diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/privileged/PrivilegedOperation.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/privileged/PrivilegedOperation.java index 92a82e8fbcd..90c4f307c2b 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/privileged/PrivilegedOperation.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/privileged/PrivilegedOperation.java @@ -171,11 +171,14 @@ public int getValue() { public enum ResultCode { OK(0), INVALID_USER_NAME(2), + SETUID_OPER_FAILED(6), UNABLE_TO_EXECUTE_CONTAINER_SCRIPT(7), INVALID_CONTAINER_PID(9), INVALID_CONTAINER_EXEC_PERMISSIONS(22), INVALID_CONFIG_FILE(24), - WRITE_CGROUP_FAILED(27); + WRITE_PIDFILE_FAILED(26), + WRITE_CGROUP_FAILED(27), + OPEN_CGROUP_FAILED(44); private final int value; ResultCode(int value) { diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/impl/container-executor.c b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/impl/container-executor.c index effeeeece3b..5971703ab92 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/impl/container-executor.c +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/impl/container-executor.c @@ -216,7 +216,7 @@ static int write_pid_to_cgroup_as_root(const char* cgroup_file, pid_t pid) { uid_t user = geteuid(); gid_t group = getegid(); if (change_effective_user(0, 0) != 0) { - return -1; + return SETUID_OPER_FAILED; } // open @@ -224,7 +224,7 @@ static int write_pid_to_cgroup_as_root(const char* cgroup_file, pid_t pid) { if (cgroup_fd == -1) { fprintf(LOGFILE, "Can't open file %s as node manager - %s\n", cgroup_file, strerror(errno)); - return -1; + return OPEN_CGROUP_FAILED; } // write pid @@ -235,18 +235,43 @@ static int write_pid_to_cgroup_as_root(const char* cgroup_file, pid_t pid) { if (written == -1) { fprintf(LOGFILE, "Failed to write pid to file %s - %s\n", cgroup_file, strerror(errno)); - return -1; + return WRITE_CGROUP_FAILED; } // Revert back to the calling user. if (change_effective_user(user, group)) { - return -1; + return SETUID_OPER_FAILED; } return 0; } #endif +static int check_docker_exit_code(const char *docker_binary, const char *container_id, int ret_code_write_pid) { + char docker_inspect_command[PATH_MAX]; + + snprintf(docker_inspect_command, PATH_MAX, + "%s inspect --format {{.State.ExitCode}} %s", + docker_binary, container_id); + + FILE* inspect_docker = popen(docker_inspect_command, "r"); + int exit_code = 0; + int res = fscanf (inspect_docker, "%d", &exit_code); + if (pclose (inspect_docker) != 0 || res <= 0) + { + exit_code = UNABLE_TO_EXECUTE_CONTAINER_SCRIPT; + } + + fprintf(LOGFILE, "Original docker container's exit code : %d\t return code of write pid : %d\n", + exit_code, ret_code_write_pid); + + if (ret_code_write_pid == WRITE_CGROUP_FAILED && exit_code != 0) { + exit_code = DOCKER_RUN_FAILED; + } + + return exit_code; +} + /** * Write the pid of the current process into the pid file. * pid_file: Path to pid file where pid needs to be written to @@ -1723,12 +1748,21 @@ int launch_docker_container_as_user(const char * user, const char *app_id, if (resources_key != NULL && ! strcmp(resources_key, "cgroups")) { // write pid to cgroups char* const* cgroup_ptr; + int ret_code_write_pid = 0; for (cgroup_ptr = resources_values; cgroup_ptr != NULL && *cgroup_ptr != NULL; ++cgroup_ptr) { - if (strcmp(*cgroup_ptr, "none") != 0 && - write_pid_to_cgroup_as_root(*cgroup_ptr, pid) != 0) { - exit_code = WRITE_CGROUP_FAILED; - goto cleanup; + if (strcmp(*cgroup_ptr, "none") != 0) { + ret_code_write_pid = write_pid_to_cgroup_as_root(*cgroup_ptr, pid); + if (ret_code_write_pid != 0) { + int ret_code_check_docker = check_docker_exit_code(docker_binary, container_id, ret_code_write_pid); + if ( ret_code_check_docker != 0) { + exit_code = ret_code_check_docker; + goto cleanup; + } else { + exit_code = 0; + goto cleanup; + } + } } } } diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/impl/util.h b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/impl/util.h index 6aac1fe1af6..b2005bc5f1a 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/impl/util.h +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/impl/util.h @@ -68,7 +68,8 @@ enum errorcodes { DOCKER_IMAGE_INVALID = 40, // DOCKER_CONTAINER_NAME_INVALID = 41, (NOT USED) ERROR_COMPILING_REGEX = 42, - INVALID_CONTAINER_ID = 43 + INVALID_CONTAINER_ID = 43, + OPEN_CGROUP_FAILED = 44 }; /* Macros for min/max. */