Uploaded image for project: 'Hadoop YARN'
  1. Hadoop YARN
  2. YARN-3611 Support Docker Containers In LinuxContainerExecutor
  3. YARN-6623

Add support to turn off launching privileged containers in the container-executor

          Details

          • Type: Sub-task
          • Status: Resolved
          • Priority: Blocker
          • Resolution: Fixed
          • Affects Version/s: None
          • Fix Version/s: 2.9.0, 3.0.0
          • Component/s: nodemanager
          • Labels:
          • Target Version/s:
          • Hadoop Flags:
            Incompatible change, Reviewed
          • Release Note:
            Hide
            A change in configuration for launching Docker containers under YARN. Docker container capabilities, mounts, networks and allowing privileged container have to specified in the container-executor.cfg. By default, all of the above are turned off. This change will break existing setups launching Docker containers under YARN. Please refer to the Docker containers under YARN documentation for more information.
            Show
            A change in configuration for launching Docker containers under YARN. Docker container capabilities, mounts, networks and allowing privileged container have to specified in the container-executor.cfg. By default, all of the above are turned off. This change will break existing setups launching Docker containers under YARN. Please refer to the Docker containers under YARN documentation for more information.

            Description

            Currently, launching privileged containers is controlled by the NM. We should add a flag to the container-executor.cfg allowing admins to disable launching privileged containers at the container-executor level.

              Attachments

              1. YARN-6623.001.patch
                191 kB
                Varun Vasudev
              2. YARN-6623.002.patch
                197 kB
                Varun Vasudev
              3. YARN-6623.003.patch
                197 kB
                Varun Vasudev
              4. YARN-6623.004.patch
                204 kB
                Varun Vasudev
              5. YARN-6623.005.patch
                202 kB
                Varun Vasudev
              6. YARN-6623.006.patch
                202 kB
                Varun Vasudev
              7. YARN-6623.007.patch
                206 kB
                Varun Vasudev
              8. YARN-6623.008.patch
                206 kB
                Varun Vasudev
              9. YARN-6623.009.patch
                205 kB
                Varun Vasudev
              10. YARN-6623.010.patch
                208 kB
                Varun Vasudev
              11. YARN-6623.011.patch
                219 kB
                Varun Vasudev
              12. YARN-6623.012.patch
                217 kB
                Varun Vasudev
              13. YARN-6623.013.patch
                217 kB
                Varun Vasudev
              14. YARN-6623-branch-2.013.patch
                223 kB
                Varun Vasudev
              15. YARN-6623-branch-2.014.patch
                224 kB
                Varun Vasudev
              16. YARN-6623-branch-2.015.patch
                224 kB
                Varun Vasudev
              17. cetest.stderr
                3 kB
                Eric Yang
              18. cetest.stdout
                8 kB
                Eric Yang

                Issue Links

                breaks

                Sub-task - The sub-task of the issue YARN-7430 Enable user re-mapping for Docker containers by default

                • Blocker - Blocks development and/or testing work, production could not run
                • Resolved
                causes

                Sub-task - The sub-task of the issue YARN-9125 Carriage Return character in launch command cause node manager to become unhealthy

                • Major - Major loss of function.
                • Resolved
                duplicates

                Sub-task - The sub-task of the issue YARN-6988 container-executor fails for docker when command length > 4096 B

                • Major - Major loss of function.
                • Resolved
                is blocked by

                Sub-task - The sub-task of the issue YARN-6033 Add support for sections in container-executor configuration file

                • Major - Major loss of function.
                • Resolved

                  Activity

                    People

                    • Assignee:
                      vvasudev Varun Vasudev
                      Reporter:
                      vvasudev Varun Vasudev
                    • Votes:
                      0 Vote for this issue
                      Watchers:
                      21 Start watching this issue

                      Dates

                      • Created:
                        Updated:
                        Resolved: