Affects Version/s: None
Fix Version/s: None
Support Docker Containers In LinuxContainerExecutor
LinuxContainerExecutor provides useful functionality today with respect to localization, cgroups based resource management and isolation for CPU, network, disk etc. as well as security with a well-defined mechanism to execute privileged operations using the container-executor utility. Bringing docker support to LinuxContainerExecutor lets us use all of this functionality when running docker containers under YARN, while not requiring users and admins to configure and use a different ContainerExecutor.
There are several aspects here that need to be worked through :
- Mechanism(s) to let clients request docker-specific functionality - we could initially implement this via environment variables without impacting the client API.
- Security - both docker daemon as well as application
- Docker image localization
- Running a docker container via container-executor as a specified user
- “Isolate” the docker container in terms of CPU/network/disk/etc
- Communicating with and/or signaling the running container (ensure correct pid handling)
- Figure out workarounds for certain performance-sensitive scenarios like HDFS short-circuit reads
- All of these need to be achieved without changing the current behavior of LinuxContainerExecutor