diff --git a/hadoop-yarn-project/CHANGES.txt b/hadoop-yarn-project/CHANGES.txt index 49bcb73577a..3a0956227d7 100644 --- a/hadoop-yarn-project/CHANGES.txt +++ b/hadoop-yarn-project/CHANGES.txt @@ -82,6 +82,9 @@ Release 2.9.0 - UNRELEASED YARN-4584. RM startup failure when AM attempts greater than max-attempts. (Bibin A Chundatt via rohithsharmaks) + YARN-4578. Directories that are mounted in docker containers need to be more + restrictive/container-specific. (Sidharta Seethana via vvasudev) + Release 2.8.0 - UNRELEASED INCOMPATIBLE CHANGES diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/LinuxContainerExecutor.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/LinuxContainerExecutor.java index 8549230fbdd..ff82e972fd2 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/LinuxContainerExecutor.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/LinuxContainerExecutor.java @@ -291,6 +291,8 @@ public class LinuxContainerExecutor extends ContainerExecutor { Path containerWorkDir = ctx.getContainerWorkDir(); List localDirs = ctx.getLocalDirs(); List logDirs = ctx.getLogDirs(); + List containerLocalDirs = ctx.getContainerLocalDirs(); + List containerLogDirs = ctx.getContainerLogDirs(); Map> localizedResources = ctx.getLocalizedResources(); verifyUsernamePattern(user); @@ -375,6 +377,8 @@ public class LinuxContainerExecutor extends ContainerExecutor { .setExecutionAttribute(PID_FILE_PATH, pidFilePath) .setExecutionAttribute(LOCAL_DIRS, localDirs) .setExecutionAttribute(LOG_DIRS, logDirs) + .setExecutionAttribute(CONTAINER_LOCAL_DIRS, containerLocalDirs) + .setExecutionAttribute(CONTAINER_LOG_DIRS, containerLogDirs) .setExecutionAttribute(RESOURCES_OPTIONS, resourcesOptions); if (tcCommandFile != null) { diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/launcher/ContainerLaunch.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/launcher/ContainerLaunch.java index 6371b218938..64689dd6000 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/launcher/ContainerLaunch.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/launcher/ContainerLaunch.java @@ -253,6 +253,7 @@ public class ContainerLaunch implements Callable { + dirsHandler.getDisksHealthReport(false)); } + List containerLocalDirs = new ArrayList<>(localDirs.size()); try { // /////////// Write out the container-script in the nmPrivate space. List appDirs = new ArrayList(localDirs.size()); @@ -261,6 +262,14 @@ public class ContainerLaunch implements Callable { Path userdir = new Path(usersdir, user); Path appsdir = new Path(userdir, ContainerLocalizer.APPCACHE); appDirs.add(new Path(appsdir, appIdStr)); + + String containerLocalDir = localDir + Path.SEPARATOR + + ContainerLocalizer.USERCACHE + Path.SEPARATOR + user + + Path.SEPARATOR + + ContainerLocalizer.APPCACHE + Path.SEPARATOR + appIdStr + + Path.SEPARATOR; + + containerLocalDirs.add(containerLocalDir); } containerScriptOutStream = lfs.create(nmPrivateContainerScriptPath, @@ -317,6 +326,8 @@ public class ContainerLaunch implements Callable { .setContainerWorkDir(containerWorkDir) .setLocalDirs(localDirs) .setLogDirs(logDirs) + .setContainerLocalDirs(containerLocalDirs) + .setContainerLogDirs(containerLogDirs) .build()); } } catch (Throwable e) { diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/DockerLinuxContainerRuntime.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/DockerLinuxContainerRuntime.java index f8aae81c7f4..2dee663b33c 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/DockerLinuxContainerRuntime.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/DockerLinuxContainerRuntime.java @@ -223,6 +223,12 @@ public class DockerLinuxContainerRuntime implements LinuxContainerRuntime { List localDirs = ctx.getExecutionAttribute(LOCAL_DIRS); @SuppressWarnings("unchecked") List logDirs = ctx.getExecutionAttribute(LOG_DIRS); + @SuppressWarnings("unchecked") + List containerLocalDirs = ctx.getExecutionAttribute( + CONTAINER_LOCAL_DIRS); + @SuppressWarnings("unchecked") + List containerLogDirs = ctx.getExecutionAttribute( + CONTAINER_LOG_DIRS); Set capabilities = new HashSet<>(Arrays.asList(conf.getStrings( YarnConfiguration.NM_DOCKER_CONTAINER_CAPABILITIES, YarnConfiguration.DEFAULT_NM_DOCKER_CONTAINER_CAPABILITIES))); @@ -235,10 +241,10 @@ public class DockerLinuxContainerRuntime implements LinuxContainerRuntime { .setNetworkType("host") .setCapabilities(capabilities) .addMountLocation("/etc/passwd", "/etc/password:ro"); - List allDirs = new ArrayList<>(localDirs); + List allDirs = new ArrayList<>(containerLocalDirs); allDirs.add(containerWorkDir.toString()); - allDirs.addAll(logDirs); + allDirs.addAll(containerLogDirs); for (String dir: allDirs) { runCommand.addMountLocation(dir, dir); } diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/LinuxContainerRuntimeConstants.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/LinuxContainerRuntimeConstants.java index d2069a93566..96ff40dd513 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/LinuxContainerRuntimeConstants.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/LinuxContainerRuntimeConstants.java @@ -55,6 +55,10 @@ public final class LinuxContainerRuntimeConstants { List.class, "local_dirs"); public static final Attribute LOG_DIRS = Attribute.attribute( List.class, "log_dirs"); + public static final Attribute CONTAINER_LOCAL_DIRS = Attribute + .attribute(List.class, "container_local_dirs"); + public static final Attribute CONTAINER_LOG_DIRS = Attribute.attribute( + List.class, "container_log_dirs"); public static final Attribute RESOURCES_OPTIONS = Attribute.attribute( String.class, "resources_options"); public static final Attribute TC_COMMAND_FILE = Attribute.attribute( diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/executor/ContainerStartContext.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/executor/ContainerStartContext.java index ffcc519f8b7..b14a52090a6 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/executor/ContainerStartContext.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/executor/ContainerStartContext.java @@ -45,6 +45,8 @@ public final class ContainerStartContext { private final Path containerWorkDir; private final List localDirs; private final List logDirs; + private final List containerLocalDirs; + private final List containerLogDirs; public static final class Builder { private Container container; @@ -56,6 +58,8 @@ public final class ContainerStartContext { private Path containerWorkDir; private List localDirs; private List logDirs; + private List containerLocalDirs; + private List containerLogDirs; public Builder() { } @@ -107,6 +111,16 @@ public final class ContainerStartContext { return this; } + public Builder setContainerLocalDirs(List containerLocalDirs) { + this.containerLocalDirs = containerLocalDirs; + return this; + } + + public Builder setContainerLogDirs(List containerLogDirs) { + this.containerLogDirs = containerLogDirs; + return this; + } + public ContainerStartContext build() { return new ContainerStartContext(this); } @@ -122,6 +136,8 @@ public final class ContainerStartContext { this.containerWorkDir = builder.containerWorkDir; this.localDirs = builder.localDirs; this.logDirs = builder.logDirs; + this.containerLocalDirs = builder.containerLocalDirs; + this.containerLogDirs = builder.containerLogDirs; } public Container getContainer() { @@ -163,4 +179,12 @@ public final class ContainerStartContext { public List getLogDirs() { return Collections.unmodifiableList(this.logDirs); } + + public List getContainerLocalDirs() { + return this.containerLocalDirs; + } + + public List getContainerLogDirs() { + return this.containerLogDirs; + } } \ No newline at end of file diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/test/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/TestDockerContainerRuntime.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/test/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/TestDockerContainerRuntime.java index 7fc0158b600..6898634a2d0 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/test/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/TestDockerContainerRuntime.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/test/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/TestDockerContainerRuntime.java @@ -81,6 +81,8 @@ public class TestDockerContainerRuntime { Path pidFilePath; List localDirs; List logDirs; + List containerLocalDirs; + List containerLogDirs; String resourcesOptions; ContainerRuntimeContext.Builder builder; String submittingUser = "anakin"; @@ -123,9 +125,13 @@ public class TestDockerContainerRuntime { localDirs = new ArrayList<>(); logDirs = new ArrayList<>(); resourcesOptions = "cgroups=none"; + containerLocalDirs = new ArrayList<>(); + containerLogDirs = new ArrayList<>(); localDirs.add("/test_local_dir"); logDirs.add("/test_log_dir"); + containerLocalDirs.add("/test_container_local_dir"); + containerLogDirs.add("/test_container_log_dir"); builder = new ContainerRuntimeContext .Builder(container); @@ -141,6 +147,8 @@ public class TestDockerContainerRuntime { .setExecutionAttribute(PID_FILE_PATH, pidFilePath) .setExecutionAttribute(LOCAL_DIRS, localDirs) .setExecutionAttribute(LOG_DIRS, logDirs) + .setExecutionAttribute(CONTAINER_LOCAL_DIRS, containerLocalDirs) + .setExecutionAttribute(CONTAINER_LOG_DIRS, containerLogDirs) .setExecutionAttribute(RESOURCES_OPTIONS, resourcesOptions); } @@ -245,8 +253,8 @@ public class TestDockerContainerRuntime { .append("bash %8$s/launch_container.sh"); String expectedCommand = String.format(expectedCommandTemplate.toString(), - containerId, runAsUser, containerWorkDir, localDirs.get(0), - containerWorkDir, logDirs.get(0), image, containerWorkDir); + containerId, runAsUser, containerWorkDir, containerLocalDirs.get(0), + containerWorkDir, containerLogDirs.get(0), image, containerWorkDir); List dockerCommands = Files.readAllLines(Paths.get (dockerCommandFile), Charset.forName("UTF-8"));