Uploaded image for project: 'Hadoop YARN'
  1. Hadoop YARN
  2. YARN-3611 Support Docker Containers In LinuxContainerExecutor
  3. YARN-6623

Add support to turn off launching privileged containers in the container-executor

    XMLWordPrintableJSON

Details

    • Sub-task
    • Status: Resolved
    • Blocker
    • Resolution: Fixed
    • None
    • 2.9.0, 3.0.0
    • nodemanager
    • Incompatible change, Reviewed
    • Hide
      A change in configuration for launching Docker containers under YARN. Docker container capabilities, mounts, networks and allowing privileged container have to specified in the container-executor.cfg. By default, all of the above are turned off. This change will break existing setups launching Docker containers under YARN. Please refer to the Docker containers under YARN documentation for more information.
      Show
      A change in configuration for launching Docker containers under YARN. Docker container capabilities, mounts, networks and allowing privileged container have to specified in the container-executor.cfg. By default, all of the above are turned off. This change will break existing setups launching Docker containers under YARN. Please refer to the Docker containers under YARN documentation for more information.

    Description

      Currently, launching privileged containers is controlled by the NM. We should add a flag to the container-executor.cfg allowing admins to disable launching privileged containers at the container-executor level.

      Attachments

        1. cetest.stderr
          3 kB
          Eric Yang
        2. cetest.stdout
          8 kB
          Eric Yang
        3. YARN-6623.001.patch
          191 kB
          Varun Vasudev
        4. YARN-6623.002.patch
          197 kB
          Varun Vasudev
        5. YARN-6623.003.patch
          197 kB
          Varun Vasudev
        6. YARN-6623.004.patch
          204 kB
          Varun Vasudev
        7. YARN-6623.005.patch
          202 kB
          Varun Vasudev
        8. YARN-6623.006.patch
          202 kB
          Varun Vasudev
        9. YARN-6623.007.patch
          206 kB
          Varun Vasudev
        10. YARN-6623.008.patch
          206 kB
          Varun Vasudev
        11. YARN-6623.009.patch
          205 kB
          Varun Vasudev
        12. YARN-6623.010.patch
          208 kB
          Varun Vasudev
        13. YARN-6623.011.patch
          219 kB
          Varun Vasudev
        14. YARN-6623.012.patch
          217 kB
          Varun Vasudev
        15. YARN-6623.013.patch
          217 kB
          Varun Vasudev
        16. YARN-6623-branch-2.013.patch
          223 kB
          Varun Vasudev
        17. YARN-6623-branch-2.014.patch
          224 kB
          Varun Vasudev
        18. YARN-6623-branch-2.015.patch
          224 kB
          Varun Vasudev

        Issue Links

          breaks

          Sub-task - The sub-task of the issue YARN-7430 Enable user re-mapping for Docker containers by default

          • Blocker - Blocks development and/or testing work, production could not run
          • Resolved
          causes

          Sub-task - The sub-task of the issue YARN-9125 Carriage Return character in launch command cause node manager to become unhealthy

          • Major - Major loss of function.
          • Resolved
          duplicates

          Sub-task - The sub-task of the issue YARN-6988 container-executor fails for docker when command length > 4096 B

          • Major - Major loss of function.
          • Resolved
          is blocked by

          Sub-task - The sub-task of the issue YARN-6033 Add support for sections in container-executor configuration file

          • Major - Major loss of function.
          • Resolved

          Activity

            People

              vvasudev Varun Vasudev
              vvasudev Varun Vasudev
              Votes:
              0 Vote for this issue
              Watchers:
              21 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: