YARN-8141. Removed YARN_CONTAINER_RUNTIME_DOCKER_LOCAL_RESOURCE_MOUNTS flag.
Contributed by Chandni Singh
(cherry-picked from commit d45a0b7d73
)
This commit is contained in:
parent
044573b628
commit
aafaa5f99b
|
@ -46,6 +46,8 @@ public class AbstractLauncher {
|
||||||
private static final Logger log =
|
private static final Logger log =
|
||||||
LoggerFactory.getLogger(AbstractLauncher.class);
|
LoggerFactory.getLogger(AbstractLauncher.class);
|
||||||
public static final String CLASSPATH = "CLASSPATH";
|
public static final String CLASSPATH = "CLASSPATH";
|
||||||
|
public static final String ENV_DOCKER_CONTAINER_MOUNTS =
|
||||||
|
"YARN_CONTAINER_RUNTIME_DOCKER_MOUNTS";
|
||||||
/**
|
/**
|
||||||
* Env vars; set up at final launch stage
|
* Env vars; set up at final launch stage
|
||||||
*/
|
*/
|
||||||
|
@ -153,17 +155,23 @@ public class AbstractLauncher {
|
||||||
env.put("YARN_CONTAINER_RUNTIME_DOCKER_RUN_PRIVILEGED_CONTAINER",
|
env.put("YARN_CONTAINER_RUNTIME_DOCKER_RUN_PRIVILEGED_CONTAINER",
|
||||||
"true");
|
"true");
|
||||||
}
|
}
|
||||||
StringBuilder sb = new StringBuilder();
|
if (!mountPaths.isEmpty()) {
|
||||||
for (Entry<String,String> mount : mountPaths.entrySet()) {
|
StringBuilder sb = new StringBuilder();
|
||||||
if (sb.length() > 0) {
|
if (env.get(ENV_DOCKER_CONTAINER_MOUNTS) != null) {
|
||||||
sb.append(",");
|
// user specified mounts in the spec
|
||||||
|
sb.append(env.get(ENV_DOCKER_CONTAINER_MOUNTS));
|
||||||
}
|
}
|
||||||
sb.append(mount.getKey());
|
for (Entry<String, String> mount : mountPaths.entrySet()) {
|
||||||
sb.append(":");
|
if (sb.length() > 0) {
|
||||||
sb.append(mount.getValue());
|
sb.append(",");
|
||||||
|
}
|
||||||
|
sb.append(mount.getKey()).append(":");
|
||||||
|
sb.append(mount.getValue()).append(":ro");
|
||||||
|
}
|
||||||
|
env.put(ENV_DOCKER_CONTAINER_MOUNTS, sb.toString());
|
||||||
}
|
}
|
||||||
env.put("YARN_CONTAINER_RUNTIME_DOCKER_LOCAL_RESOURCE_MOUNTS", sb.toString());
|
log.info("yarn docker env var has been set {}",
|
||||||
log.info("yarn docker env var has been set {}", containerLaunchContext.getEnvironment().toString());
|
containerLaunchContext.getEnvironment().toString());
|
||||||
}
|
}
|
||||||
|
|
||||||
return containerLaunchContext;
|
return containerLaunchContext;
|
||||||
|
|
|
@ -153,14 +153,6 @@ import static org.apache.hadoop.yarn.server.nodemanager.containermanager.linux.r
|
||||||
* setting it to false.
|
* setting it to false.
|
||||||
* </li>
|
* </li>
|
||||||
* <li>
|
* <li>
|
||||||
* {@code YARN_CONTAINER_RUNTIME_DOCKER_LOCAL_RESOURCE_MOUNTS} adds
|
|
||||||
* additional volume mounts to the Docker container. The value of the
|
|
||||||
* environment variable should be a comma-separated list of mounts.
|
|
||||||
* All such mounts must be given as {@code source:dest}, where the
|
|
||||||
* source is an absolute path that is not a symlink and that points to a
|
|
||||||
* localized resource.
