YARN-7705. Create the container log directory with correct sticky bit in C code. Contributed by Yufei Gu.

This commit is contained in:
Miklos Szegedi 2018-01-12 15:03:29 -08:00
parent d5d6a0353b
commit 2dcfc1876e
7 changed files with 98 additions and 48 deletions

View File

@ -365,6 +365,7 @@ public class LinuxContainerExecutor extends ContainerExecutor {
PrivilegedOperation.RunAsUserCommand.INITIALIZE_CONTAINER
.getValue()),
appId,
locId,
nmPrivateContainerTokensPath.toUri().getPath().toString(),
StringUtils.join(PrivilegedOperation.LINUX_FILE_PATH_SEPARATOR,
localDirs),

View File

@ -63,7 +63,6 @@ import org.apache.hadoop.util.DiskValidatorFactory;
import org.apache.hadoop.util.Shell;
import org.apache.hadoop.util.concurrent.HadoopExecutors;
import org.apache.hadoop.yarn.YarnUncaughtExceptionHandler;
import org.apache.hadoop.yarn.exceptions.YarnRuntimeException;
import org.apache.hadoop.yarn.api.ApplicationConstants;
import org.apache.hadoop.yarn.api.records.LocalResource;
import org.apache.hadoop.yarn.api.records.LocalResourceVisibility;
@ -447,7 +446,6 @@ public class ContainerLocalizer {
// MKDIR $x/$user/appcache/$appid/filecache
// LOAD $x/$user/appcache/$appid/appTokens
try {
createLogDir();
String user = argv[0];
String appId = argv[1];
String locId = argv[2];
@ -483,31 +481,6 @@ public class ContainerLocalizer {
}
}
/**
* Create the log directory, if the directory exists, make sure its permission
* is 750.
*/
private static void createLogDir() {
FileContext localFs;
try {
localFs = FileContext.getLocalFSFileContext(new Configuration());
String logDir = System.getProperty(
YarnConfiguration.YARN_APP_CONTAINER_LOG_DIR);
if (logDir != null && !logDir.trim().isEmpty()) {
Path containerLogPath = new Path(logDir);
FsPermission containerLogDirPerm= new FsPermission((short)0750);
localFs.mkdir(containerLogPath, containerLogDirPerm, true);
// set permission again to make sure the permission is correct
// in case the directory is already there.
localFs.setPermission(containerLogPath, containerLogDirPerm);
}
} catch (IOException e) {
throw new YarnRuntimeException("Unable to create the log dir", e);
}
}
private static void initDirs(Configuration conf, String user, String appId,
FileContext lfs, List<Path> localDirs) throws IOException {
if (null == localDirs || 0 == localDirs.size()) {

View File

@ -1094,11 +1094,62 @@ int create_log_dirs(const char *app_id, char * const * log_dirs) {
return 0;
}
char* get_container_log_directory(const char *log_root, const char* app_id,
const char *container_id) {
return concatenate("%s/%s/%s", "container log dir", 3, log_root, app_id,
container_id);
}
int create_container_log_dirs(const char *container_id, const char *app_id,
char * const * log_dirs) {
char* const* log_root;
int created_any_dir = 0;
for(log_root=log_dirs; *log_root != NULL; ++log_root) {
char *container_log_dir = get_container_log_directory(*log_root, app_id,
container_id);
if (container_log_dir == NULL) {
fprintf(LOGFILE,
"Failed to get container log directory name! Log root directory: %s, App id: %s, Container id: %s\n",
*log_root, app_id, container_id);
continue;
}
int result = check_nm_local_dir(nm_uid, *log_root);
if (result != 0 && container_log_dir != NULL) {
fprintf(LOGFILE, "Unsupported container log directory path (%s) detected.\n",
container_log_dir);
free(container_log_dir);
container_log_dir = NULL;
continue;
}
if (create_directory_for_user(container_log_dir) != 0) {
fprintf(LOGFILE, "Failed to create container log directory (%s)!\n",
container_log_dir);
free(container_log_dir);
return -1;
}
if (!created_any_dir) {
created_any_dir = 1;
}
free(container_log_dir);
}
if (!created_any_dir) {
fprintf(LOGFILE, "Did not create any container log directory.\n");
return -1;
}
return 0;
}
/**
* Function to prepare the application directories for the container.
*/
int initialize_app(const char *user, const char *app_id,
const char *container_id,
const char* nmPrivate_credentials_file,
char* const* local_dirs, char* const* log_roots,
char* const* args) {
@ -1119,6 +1170,13 @@ int initialize_app(const char *user, const char *app_id,
return log_create_result;
}
// create the log directories for the container on all disks
int container_log_create_result = create_container_log_dirs(container_id,
app_id, log_roots);
if (container_log_create_result != 0) {
return container_log_create_result;
}
// open up the credentials file
int cred_file = open_file_as_nm(nmPrivate_credentials_file);
if (cred_file == -1) {

View File

@ -91,6 +91,7 @@ void free_executor_configurations();
// initialize the application directory
int initialize_app(const char *user, const char *app_id,
const char *container_id,
const char *credentials, char* const* local_dirs,
char* const* log_dirs, char* const* args);
@ -195,6 +196,8 @@ char *get_container_credentials_file(const char* work_dir);
*/
char* get_app_log_directory(const char* log_root, const char* appid);
char* get_container_log_directory(const char *log_root, const char* app_id,
const char *container_id);
/**
* Ensure that the given path and all of the parent directories are created
* with the desired permissions.

