainer(builder.build()); @@ -494,7 +485,6 @@ public class TestDockerContainerRuntime { new StringBuffer("run --name=%1$s ").append("--user=%2$s -d ") .append("--workdir=%3$s ") .append("--net=" + customNetwork2 + " ") - .append("--hostname=" + defaultHostname + " ") .append(getExpectedTestCapabilitiesArgumentString()) .append(getExpectedCGroupsMountString()) .append("-v %4$s:%4$s ").append("-v %5$s:%5$s ") @@ -515,7 +505,7 @@ public class TestDockerContainerRuntime { //disallowed network should trigger a launch failure - env.put(DockerLinuxContainerRuntime.ENV_DOCKER_CONTAINER_NETWORK, + env.put("YARN_CONTAINER_RUNTIME_DOCKER_CONTAINER_NETWORK", customNetwork3); try { runtime.launchContainer(builder.build()); @@ -534,8 +524,8 @@ public class TestDockerContainerRuntime { mockExecutor, mockCGroupsHandler); runtime.initialize(conf); - env.put(DockerLinuxContainerRuntime - .ENV_DOCKER_CONTAINER_RUN_PRIVILEGED_CONTAINER, "invalid-value"); + env.put("YARN_CONTAINER_RUNTIME_DOCKER_RUN_PRIVILEGED_CONTAINER", + "invalid-value"); runtime.launchContainer(builder.build()); PrivilegedOperation op = capturePrivilegedOperationAndVerifyArgs(); @@ -562,8 +552,8 @@ public class TestDockerContainerRuntime { mockExecutor, mockCGroupsHandler); runtime.initialize(conf); - env.put(DockerLinuxContainerRuntime - .ENV_DOCKER_CONTAINER_RUN_PRIVILEGED_CONTAINER, "true"); + env.put("YARN_CONTAINER_RUNTIME_DOCKER_RUN_PRIVILEGED_CONTAINER", + "true"); try { runtime.launchContainer(builder.build()); @@ -585,8 +575,8 @@ public class TestDockerContainerRuntime { mockExecutor, mockCGroupsHandler); runtime.initialize(conf); - env.put(DockerLinuxContainerRuntime - .ENV_DOCKER_CONTAINER_RUN_PRIVILEGED_CONTAINER, "true"); + env.put("YARN_CONTAINER_RUNTIME_DOCKER_RUN_PRIVILEGED_CONTAINER", + "true"); //By default // yarn.nodemanager.runtime.linux.docker.privileged-containers.acl // is empty. So we expect this launch to fail. @@ -615,8 +605,8 @@ public class TestDockerContainerRuntime { mockExecutor, mockCGroupsHandler); runtime.initialize(conf); - env.put(DockerLinuxContainerRuntime - .ENV_DOCKER_CONTAINER_RUN_PRIVILEGED_CONTAINER, "true"); + env.put("YARN_CONTAINER_RUNTIME_DOCKER_RUN_PRIVILEGED_CONTAINER", + "true"); try { runtime.launchContainer(builder.build()); @@ -642,8 +632,8 @@ public class TestDockerContainerRuntime { mockExecutor, mockCGroupsHandler); runtime.initialize(conf); - env.put(DockerLinuxContainerRuntime - .ENV_DOCKER_CONTAINER_RUN_PRIVILEGED_CONTAINER, "true"); + env.put("YARN_CONTAINER_RUNTIME_DOCKER_RUN_PRIVILEGED_CONTAINER", + "true"); runtime.launchContainer(builder.build()); PrivilegedOperation op = capturePrivilegedOperationAndVerifyArgs(); @@ -937,24 +927,4 @@ public class TestDockerContainerRuntime { } } } - - @Test - public void testDockerHostnamePattern() throws Exception { - String[] validNames = {"ab", "a.b.c.d", "a1-b.cd.ef", "0AB.", "C_D-"}; - - String[] invalidNames = {"a", "a#.b.c", "-a.b.c", "a@b.c", "a/b/c"}; - - for (String name : validNames) { - DockerLinuxContainerRuntime.validateHostname(name); - } - - for (String name : invalidNames) { - try { - DockerLinuxContainerRuntime.validateHostname(name); - Assert.fail(name + " is an invalid hostname and should fail the regex"); - } catch (ContainerExecutionException ce) { - continue; - } - } - } }