|
|
||||||
* </li>
|
|
||||||
* <li>
|
|
||||||
* {@code YARN_CONTAINER_RUNTIME_DOCKER_MOUNTS} allows users to specify
|
* {@code YARN_CONTAINER_RUNTIME_DOCKER_MOUNTS} allows users to specify
|
||||||
+ additional volume mounts for the Docker container. The value of the
|
+ additional volume mounts for the Docker container. The value of the
|
||||||
* environment variable should be a comma-separated list of mounts.
|
* environment variable should be a comma-separated list of mounts.
|
||||||
|
@ -227,9 +219,6 @@ public class DockerLinuxContainerRuntime implements LinuxContainerRuntime {
|
||||||
public static final String ENV_DOCKER_CONTAINER_RUN_ENABLE_USER_REMAPPING =
|
public static final String ENV_DOCKER_CONTAINER_RUN_ENABLE_USER_REMAPPING =
|
||||||
"YARN_CONTAINER_RUNTIME_DOCKER_RUN_ENABLE_USER_REMAPPING";
|
"YARN_CONTAINER_RUNTIME_DOCKER_RUN_ENABLE_USER_REMAPPING";
|
||||||
@InterfaceAudience.Private
|
@InterfaceAudience.Private
|
||||||
public static final String ENV_DOCKER_CONTAINER_LOCAL_RESOURCE_MOUNTS =
|
|
||||||
"YARN_CONTAINER_RUNTIME_DOCKER_LOCAL_RESOURCE_MOUNTS";
|
|
||||||
@InterfaceAudience.Private
|
|
||||||
public static final String ENV_DOCKER_CONTAINER_MOUNTS =
|
public static final String ENV_DOCKER_CONTAINER_MOUNTS =
|
||||||
"YARN_CONTAINER_RUNTIME_DOCKER_MOUNTS";
|
"YARN_CONTAINER_RUNTIME_DOCKER_MOUNTS";
|
||||||
@InterfaceAudience.Private
|
@InterfaceAudience.Private
|
||||||
|
@ -675,8 +664,7 @@ public class DockerLinuxContainerRuntime implements LinuxContainerRuntime {
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
@VisibleForTesting
|
private String mountReadOnlyPath(String mount,
|
||||||
protected String validateMount(String mount,
|
|
||||||
Map<Path, List<String>> localizedResources)
|
Map<Path, List<String>> localizedResources)
|
||||||
throws ContainerExecutionException {
|
throws ContainerExecutionException {
|
||||||
for (Entry<Path, List<String>> resource : localizedResources.entrySet()) {
|
for (Entry<Path, List<String>> resource : localizedResources.entrySet()) {
|
||||||
|
@ -812,23 +800,6 @@ public class DockerLinuxContainerRuntime implements LinuxContainerRuntime {
|
||||||
runCommand.addAllReadOnlyMountLocations(filecacheDirs);
|
runCommand.addAllReadOnlyMountLocations(filecacheDirs);
|
||||||
runCommand.addAllReadOnlyMountLocations(userFilecacheDirs);
|
runCommand.addAllReadOnlyMountLocations(userFilecacheDirs);
|
||||||
|
|
||||||
if (environment.containsKey(ENV_DOCKER_CONTAINER_LOCAL_RESOURCE_MOUNTS)) {
|
|
||||||
String mounts = environment.get(
|
|
||||||
ENV_DOCKER_CONTAINER_LOCAL_RESOURCE_MOUNTS);
|
|
||||||
if (!mounts.isEmpty()) {
|
|
||||||
for (String mount : StringUtils.split(mounts)) {
|
|
||||||
String[] dir = StringUtils.split(mount, ':');
|
|
||||||
if (dir.length != 2) {
|
|
||||||
throw new ContainerExecutionException("Invalid mount : " +
|
|
||||||
mount);
|
|
||||||
}
|
|
||||||
String src = validateMount(dir[0], localizedResources);
|
|
||||||
String dst = dir[1];
|
|
||||||
runCommand.addReadOnlyMountLocation(src, dst, true);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
if (environment.containsKey(ENV_DOCKER_CONTAINER_MOUNTS)) {
|
if (environment.containsKey(ENV_DOCKER_CONTAINER_MOUNTS)) {
|
||||||
Matcher parsedMounts = USER_MOUNT_PATTERN.matcher(
|
Matcher parsedMounts = USER_MOUNT_PATTERN.matcher(
|
||||||
