diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/LinuxContainerExecutor.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/LinuxContainerExecutor.java
index 04e38fa..597240d 100644
--- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/LinuxContainerExecutor.java
+++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/LinuxContainerExecutor.java
@@ -64,11 +64,73 @@
import static org.apache.hadoop.yarn.server.nodemanager.containermanager.linux.runtime.LinuxContainerRuntimeConstants.*;
-/** Container execution for Linux. Provides linux-specific localization
- * mechanisms, resource management via cgroups and can switch between multiple
- * container runtimes - e.g Standard "Process Tree", Docker etc
+/**
+ *
This class provides {@link Container} execution for Linux, trading
+ * broader platform support for the ability to take advantage of the
+ * capabilities of Linux. By assuming Linux, this class is able to execute
+ * applications as the application owners, provide localization that takes
+ * advantage of mapping the application owner to a UID, resource management
+ * through Linux CGROUPS, and Docker support.
+ *
+ * If {@code hadoop.security.authetication} is set to {@code simple},
+ * then the {@code yarn.nodemanager.linux-container-executor.nonsecure-mode.limit-users}
+ * property will determine whether the {@code LinuxContainerExecutor} runs
+ * processes as the application owner or as the default user, as set in the
+ * {@code yarn.nodemanager.linux-container-executor.nonsecure-mode.local-user}
+ * property.
+ *
+ * The {@code LinuxContainerExecutor} will run applications through the
+ * usual Linux process execution method ("fork and exec"), unless the
+ * container has the {@code YARN_CONTAINER_RUNTIME_TYPE} environment
+ * variable set to {@code docker}, in which case the Docker engine will be
+ * used to launch the container instead. The following environment variables
+ * are then used to configure the Docker engine:
+ *
+ *
+ * -
+ * {@code YARN_CONTAINER_RUNTIME_DOCKER_IMAGE} names which image
+ * will be used to launch the Docker container.
+ *
+ * -
+ * {@code YARN_CONTAINER_RUNTIME_DOCKER_IMAGE_FILE} is currently ignored.
+ *
+ * -
+ * {@code YARN_CONTAINER_RUNTIME_DOCKER_RUN_OVERRIDE_DISABLE} controls
+ * whether the Docker container's default command is overridden. When set
+ * to {@code true}, the Docker container's command will be
+ * {@code bash }. When unset or set to {@code false}
+ * the Docker container's default command is used.
+ *
+ * -
+ * {@code YARN_CONTAINER_RUNTIME_DOCKER_CONTAINER_NETWORK} sets the
+ * network type to be used by the Docker container. It must be a valid
+ * value as determined by the
+ * {@code yarn.nodemanager.runtime.linux.docker.allowed-container-networks}
+ * property.
+ *
+ * -
+ * {@code YARN_CONTAINER_RUNTIME_DOCKER_RUN_PRIVILEGED_CONTAINER}
+ * controls whether the Docker container is a privileged container. In order
+ * to use privileged containers, the
+ * {@code yarn.nodemanager.runtime.linux.docker.privileged-containers.allowed}
+ * property must be set to {@code true}, and the application owner must
+ * appear in the value of the
+ * {@code yarn.nodemanager.runtime.linux.docker.privileged-containers.acl}
+ * property. If this environment variable is set to {@code true}, a
+ * privileged Docker container will be used if allowed. No other value is
+ * allowed, so the environment variable should be left unset rather than
+ * setting it to false.
+ *
+ * -
+ * {@code YARN_CONTAINER_RUNTIME_DOCKER_LOCAL_RESOURCE_MOUNTS} adds
+ * additional volume mounts to the Docker container. The value of the
+ * environment variable should be a comma-separated list of mounts.
+ * All such mounts must be given as {@code source:dest}, where the
+ * source is an absolute path that is not a symlink and that points to a
+ * localized resource.
+ *
+*
*/
-
public class LinuxContainerExecutor extends ContainerExecutor {
private static final Log LOG = LogFactory
@@ -83,10 +145,18 @@
private ResourceHandler resourceHandlerChain;
private LinuxContainerRuntime linuxContainerRuntime;
+ /**
+ * Default constructor to allow for creation through reflection.
+ */
public LinuxContainerExecutor() {
}
- // created primarily for testing
+ /**
+ * Create a LinuxContainerExecutor with a provided
+ * {@link LinuxContainerRuntime}. Used primarily for testing.
+ *
+ * @param linuxContainerRuntime
+ */
public LinuxContainerExecutor(LinuxContainerRuntime linuxContainerRuntime) {
this.linuxContainerRuntime = linuxContainerRuntime;
}
@@ -153,6 +223,13 @@ String getRunAsUser(String user) {
}
}
+ /**
+ * Get the path to the {@code container-executor} binary. The path will
+ * be absolute.
+ *
+ * @param conf the {@link Configuration}
+ * @return the path to the {@code container-executor} binary
+ */
protected String getContainerExecutorExecutablePath(Configuration conf) {
String yarnHomeEnvVar =
System.getenv(ApplicationConstants.Environment.HADOOP_YARN_HOME.key());
@@ -165,6 +242,14 @@ protected String getContainerExecutorExecutablePath(Configuration conf) {
defaultPath);
}
+ /**
+ * Add a niceness level to the process that will be executed. Adds
+ * {@code -n } to the given command. The niceness level will be
+ * taken from the
+ * {@code yarn.nodemanager.container-executer.os.sched.prioity} property.
+ *
+ * @param command the command to which to add the niceness setting.
+ */
protected void addSchedPriorityCommand(List command) {
if (containerSchedPriorityIsSet) {
command.addAll(Arrays.asList("nice", "-n",
@@ -293,6 +378,17 @@ public void startLocalizer(LocalizerStartContext ctx)
}
}
+ /**
+ * Set up the {@ContainerLocalizer}.
+ *
+ * @param command the current ShellCommandExecutor command line
+ * @param user localization user
+ * @param appId localized app id
+ * @param locId localizer id
+ * @param nmAddr nodemanager address
+ * @param localDirs list of local dirs
+ * @see ContainerLocalizer#buildMainArgs
+ */
@VisibleForTesting
public void buildMainArgs(List command, String user, String appId,
String locId, InetSocketAddress nmAddr, List localDirs) {
@@ -593,6 +689,15 @@ public boolean isContainerAlive(ContainerLivenessContext ctx)
.build());
}
+ /**
+ * Mount a CGROUPS controller at the requested mount point and create
+ * a hierarchy for the NodeManager to manage.
+ *
+ * @param cgroupKVs a key-value pair of the form
+ * {@code controller=mount-path}
+ * @param hierarchy the top directory of the hierarchy for the NodeManager
+ * @throws IOException if there is a problem mounting the CGROUPS
+ */
public void mountCgroups(List cgroupKVs, String hierarchy)
throws IOException {
try {