YARN-8656. container-executor should not write cgroup tasks files for docker containers. Contributed by Jim Brennan
This commit is contained in:
parent
6df606f1b4
commit
cb21eaa026
@ -1156,7 +1156,6 @@ private PrivilegedOperation buildLaunchOp(ContainerRuntimeContext ctx,
|
|||||||
List<String> localDirs = ctx.getExecutionAttribute(LOCAL_DIRS);
|
List<String> localDirs = ctx.getExecutionAttribute(LOCAL_DIRS);
|
||||||
@SuppressWarnings("unchecked")
|
@SuppressWarnings("unchecked")
|
||||||
List<String> logDirs = ctx.getExecutionAttribute(LOG_DIRS);
|
List<String> logDirs = ctx.getExecutionAttribute(LOG_DIRS);
|
||||||
String resourcesOpts = ctx.getExecutionAttribute(RESOURCES_OPTIONS);
|
|
||||||
|
|
||||||
PrivilegedOperation launchOp = new PrivilegedOperation(
|
PrivilegedOperation launchOp = new PrivilegedOperation(
|
||||||
PrivilegedOperation.OperationType.LAUNCH_DOCKER_CONTAINER);
|
PrivilegedOperation.OperationType.LAUNCH_DOCKER_CONTAINER);
|
||||||
@ -1174,8 +1173,7 @@ private PrivilegedOperation buildLaunchOp(ContainerRuntimeContext ctx,
|
|||||||
localDirs),
|
localDirs),
|
||||||
StringUtils.join(PrivilegedOperation.LINUX_FILE_PATH_SEPARATOR,
|
StringUtils.join(PrivilegedOperation.LINUX_FILE_PATH_SEPARATOR,
|
||||||
logDirs),
|
logDirs),
|
||||||
commandFile,
|
commandFile);
|
||||||
resourcesOpts);
|
|
||||||
|
|
||||||
String tcCommandFile = ctx.getExecutionAttribute(TC_COMMAND_FILE);
|
String tcCommandFile = ctx.getExecutionAttribute(TC_COMMAND_FILE);
|
||||||
|
|
||||||
|
@ -1547,9 +1547,7 @@ int launch_docker_container_as_user(const char * user, const char *app_id,
|
|||||||
const char *container_id, const char *work_dir,
|
const char *container_id, const char *work_dir,
|
||||||
const char *script_name, const char *cred_file,
|
const char *script_name, const char *cred_file,
|
||||||
const char *pid_file, char* const* local_dirs,
|
const char *pid_file, char* const* local_dirs,
|
||||||
char* const* log_dirs, const char *command_file,
|
char* const* log_dirs, const char *command_file) {
|
||||||
const char *resources_key,
|
|
||||||
char* const* resources_values) {
|
|
||||||
int exit_code = -1;
|
int exit_code = -1;
|
||||||
char *script_file_dest = NULL;
|
char *script_file_dest = NULL;
|
||||||
char *cred_file_dest = NULL;
|
char *cred_file_dest = NULL;
|
||||||
@ -1732,23 +1730,6 @@ int launch_docker_container_as_user(const char * user, const char *app_id,
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (pid != 0) {
|
if (pid != 0) {
|
||||||
#ifdef __linux
|
|
||||||
fprintf(LOGFILE, "Writing to cgroup task files...\n");
|
|
||||||
// cgroups-based resource enforcement
|
|
||||||
if (resources_key != NULL && ! strcmp(resources_key, "cgroups")) {
|
|
||||||
// write pid to cgroups
|
|
||||||
char* const* cgroup_ptr;
|
|
||||||
for (cgroup_ptr = resources_values; cgroup_ptr != NULL &&
|
|
||||||
*cgroup_ptr != NULL; ++cgroup_ptr) {
|
|
||||||
if (strcmp(*cgroup_ptr, "none") != 0 &&
|
|
||||||
write_pid_to_cgroup_as_root(*cgroup_ptr, pid) != 0) {
|
|
||||||
exit_code = WRITE_CGROUP_FAILED;
|
|
||||||
goto cleanup;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
|
|
||||||
// write pid to pidfile
|
// write pid to pidfile
|
||||||
fprintf(LOGFILE, "Writing pid file...\n");
|
fprintf(LOGFILE, "Writing pid file...\n");
|
||||||
if (pid_file == NULL
|
if (pid_file == NULL
|
||||||
|
@ -104,8 +104,7 @@ int launch_docker_container_as_user(const char * user, const char *app_id,
|
|||||||
const char *script_name, const char *cred_file,
|
const char *script_name, const char *cred_file,
|
||||||
const char *pid_file, char* const* local_dirs,
|
const char *pid_file, char* const* local_dirs,
|
||||||
char* const* log_dirs,
|
char* const* log_dirs,
|
||||||
const char *command_file,const char *resources_key,
|
const char *command_file);
|
||||||
char* const* resources_values);
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Function used to launch a container as the provided user. It does the following :
|
* Function used to launch a container as the provided user. It does the following :
|
||||||
|
@ -430,8 +430,8 @@ static int validate_run_as_user_commands(int argc, char **argv, int *operation)
|
|||||||
case LAUNCH_DOCKER_CONTAINER:
|
case LAUNCH_DOCKER_CONTAINER:
|
||||||
if(is_docker_support_enabled()) {
|
if(is_docker_support_enabled()) {
|
||||||
//kill me now.
|
//kill me now.
|
||||||
if (!(argc == 14 || argc == 15)) {
|
if (!(argc == 13 || argc == 14)) {
|
||||||
fprintf(ERRORFILE, "Wrong number of arguments (%d vs 14 or 15) for"
|
fprintf(ERRORFILE, "Wrong number of arguments (%d vs 13 or 14) for"
|
||||||
" launch docker container\n", argc);
|
" launch docker container\n", argc);
|
||||||
fflush(ERRORFILE);
|
fflush(ERRORFILE);
|
||||||
return INVALID_ARGUMENT_NUMBER;
|
return INVALID_ARGUMENT_NUMBER;
|
||||||
@ -448,21 +448,8 @@ static int validate_run_as_user_commands(int argc, char **argv, int *operation)
|
|||||||
// good log dirs as a comma separated list
|
// good log dirs as a comma separated list
|
||||||
cmd_input.log_dirs = argv[optind++];
|
cmd_input.log_dirs = argv[optind++];
|
||||||
cmd_input.docker_command_file = argv[optind++];
|
cmd_input.docker_command_file = argv[optind++];
|
||||||
// key,value pair describing resources
|
|
||||||
resources = argv[optind++];
|
|
||||||
resources_key = malloc(strlen(resources));
|
|
||||||
resources_value = malloc(strlen(resources));
|
|
||||||
if (get_kv_key(resources, resources_key, strlen(resources)) < 0 ||
|
|
||||||
get_kv_value(resources, resources_value, strlen(resources)) < 0) {
|
|
||||||
fprintf(ERRORFILE, "Invalid arguments for cgroups resources: %s",
|
|
||||||
resources);
|
|
||||||
fflush(ERRORFILE);
|
|
||||||
free(resources_key);
|
|
||||||
free(resources_value);
|
|
||||||
return INVALID_ARGUMENT_NUMBER;
|
|
||||||
}
|
|
||||||
//network isolation through tc
|
//network isolation through tc
|
||||||
if (argc == 15) {
|
if (argc == 14) {
|
||||||
if(is_tc_support_enabled()) {
|
if(is_tc_support_enabled()) {
|
||||||
cmd_input.traffic_control_command_file = argv[optind++];
|
cmd_input.traffic_control_command_file = argv[optind++];
|
||||||
} else {
|
} else {
|
||||||
@ -471,9 +458,6 @@ static int validate_run_as_user_commands(int argc, char **argv, int *operation)
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
cmd_input.resources_key = resources_key;
|
|
||||||
cmd_input.resources_value = resources_value;
|
|
||||||
cmd_input.resources_values = split(resources_value);
|
|
||||||
*operation = RUN_AS_USER_LAUNCH_DOCKER_CONTAINER;
|
*operation = RUN_AS_USER_LAUNCH_DOCKER_CONTAINER;
|
||||||
return 0;
|
return 0;
|
||||||
} else {
|
} else {
|
||||||
@ -653,9 +637,7 @@ int main(int argc, char **argv) {
|
|||||||
cmd_input.pid_file,
|
cmd_input.pid_file,
|
||||||
split(cmd_input.local_dirs),
|
split(cmd_input.local_dirs),
|
||||||
split(cmd_input.log_dirs),
|
split(cmd_input.log_dirs),
|
||||||
cmd_input.docker_command_file,
|
cmd_input.docker_command_file);
|
||||||
cmd_input.resources_key,
|
|
||||||
cmd_input.resources_values);
|
|
||||||
break;
|
break;
|
||||||
case RUN_AS_USER_LAUNCH_CONTAINER:
|
case RUN_AS_USER_LAUNCH_CONTAINER:
|
||||||