View File

@ -360,13 +360,14 @@ static int validate_run_as_user_commands(int argc, char **argv, int *operation)
char * resources_value = NULL;
switch (command) {
case INITIALIZE_CONTAINER:
if (argc < 9) {
fprintf(ERRORFILE, "Too few arguments (%d vs 9) for initialize container\n",
if (argc < 10) {
fprintf(ERRORFILE, "Too few arguments (%d vs 10) for initialize container\n",
argc);
fflush(ERRORFILE);
return INVALID_ARGUMENT_NUMBER;
}
cmd_input.app_id = argv[optind++];
cmd_input.container_id = argv[optind++];
cmd_input.cred_file = argv[optind++];
cmd_input.local_dirs = argv[optind++];// good local dirs as a comma separated list
cmd_input.log_dirs = argv[optind++];// good log dirs as a comma separated list
@ -563,6 +564,7 @@ int main(int argc, char **argv) {
exit_code = initialize_app(cmd_input.yarn_user_name,
cmd_input.app_id,
cmd_input.container_id,
cmd_input.cred_file,
split(cmd_input.local_dirs),
split(cmd_input.log_dirs),

View File

@ -798,7 +798,8 @@ void test_init_app() {
exit(1);
} else if (child == 0) {
char *final_pgm[] = {"touch", "my-touch-file", 0};
if (initialize_app(yarn_username, "app_4", TEST_ROOT "/creds.txt",
if (initialize_app(yarn_username, "app_4", "container_1",
TEST_ROOT "/creds.txt",
local_dirs, log_dirs, final_pgm) != 0) {
printf("FAIL: failed in child\n");
exit(42);
@ -839,6 +840,14 @@ void test_init_app() {
exit(1);
}
free(app_dir);
char *container_dir = get_container_log_directory(TEST_ROOT "/logs/userlogs",
"app_4", "container_1");
if (container_dir != NULL && access(container_dir, R_OK) != 0) {
printf("FAIL: failed to create container log directory %s\n", container_dir);
exit(1);
}
free(container_dir);
}
void test_run_container() {

View File

@ -253,8 +253,6 @@ public class TestLinuxContainerExecutorWithMocks {
@Test (timeout = 5000)
public void testStartLocalizer() throws IOException {
InetSocketAddress address = InetSocketAddress.createUnresolved("localhost", 8040);
Path nmPrivateCTokensPath= new Path("file:///bin/nmPrivateCTokensPath");
@ -269,25 +267,31 @@ public class TestLinuxContainerExecutorWithMocks {
.build());
List<String> result=readMockParams();
Assert.assertEquals(result.size(), 24);
Assert.assertEquals(result.size(), 25);
Assert.assertEquals(result.get(0), YarnConfiguration.DEFAULT_NM_NONSECURE_MODE_LOCAL_USER);
Assert.assertEquals(result.get(1), "test");
Assert.assertEquals(result.get(2), "0" );
Assert.assertEquals(result.get(3),"application_0" );
Assert.assertEquals(result.get(4), "/bin/nmPrivateCTokensPath");
Assert.assertEquals(result.get(8), "-classpath" );
Assert.assertEquals(result.get(11), "-Xmx256m" );
Assert.assertEquals(result.get(12), "-Dlog4j.configuration=container-log4j.properties" );
Assert.assertEquals(result.get(13), "-Dyarn.app.container.log.dir=${yarn.log.dir}/userlogs/application_0/12345");
Assert.assertEquals(result.get(14), "-Dyarn.app.container.log.filesize=0");
Assert.assertEquals(result.get(15), "-Dhadoop.root.logger=INFO,CLA");
Assert.assertEquals(result.get(16), "-Dhadoop.root.logfile=container-localizer-syslog");
Assert.assertEquals(result.get(17),"org.apache.hadoop.yarn.server.nodemanager.containermanager.localizer.ContainerLocalizer" );
Assert.assertEquals(result.get(18), "test");
Assert.assertEquals(result.get(19), "application_0");
Assert.assertEquals(result.get(20),"12345" );
Assert.assertEquals(result.get(21),"localhost" );
Assert.assertEquals(result.get(22),"8040" );
Assert.assertEquals(result.get(3), "application_0");
Assert.assertEquals(result.get(4), "12345");
Assert.assertEquals(result.get(5), "/bin/nmPrivateCTokensPath");
Assert.assertEquals(result.get(9), "-classpath" );
Assert.assertEquals(result.get(12), "-Xmx256m" );
Assert.assertEquals(result.get(13),
"-Dlog4j.configuration=container-log4j.properties" );
Assert.assertEquals(result.get(14),
"-Dyarn.app.container.log.dir=${yarn.log.dir}/userlogs/application_0/12345");
Assert.assertEquals(result.get(15),
"-Dyarn.app.container.log.filesize=0");
Assert.assertEquals(result.get(16), "-Dhadoop.root.logger=INFO,CLA");
Assert.assertEquals(result.get(17),
"-Dhadoop.root.logfile=container-localizer-syslog");
Assert.assertEquals(result.get(18),
"org.apache.hadoop.yarn.server.nodemanager.containermanager.localizer.ContainerLocalizer");
Assert.assertEquals(result.get(19), "test");
Assert.assertEquals(result.get(20), "application_0");
Assert.assertEquals(result.get(21), "12345");
Assert.assertEquals(result.get(22), "localhost");
Assert.assertEquals(result.get(23), "8040");
} catch (InterruptedException e) {
LOG.error("Error:"+e.getMessage(),e);