YARN-9660. Update support documentation for Docker on YARN.
Contributed by Peter Bacsko
This commit is contained in:
parent
c7b5f858a0
commit
555dabf4f8
@ -359,6 +359,58 @@ implicitly perform a Docker pull command. Both MapReduce and Spark assume that
|
|||||||
tasks which take more that 10 minutes to report progress have stalled, so
|
tasks which take more that 10 minutes to report progress have stalled, so
|
||||||
specifying a large Docker image may cause the application to fail.
|
specifying a large Docker image may cause the application to fail.
|
||||||
|
|
||||||
|
CGroups configuration Requirements
|
||||||
|
----------------------------------
|
||||||
|
The Docker plugin utilizes cgroups to limit resource usage of individual containers.
|
||||||
|
Since launched containers belong to YARN, the command line option `--cgroup-parent` is
|
||||||
|
used to define the appropriate control group.
|
||||||
|
|
||||||
|
Docker supports two different cgroups driver: `cgroupfs` and `systemd`. Note that only
|
||||||
|
`cgroupfs` is supported - attempt to launch a Docker container with `systemd` results in the
|
||||||
|
following, similar error message:
|
||||||
|
|
||||||
|
```
|
||||||
|
Container id: container_1561638268473_0006_01_000002
|
||||||
|
Exit code: 7
|
||||||
|
Exception message: Launch container failed
|
||||||
|
Shell error output: /usr/bin/docker-current: Error response from daemon: cgroup-parent for systemd cgroup should be a valid slice named as "xxx.slice".
|
||||||
|
See '/usr/bin/docker-current run --help'.
|
||||||
|
Shell output: main : command provided 4
|
||||||
|
```
|
||||||
|
|
||||||
|
This means you have to reconfigure the Docker deamon on each host where `systemd` driver is used.
|
||||||
|
|
||||||
|
Depending on what OS Hadoop is running on, reconfiguration might require different steps. However,
|
||||||
|
if `systemd` was chosen for cgroups driver, it is likely that the `systemctl` command is available
|
||||||
|
on the system.
|
||||||
|
|
||||||
|
Check the `ExecStart` property of the Docker daemon:
|
||||||
|
|
||||||
|
```
|
||||||
|
~$ systemctl show --no-pager --property=ExecStart docker.service
|
||||||
|
ExecStart={ path=/usr/bin/dockerd-current ; argv[]=/usr/bin/dockerd-current --add-runtime
|
||||||
|
docker-runc=/usr/libexec/docker/docker-runc-current --default-runtime=docker-runc --exec-opt native.cgroupdriver=systemd
|
||||||
|
--userland-proxy-path=/usr/libexec/docker/docker-proxy-current
|
||||||
|
--init-path=/usr/libexec/docker/docker-init-current
|
||||||
|
--seccomp-profile=/etc/docker/seccomp.json
|
||||||
|
$OPTIONS $DOCKER_STORAGE_OPTIONS $DOCKER_NETWORK_OPTIONS $ADD_REGISTRY $BLOCK_REGISTRY $INSECURE_REGISTRY $REGISTRIES ;
|
||||||
|
ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }
|
||||||
|
```
|
||||||
|
|
||||||
|
This example shows that the `native.cgroupdriver` is `systemd`. You have to modify that in the unit file of the daemon.
|
||||||
|
|
||||||
|
```
|
||||||
|
~$ sudo systemctl edit --full docker.service
|
||||||
|
```
|
||||||
|
|
||||||
|
This brings up the whole configuration for editing. Just replace the `systemd` string to `cgroupfs`. Save the
|
||||||
|
changes and restart both the systemd and Docker daemon:
|
||||||
|
|
||||||
|
```
|
||||||
|
~$ sudo systemctl daemon-reload
|
||||||
|
~$ sudo systemctl restart docker.service
|
||||||
|
```
|
||||||
|
|
||||||
Application Submission
|
Application Submission
|
||||||
----------------------
|
----------------------
|
||||||
|
|
||||||
@ -667,6 +719,14 @@ In development environment, local images can be tagged with a repository name pr
|
|||||||
docker tag centos:latest localhost:5000/centos:latest
|
docker tag centos:latest localhost:5000/centos:latest
|
||||||
```
|
```
|
||||||
|
|
||||||
|
Let's say you have an Ubuntu-based image with some changes in the local repository and you wish to use it.
|
||||||
|
The following example tags the `local_ubuntu` image:
|
||||||
|
```
|
||||||
|
docker tag local_ubuntu local/ubuntu:latest
|
||||||
|
```
|
||||||
|
|
||||||
|
Next, you have to add `local` to `docker.trusted.registries`. The image can be referenced by using `local/ubuntu`.
|
||||||
|
|
||||||
Trusted images are allowed to mount external devices such as HDFS via NFS gateway, or host level Hadoop configuration. If system administrators allow writing to external volumes using `docker.allow.rw-mounts directive`, privileged docker container can have full control of host level files in the predefined volumes.
|
Trusted images are allowed to mount external devices such as HDFS via NFS gateway, or host level Hadoop configuration. If system administrators allow writing to external volumes using `docker.allow.rw-mounts directive`, privileged docker container can have full control of host level files in the predefined volumes.
|
||||||
|
|
||||||
For [YARN Service HTTPD example](./yarn-service/Examples.html), container-executor.cfg must define centos docker registry to be trusted for the example to run.
|
For [YARN Service HTTPD example](./yarn-service/Examples.html), container-executor.cfg must define centos docker registry to be trusted for the example to run.
|
||||||
@ -981,6 +1041,32 @@ In yarn-env.sh, define:
|
|||||||
export YARN_CONTAINER_RUNTIME_DOCKER_RUN_OVERRIDE_DISABLE=true
|
export YARN_CONTAINER_RUNTIME_DOCKER_RUN_OVERRIDE_DISABLE=true
|
||||||
```
|
```
|
||||||
|
|
||||||
|
Requirements when not using ENTRYPOINT (YARN mode)
|
||||||
|
--------------------------------------------------
|
||||||
|
There are two requirements when ENTRYPOINT is not used:
|
||||||
|
|
||||||
|
1. `/bin/bash` must be available inside the image. This is generally true,
|
||||||
|
however, tiny Docker images (eg. ones which use busybox for shell commands)
|
||||||
|
might not have bash installed. In this case, the following error is
|
||||||
|
displayed:
|
||||||
|
|
||||||
|
```
|
||||||
|
Container id: container_1561638268473_0015_01_000002
|
||||||
|
Exit code: 7
|
||||||
|
Exception message: Launch container failed
|
||||||
|
Shell error output: /usr/bin/docker-current: Error response from daemon: oci runtime error: container_linux.go:235: starting container process caused "exec: \"bash\": executable file not found in $PATH".
|
||||||
|
Shell output: main : command provided 4
|
||||||
|
```
|
||||||
|
|
||||||
|
2. `find` command must also be available inside the image. Not having
|
||||||
|
`find` causes this error:
|
||||||
|
|
||||||
|
```
|
||||||
|
Container exited with a non-zero exit code 127. Error file: prelaunch.err.
|
||||||
|
Last 4096 bytes of prelaunch.err :
|
||||||
|
/tmp/hadoop-systest/nm-local-dir/usercache/hadoopuser/appcache/application_1561638268473_0017/container_1561638268473_0017_01_000002/launch_container.sh: line 44: find: command not found
|
||||||
|
```
|
||||||
|
|
||||||
Docker Container YARN SysFS Support
|
Docker Container YARN SysFS Support
|
||||||
-----------------------------------
|
-----------------------------------
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user