if (cmd_input.traffic_control_command_file != NULL) {
|
if (cmd_input.traffic_control_command_file != NULL) {
|
||||||
|
@ -355,9 +355,9 @@ private PrivilegedOperation capturePrivilegedOperationAndVerifyArgs()
|
|||||||
|
|
||||||
List<String> args = op.getArguments();
|
List<String> args = op.getArguments();
|
||||||
|
|
||||||
//This invocation of container-executor should use 13 arguments in a
|
//This invocation of container-executor should use 12 arguments in a
|
||||||
// specific order
|
// specific order
|
||||||
int expected = 13;
|
int expected = 12;
|
||||||
int counter = 1;
|
int counter = 1;
|
||||||
Assert.assertEquals(expected, args.size());
|
Assert.assertEquals(expected, args.size());
|
||||||
Assert.assertEquals(user, args.get(counter++));
|
Assert.assertEquals(user, args.get(counter++));
|
||||||
@ -373,7 +373,6 @@ private PrivilegedOperation capturePrivilegedOperationAndVerifyArgs()
|
|||||||
Assert.assertEquals(pidFilePath.toString(), args.get(counter++));
|
Assert.assertEquals(pidFilePath.toString(), args.get(counter++));
|
||||||
Assert.assertEquals(localDirs.get(0), args.get(counter++));
|
Assert.assertEquals(localDirs.get(0), args.get(counter++));
|
||||||
Assert.assertEquals(logDirs.get(0), args.get(counter++));
|
Assert.assertEquals(logDirs.get(0), args.get(counter++));
|
||||||
Assert.assertEquals(resourcesOptions, args.get(++counter));
|
|
||||||
|
|
||||||
return op;
|
return op;
|
||||||
}
|
}
|
||||||
@ -2116,7 +2115,7 @@ public void testLaunchContainerWithDockerTokens()
|
|||||||
|
|
||||||
List<String> args = op.getArguments();
|
List<String> args = op.getArguments();
|
||||||
|
|
||||||
int expectedArgs = 13;
|
int expectedArgs = 12;
|
||||||
int argsCounter = 0;
|
int argsCounter = 0;
|
||||||
Assert.assertEquals(expectedArgs, args.size());
|
Assert.assertEquals(expectedArgs, args.size());
|
||||||
Assert.assertEquals(runAsUser, args.get(argsCounter++));
|
Assert.assertEquals(runAsUser, args.get(argsCounter++));
|
||||||
@ -2134,7 +2133,6 @@ public void testLaunchContainerWithDockerTokens()
|
|||||||
Assert.assertEquals(localDirs.get(0), args.get(argsCounter++));
|
Assert.assertEquals(localDirs.get(0), args.get(argsCounter++));
|
||||||
Assert.assertEquals(logDirs.get(0), args.get(argsCounter++));
|
Assert.assertEquals(logDirs.get(0), args.get(argsCounter++));
|
||||||
String dockerCommandFile = args.get(argsCounter++);
|
String dockerCommandFile = args.get(argsCounter++);
|
||||||
Assert.assertEquals(resourcesOptions, args.get(argsCounter));
|
|
||||||
|
|
||||||
List<String> dockerCommands = Files
|
List<String> dockerCommands = Files
|
||||||
.readAllLines(Paths.get(dockerCommandFile), Charset.forName("UTF-8"));
|
.readAllLines(Paths.get(dockerCommandFile), Charset.forName("UTF-8"));
|
||||||
|
Loading…
Reference in New Issue
Block a user