environment.get(ENV_DOCKER_CONTAINER_MOUNTS));
|
environment.get(ENV_DOCKER_CONTAINER_MOUNTS));
|
||||||
|
@ -840,6 +811,10 @@ public class DockerLinuxContainerRuntime implements LinuxContainerRuntime {
|
||||||
parsedMounts.reset();
|
parsedMounts.reset();
|
||||||
while (parsedMounts.find()) {
|
while (parsedMounts.find()) {
|
||||||
String src = parsedMounts.group(1);
|
String src = parsedMounts.group(1);
|
||||||
|
java.nio.file.Path srcPath = java.nio.file.Paths.get(src);
|
||||||
|
if (!srcPath.isAbsolute()) {
|
||||||
|
src = mountReadOnlyPath(src, localizedResources);
|
||||||
|
}
|
||||||
String dst = parsedMounts.group(2);
|
String dst = parsedMounts.group(2);
|
||||||
String mode = parsedMounts.group(3);
|
String mode = parsedMounts.group(3);
|
||||||
if (!mode.equals("ro") && !mode.equals("rw")) {
|
if (!mode.equals("ro") && !mode.equals("rw")) {
|
||||||
|
|
|
@ -26,7 +26,6 @@ import org.apache.hadoop.fs.FileUtil;
|
||||||
import org.apache.hadoop.fs.Path;
|
import org.apache.hadoop.fs.Path;
|
||||||
import org.apache.hadoop.io.DataOutputBuffer;
|
import org.apache.hadoop.io.DataOutputBuffer;
|
||||||
import org.apache.hadoop.registry.client.api.RegistryConstants;
|
import org.apache.hadoop.registry.client.api.RegistryConstants;
|
||||||
import org.apache.hadoop.registry.client.binding.RegistryPathUtils;
|
|
||||||
import org.apache.hadoop.security.Credentials;
|
import org.apache.hadoop.security.Credentials;
|
||||||
import org.apache.hadoop.util.Shell;
|
import org.apache.hadoop.util.Shell;
|
||||||
import org.apache.hadoop.util.StringUtils;
|
import org.apache.hadoop.util.StringUtils;
|
||||||
|
@ -1093,7 +1092,7 @@ public class TestDockerContainerRuntime {
|
||||||
runtime.initialize(conf, nmContext);
|
runtime.initialize(conf, nmContext);
|
||||||
|
|
||||||
env.put(
|
env.put(
|
||||||
DockerLinuxContainerRuntime.ENV_DOCKER_CONTAINER_LOCAL_RESOURCE_MOUNTS,
|
DockerLinuxContainerRuntime.ENV_DOCKER_CONTAINER_MOUNTS,
|
||||||
"source");
|
"source");
|
||||||
|
|
||||||
try {
|
try {
|
||||||
|
@ -1113,8 +1112,8 @@ public class TestDockerContainerRuntime {
|
||||||
runtime.initialize(conf, nmContext);
|
runtime.initialize(conf, nmContext);
|
||||||
|
|
||||||
env.put(
|
env.put(
|
||||||
DockerLinuxContainerRuntime.ENV_DOCKER_CONTAINER_LOCAL_RESOURCE_MOUNTS,
|
DockerLinuxContainerRuntime.ENV_DOCKER_CONTAINER_MOUNTS,
|
||||||
"test_dir/test_resource_file:test_mount");
|
"test_dir/test_resource_file:test_mount:ro");
|
||||||
|
|
||||||
runtime.launchContainer(builder.build());
|
runtime.launchContainer(builder.build());
|
||||||
PrivilegedOperation op = capturePrivilegedOperationAndVerifyArgs();
|
PrivilegedOperation op = capturePrivilegedOperationAndVerifyArgs();
|
||||||
|
@ -1159,24 +1158,6 @@ public class TestDockerContainerRuntime {
|
||||||
dockerCommands.get(counter));
|
dockerCommands.get(counter));
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
|
||||||
public void testMountInvalid() throws ContainerExecutionException {
|
|
||||||
DockerLinuxContainerRuntime runtime = new DockerLinuxContainerRuntime(
|
|
||||||
mockExecutor, mockCGroupsHandler);
|
|
||||||
runtime.initialize(conf, nmContext);
|
|
||||||
|
|
||||||
env.put(
|
|
||||||
DockerLinuxContainerRuntime.ENV_DOCKER_CONTAINER_LOCAL_RESOURCE_MOUNTS,
|
|
||||||
"source:target:other");
|
|
||||||
|
|
||||||
try {
|
|
||||||
