big-data/hadoop
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

YARN-5042. Mount /sys/fs/cgroup into Docker containers as read only mount. Contributed by luhuichun.

Browse Source
This commit is contained in:
Varun Vasudev 2016-08-25 12:56:11 +05:30
parent 79603f5882
commit 525d52bf7c
3 changed files with 14 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/DockerLinuxContainerRuntime.java
View File

@ -447,7 +447,8 @@ public void launchContainer(ContainerRuntimeContext ctx)
.detachOnRun()
.setContainerWorkDir(containerWorkDir.toString())
.setNetworkType(network)
.setCapabilities(capabilities);
.setCapabilities(capabilities)
.addMountLocation("/sys/fs/cgroup", "/sys/fs/cgroup:ro", false);
List<String> allDirs = new ArrayList<>(containerLocalDirs);
allDirs.addAll(filecacheDirs);
@ -455,7 +456,7 @@ public void launchContainer(ContainerRuntimeContext ctx)
allDirs.addAll(containerLogDirs);
allDirs.addAll(userLocalDirs);
for (String dir: allDirs) {
runCommand.addMountLocation(dir, dir);
runCommand.addMountLocation(dir, dir, true);
}
if (environment.containsKey(ENV_DOCKER_CONTAINER_LOCAL_RESOURCE_MOUNTS)) {
@ -470,7 +471,7 @@ public void launchContainer(ContainerRuntimeContext ctx)
}
String src = validateMount(dir[0], localizedResources);
String dst = dir[1];
runCommand.addMountLocation(src, dst + ":ro");
runCommand.addMountLocation(src, dst + ":ro", true);
}
}
}

7
hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/docker/DockerRunCommand.java
View File

@ -22,6 +22,7 @@
import org.apache.hadoop.util.StringUtils;
import java.io.File;
import java.util.ArrayList;
import java.util.List;
import java.util.Set;
@ -59,7 +60,11 @@ public DockerRunCommand setNetworkType(String type) {
}
public DockerRunCommand addMountLocation(String sourcePath, String
destinationPath) {
destinationPath, boolean createSource) {
boolean sourceExists = new File(sourcePath).exists();
if (!sourceExists && !createSource) {
return this;
}
super.addCommandArguments("-v", sourcePath + ":" + destinationPath);
return this;
}

4
hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/test/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/TestDockerContainerRuntime.java
View File

@ -276,6 +276,7 @@ public void testDockerContainerLaunch()
.append("--workdir=%3$s ")
.append("--net=host ")
.append(getExpectedTestCapabilitiesArgumentString())
.append("-v /sys/fs/cgroup:/sys/fs/cgroup:ro ")
.append("-v %4$s:%4$s ")
.append("-v %5$s:%5$s ")
.append("-v %6$s:%6$s ")
@ -381,6 +382,7 @@ public void testContainerLaunchWithNetworkingDefaults()
.append("--workdir=%3$s ")
.append("--net=" + allowedNetwork + " ")
.append(getExpectedTestCapabilitiesArgumentString())
.append("-v /sys/fs/cgroup:/sys/fs/cgroup:ro ")
.append("-v %4$s:%4$s ").append("-v %5$s:%5$s ")
.append("-v %6$s:%6$s ").append("-v %7$s:%7$s ")
.append("-v %8$s:%8$s ").append("%9$s ")
@ -435,6 +437,7 @@ public void testContainerLaunchWithCustomNetworks()
.append("--workdir=%3$s ")
.append("--net=" + customNetwork1 + " ")
.append(getExpectedTestCapabilitiesArgumentString())
.append("-v /sys/fs/cgroup:/sys/fs/cgroup:ro ")
.append("-v %4$s:%4$s ").append("-v %5$s:%5$s ")
.append("-v %6$s:%6$s ").append("-v %7$s:%7$s ")
.append("-v %8$s:%8$s ").append("%9$s ")
@ -471,6 +474,7 @@ public void testContainerLaunchWithCustomNetworks()
.append("--workdir=%3$s ")
.append("--net=" + customNetwork2 + " ")
.append(getExpectedTestCapabilitiesArgumentString())
.append("-v /sys/fs/cgroup:/sys/fs/cgroup:ro ")
.append("-v %4$s:%4$s ").append("-v %5$s:%5$s ")
.append("-v %6$s:%6$s ").append("-v %7$s:%7$s ")
.append("-v %8$s:%8$s ").append("%9$s ")