YARN-8656. container-executor should not write cgroup tasks files for docker containers. Contributed by Jim Brennan

This commit is contained in:
Jason Lowe 2018-08-16 10:06:17 -05:00
parent 6df606f1b4
commit cb21eaa026
5 changed files with 10 additions and 52 deletions

View File

@ -1156,7 +1156,6 @@ private PrivilegedOperation buildLaunchOp(ContainerRuntimeContext ctx,
List<String> localDirs = ctx.getExecutionAttribute(LOCAL_DIRS); List<String> localDirs = ctx.getExecutionAttribute(LOCAL_DIRS);
@SuppressWarnings("unchecked") @SuppressWarnings("unchecked")
List<String> logDirs = ctx.getExecutionAttribute(LOG_DIRS); List<String> logDirs = ctx.getExecutionAttribute(LOG_DIRS);
String resourcesOpts = ctx.getExecutionAttribute(RESOURCES_OPTIONS);
PrivilegedOperation launchOp = new PrivilegedOperation( PrivilegedOperation launchOp = new PrivilegedOperation(
PrivilegedOperation.OperationType.LAUNCH_DOCKER_CONTAINER); PrivilegedOperation.OperationType.LAUNCH_DOCKER_CONTAINER);
@ -1174,8 +1173,7 @@ private PrivilegedOperation buildLaunchOp(ContainerRuntimeContext ctx,
localDirs), localDirs),
StringUtils.join(PrivilegedOperation.LINUX_FILE_PATH_SEPARATOR, StringUtils.join(PrivilegedOperation.LINUX_FILE_PATH_SEPARATOR,
logDirs), logDirs),
commandFile, commandFile);
resourcesOpts);
String tcCommandFile = ctx.getExecutionAttribute(TC_COMMAND_FILE); String tcCommandFile = ctx.getExecutionAttribute(TC_COMMAND_FILE);

View File

@ -1547,9 +1547,7 @@ int launch_docker_container_as_user(const char * user, const char *app_id,
const char *container_id, const char *work_dir, const char *container_id, const char *work_dir,
const char *script_name, const char *cred_file, const char *script_name, const char *cred_file,
const char *pid_file, char* const* local_dirs, const char *pid_file, char* const* local_dirs,
char* const* log_dirs, const char *command_file, char* const* log_dirs, const char *command_file) {
const char *resources_key,
char* const* resources_values) {
int exit_code = -1; int exit_code = -1;
char *script_file_dest = NULL; char *script_file_dest = NULL;
char *cred_file_dest = NULL; char *cred_file_dest = NULL;
@ -1732,23 +1730,6 @@ int launch_docker_container_as_user(const char * user, const char *app_id,
} }
if (pid != 0) { if (pid != 0) {
#ifdef __linux
fprintf(LOGFILE, "Writing to cgroup task files...\n");
// cgroups-based resource enforcement
if (resources_key != NULL && ! strcmp(resources_key, "cgroups")) {
// write pid to cgroups
char* const* cgroup_ptr;
for (cgroup_ptr = resources_values; cgroup_ptr != NULL &&
*cgroup_ptr != NULL; ++cgroup_ptr) {
if (strcmp(*cgroup_ptr, "none") != 0 &&
write_pid_to_cgroup_as_root(*cgroup_ptr, pid) != 0) {
exit_code = WRITE_CGROUP_FAILED;
goto cleanup;
}
}
}
#endif
// write pid to pidfile // write pid to pidfile
fprintf(LOGFILE, "Writing pid file...\n"); fprintf(LOGFILE, "Writing pid file...\n");
if (pid_file == NULL if (pid_file == NULL

View File

@ -104,8 +104,7 @@ int launch_docker_container_as_user(const char * user, const char *app_id,
const char *script_name, const char *cred_file, const char *script_name, const char *cred_file,
const char *pid_file, char* const* local_dirs, const char *pid_file, char* const* local_dirs,
char* const* log_dirs, char* const* log_dirs,
const char *command_file,const char *resources_key, const char *command_file);
char* const* resources_values);
/* /*
* Function used to launch a container as the provided user. It does the following : * Function used to launch a container as the provided user. It does the following :

View File

@ -430,8 +430,8 @@ static int validate_run_as_user_commands(int argc, char **argv, int *operation)
case LAUNCH_DOCKER_CONTAINER: case LAUNCH_DOCKER_CONTAINER:
if(is_docker_support_enabled()) { if(is_docker_support_enabled()) {
//kill me now. //kill me now.
if (!(argc == 14 || argc == 15)) { if (!(argc == 13 || argc == 14)) {
fprintf(ERRORFILE, "Wrong number of arguments (%d vs 14 or 15) for" fprintf(ERRORFILE, "Wrong number of arguments (%d vs 13 or 14) for"
" launch docker container\n", argc); " launch docker container\n", argc);
fflush(ERRORFILE); fflush(ERRORFILE);
return INVALID_ARGUMENT_NUMBER; return INVALID_ARGUMENT_NUMBER;
@ -448,21 +448,8 @@ static int validate_run_as_user_commands(int argc, char **argv, int *operation)
// good log dirs as a comma separated list // good log dirs as a comma separated list
cmd_input.log_dirs = argv[optind++]; cmd_input.log_dirs = argv[optind++];
cmd_input.docker_command_file = argv[optind++]; cmd_input.docker_command_file = argv[optind++];
// key,value pair describing resources
resources = argv[optind++];
resources_key = malloc(strlen(resources));
resources_value = malloc(strlen(resources));
if (get_kv_key(resources, resources_key, strlen(resources)) < 0 ||
get_kv_value(resources, resources_value, strlen(resources)) < 0) {
fprintf(ERRORFILE, "Invalid arguments for cgroups resources: %s",
resources);
fflush(ERRORFILE);
free(resources_key);
free(resources_value);
return INVALID_ARGUMENT_NUMBER;
}
//network isolation through tc //network isolation through tc
if (argc == 15) { if (argc == 14) {
if(is_tc_support_enabled()) { if(is_tc_support_enabled()) {
cmd_input.traffic_control_command_file = argv[optind++]; cmd_input.traffic_control_command_file = argv[optind++];
} else { } else {
@ -471,9 +458,6 @@ static int validate_run_as_user_commands(int argc, char **argv, int *operation)
} }
} }
cmd_input.resources_key = resources_key;
cmd_input.resources_value = resources_value;
cmd_input.resources_values = split(resources_value);
*operation = RUN_AS_USER_LAUNCH_DOCKER_CONTAINER; *operation = RUN_AS_USER_LAUNCH_DOCKER_CONTAINER;
return 0; return 0;
} else { } else {
@ -653,9 +637,7 @@ int main(int argc, char **argv) {
cmd_input.pid_file, cmd_input.pid_file,
split(cmd_input.local_dirs), split(cmd_input.local_dirs),
split(cmd_input.log_dirs), split(cmd_input.log_dirs),
cmd_input.docker_command_file, cmd_input.docker_command_file);
cmd_input.resources_key,
cmd_input.resources_values);
break; break;
case RUN_AS_USER_LAUNCH_CONTAINER: case RUN_AS_USER_LAUNCH_CONTAINER:
if (cmd_input.traffic_control_command_file != NULL) { if (cmd_input.traffic_control_command_file != NULL) {

View File

@ -355,9 +355,9 @@ private PrivilegedOperation capturePrivilegedOperationAndVerifyArgs()
List<String> args = op.getArguments(); List<String> args = op.getArguments();
//This invocation of container-executor should use 13 arguments in a //This invocation of container-executor should use 12 arguments in a
// specific order // specific order
int expected = 13; int expected = 12;
int counter = 1; int counter = 1;
Assert.assertEquals(expected, args.size()); Assert.assertEquals(expected, args.size());
Assert.assertEquals(user, args.get(counter++)); Assert.assertEquals(user, args.get(counter++));
@ -373,7 +373,6 @@ private PrivilegedOperation capturePrivilegedOperationAndVerifyArgs()
Assert.assertEquals(pidFilePath.toString(), args.get(counter++)); Assert.assertEquals(pidFilePath.toString(), args.get(counter++));
Assert.assertEquals(localDirs.get(0), args.get(counter++)); Assert.assertEquals(localDirs.get(0), args.get(counter++));
Assert.assertEquals(logDirs.get(0), args.get(counter++)); Assert.assertEquals(logDirs.get(0), args.get(counter++));
Assert.assertEquals(resourcesOptions, args.get(++counter));
return op; return op;
} }
@ -2116,7 +2115,7 @@ public void testLaunchContainerWithDockerTokens()
List<String> args = op.getArguments(); List<String> args = op.getArguments();
int expectedArgs = 13; int expectedArgs = 12;
int argsCounter = 0; int argsCounter = 0;
Assert.assertEquals(expectedArgs, args.size()); Assert.assertEquals(expectedArgs, args.size());
Assert.assertEquals(runAsUser, args.get(argsCounter++)); Assert.assertEquals(runAsUser, args.get(argsCounter++));
@ -2134,7 +2133,6 @@ public void testLaunchContainerWithDockerTokens()
Assert.assertEquals(localDirs.get(0), args.get(argsCounter++)); Assert.assertEquals(localDirs.get(0), args.get(argsCounter++));
Assert.assertEquals(logDirs.get(0), args.get(argsCounter++)); Assert.assertEquals(logDirs.get(0), args.get(argsCounter++));
String dockerCommandFile = args.get(argsCounter++); String dockerCommandFile = args.get(argsCounter++);
Assert.assertEquals(resourcesOptions, args.get(argsCounter));
List<String> dockerCommands = Files List<String> dockerCommands = Files
.readAllLines(Paths.get(dockerCommandFile), Charset.forName("UTF-8")); .readAllLines(Paths.get(dockerCommandFile), Charset.forName("UTF-8"));