runtime.launchContainer(builder.build());
|
|
||||||
Assert.fail("Expected a launch container failure due to invalid mount.");
|
|
||||||
} catch (ContainerExecutionException e) {
|
|
||||||
LOG.info("Caught expected exception : " + e);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testMountMultiple()
|
public void testMountMultiple()
|
||||||
throws ContainerExecutionException, PrivilegedOperationException,
|
throws ContainerExecutionException, PrivilegedOperationException,
|
||||||
|
@ -1186,9 +1167,9 @@ public class TestDockerContainerRuntime {
|
||||||
runtime.initialize(conf, nmContext);
|
runtime.initialize(conf, nmContext);
|
||||||
|
|
||||||
env.put(
|
env.put(
|
||||||
DockerLinuxContainerRuntime.ENV_DOCKER_CONTAINER_LOCAL_RESOURCE_MOUNTS,
|
DockerLinuxContainerRuntime.ENV_DOCKER_CONTAINER_MOUNTS,
|
||||||
"test_dir/test_resource_file:test_mount1," +
|
"test_dir/test_resource_file:test_mount1:ro," +
|
||||||
"test_dir/test_resource_file:test_mount2");
|
"test_dir/test_resource_file:test_mount2:ro");
|
||||||
|
|
||||||
runtime.launchContainer(builder.build());
|
runtime.launchContainer(builder.build());
|
||||||
PrivilegedOperation op = capturePrivilegedOperationAndVerifyArgs();
|
PrivilegedOperation op = capturePrivilegedOperationAndVerifyArgs();
|
||||||
|
|
|
@ -303,7 +303,6 @@ environment variables in the application's environment:
|
||||||
| `YARN_CONTAINER_RUNTIME_DOCKER_CONTAINER_NETWORK` | Sets the network type to be used by the Docker container. It must be a valid value as determined by the yarn.nodemanager.runtime.linux.docker.allowed-container-networks property. |
|
| `YARN_CONTAINER_RUNTIME_DOCKER_CONTAINER_NETWORK` | Sets the network type to be used by the Docker container. It must be a valid value as determined by the yarn.nodemanager.runtime.linux.docker.allowed-container-networks property. |
|
||||||
| `YARN_CONTAINER_RUNTIME_DOCKER_CONTAINER_PID_NAMESPACE` | Controls which PID namespace will be used by the Docker container. By default, each Docker container has its own PID namespace. To share the namespace of the host, the yarn.nodemanager.runtime.linux.docker.host-pid-namespace.allowed property must be set to true. If the host PID namespace is allowed and this environment variable is set to host, the Docker container will share the host's PID namespace. No other value is allowed. |
|
| `YARN_CONTAINER_RUNTIME_DOCKER_CONTAINER_PID_NAMESPACE` | Controls which PID namespace will be used by the Docker container. By default, each Docker container has its own PID namespace. To share the namespace of the host, the yarn.nodemanager.runtime.linux.docker.host-pid-namespace.allowed property must be set to true. If the host PID namespace is allowed and this environment variable is set to host, the Docker container will share the host's PID namespace. No other value is allowed. |
|
||||||
| `YARN_CONTAINER_RUNTIME_DOCKER_RUN_PRIVILEGED_CONTAINER` | Controls whether the Docker container is a privileged container. In order to use privileged containers, the yarn.nodemanager.runtime.linux.docker.privileged-containers.allowed property must be set to true, and the application owner must appear in the value of the yarn.nodemanager.runtime.linux.docker.privileged-containers.acl property. If this environment variable is set to true, a privileged Docker container will be used if allowed. No other value is allowed, so the environment variable should be left unset rather than setting it to false. |
|
| `YARN_CONTAINER_RUNTIME_DOCKER_RUN_PRIVILEGED_CONTAINER` | Controls whether the Docker container is a privileged container. In order to use privileged containers, the yarn.nodemanager.runtime.linux.docker.privileged-containers.allowed property must be set to true, and the application owner must appear in the value of the yarn.nodemanager.runtime.linux.docker.privileged-containers.acl property. If this environment variable is set to true, a privileged Docker container will be used if allowed. No other value is allowed, so the environment variable should be left unset rather than setting it to false. |
|
||||||
| `YARN_CONTAINER_RUNTIME_DOCKER_LOCAL_RESOURCE_MOUNTS` | Adds additional volume mounts to the Docker container. The value of the environment variable should be a comma-separated list of mounts. All such mounts must be given as "source:dest", where the source is an absolute path that is not a symlink and that points to a localized resource. Note that as of YARN-5298, localized directories are automatically mounted into the container as volumes. |
|
|
||||||
| `YARN_CONTAINER_RUNTIME_DOCKER_MOUNTS` | Adds additional volume mounts to the Docker container. The value of the environment variable should be a comma-separated list of mounts. All such mounts must be given as "source:dest:mode" and the mode must be "ro" (read-only) or "rw" (read-write) to specify the type of access being requested. The requested mounts will be validated by container-executor based on the values set in container-executor.cfg for docker.allowed.ro-mounts and docker.allowed.rw-mounts. |
|
| `YARN_CONTAINER_RUNTIME_DOCKER_MOUNTS` | Adds additional volume mounts to the Docker container. The value of the environment variable should be a comma-separated list of mounts. All such mounts must be given as "source:dest:mode" and the mode must be "ro" (read-only) or "rw" (read-write) to specify the type of access being requested. The requested mounts will be validated by container-executor based on the values set in container-executor.cfg for docker.allowed.ro-mounts and docker.allowed.rw-mounts. |
|
||||||
| `YARN_CONTAINER_RUNTIME_DOCKER_DELAYED_REMOVAL` | Allows a user to request delayed deletion of the Docker container on a per container basis. If true, Docker containers will not be removed until the duration defined by yarn.nodemanager.delete.debug-delay-sec has elapsed. Administrators can disable this feature through the yarn-site property yarn.nodemanager.runtime.linux.docker.delayed-removal.allowed. This feature is disabled by default. When this feature is disabled or set to false, the container will be removed as soon as it exits. |
|
| `YARN_CONTAINER_RUNTIME_DOCKER_DELAYED_REMOVAL` | Allows a user to request delayed deletion of the Docker container on a per container basis. If true, Docker containers will not be removed until the duration defined by yarn.nodemanager.delete.debug-delay-sec has elapsed. Administrators can disable this feature through the yarn-site property yarn.nodemanager.runtime.linux.docker.delayed-removal.allowed. This feature is disabled by default. When this feature is disabled or set to false, the container will be removed as soon as it exits. |
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue