Repository: hadoop Updated Branches: refs/heads/branch-2 ef342455c -> c004d57d4
YARN-6930. Admins should be able to explicitly enable specific LinuxContainerRuntime in the NodeManager. Contributed by Shane Kumpf Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/c004d57d Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/c004d57d Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/c004d57d Branch: refs/heads/branch-2 Commit: c004d57d471283dbc30faaef36cdba95aa839630 Parents: ef34245 Author: Jason Lowe <jl...@apache.org> Authored: Thu Sep 7 16:24:55 2017 -0500 Committer: Jason Lowe <jl...@apache.org> Committed: Thu Sep 7 16:24:55 2017 -0500 ---------------------------------------------------------------------- .../hadoop/yarn/conf/YarnConfiguration.java | 16 +++ .../src/main/resources/yarn-default.xml | 8 ++ .../server/nodemanager/ContainerExecutor.java | 4 +- .../nodemanager/LinuxContainerExecutor.java | 3 +- .../DelegatingLinuxContainerRuntime.java | 65 +++++++-- .../runtime/LinuxContainerRuntimeConstants.java | 8 ++ .../runtime/ContainerRuntime.java | 6 +- .../TestDelegatingLinuxContainerRuntime.java | 80 +++++++++++ .../src/site/markdown/DockerContainers.md | 138 ++++++++++--------- 9 files changed, 249 insertions(+), 79 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/hadoop/blob/c004d57d/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-api/src/main/java/org/apache/hadoop/yarn/conf/YarnConfiguration.java ---------------------------------------------------------------------- diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-api/src/main/java/org/apache/hadoop/yarn/conf/YarnConfiguration.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-api/src/main/java/org/apache/hadoop/yarn/conf/YarnConfiguration.java index fb9f499..37a2b0b 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-api/src/main/java/org/apache/hadoop/yarn/conf/YarnConfiguration.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-api/src/main/java/org/apache/hadoop/yarn/conf/YarnConfiguration.java @@ -1423,6 +1423,22 @@ public class YarnConfiguration extends Configuration { /** Prefix for runtime configuration constants. */ public static final String LINUX_CONTAINER_RUNTIME_PREFIX = NM_PREFIX + "runtime.linux."; + + /** + * Comma separated list of runtimes that are allowed when using + * LinuxContainerExecutor. The allowed values are: + * <ul> + * <li>default</li> + * <li>docker</li> + * </ul> + */ + public static final String LINUX_CONTAINER_RUNTIME_ALLOWED_RUNTIMES = + LINUX_CONTAINER_RUNTIME_PREFIX + "allowed-runtimes"; + + /** The default list of allowed runtimes when using LinuxContainerExecutor. */ + public static final String[] DEFAULT_LINUX_CONTAINER_RUNTIME_ALLOWED_RUNTIMES + = {"default"}; + public static final String DOCKER_CONTAINER_RUNTIME_PREFIX = LINUX_CONTAINER_RUNTIME_PREFIX + "docker."; http://git-wip-us.apache.org/repos/asf/hadoop/blob/c004d57d/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/resources/yarn-default.xml ---------------------------------------------------------------------- diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/resources/yarn-default.xml b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/resources/yarn-default.xml index 5dceedc..7cb79ad 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/resources/yarn-default.xml +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/resources/yarn-default.xml @@ -1538,6 +1538,14 @@ </property> <property> + <description>Comma separated list of runtimes that are allowed when using + LinuxContainerExecutor. The allowed values are default and docker. + </description> + <name>yarn.nodemanager.runtime.linux.allowed-runtimes</name> + <value>default</value> + </property> + + <property> <description>This configuration setting determines the capabilities assigned to docker containers when they are launched. While these may not be case-sensitive from a docker perspective, it is best to keep these http://git-wip-us.apache.org/repos/asf/hadoop/blob/c004d57d/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/ContainerExecutor.java ---------------------------------------------------------------------- diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/ContainerExecutor.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/ContainerExecutor.java index 5a19d2b..b0f06c2 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/ContainerExecutor.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/ContainerExecutor.java @@ -52,6 +52,7 @@ import org.apache.hadoop.yarn.exceptions.ConfigurationException; import org.apache.hadoop.yarn.server.nodemanager.containermanager.container.Container; import org.apache.hadoop.yarn.server.nodemanager.containermanager.container.ContainerDiagnosticsUpdateEvent; import org.apache.hadoop.yarn.server.nodemanager.containermanager.launcher.ContainerLaunch; +import org.apache.hadoop.yarn.server.nodemanager.containermanager.runtime.ContainerExecutionException; import org.apache.hadoop.yarn.server.nodemanager.util.NodeManagerHardwareUtils; import org.apache.hadoop.yarn.server.nodemanager.executor.ContainerLivenessContext; import org.apache.hadoop.yarn.server.nodemanager.executor.ContainerReacquisitionContext; @@ -656,7 +657,8 @@ public abstract class ContainerExecutor implements Configurable { } // LinuxContainerExecutor overrides this method and behaves differently. - public String[] getIpAndHost(Container container) { + public String[] getIpAndHost(Container container) + throws ContainerExecutionException { return getLocalIpAndHost(container); } http://git-wip-us.apache.org/repos/asf/hadoop/blob/c004d57d/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/LinuxContainerExecutor.java ---------------------------------------------------------------------- diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/LinuxContainerExecutor.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/LinuxContainerExecutor.java index 77b72bc..419d66f 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/LinuxContainerExecutor.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/LinuxContainerExecutor.java @@ -600,7 +600,8 @@ public class LinuxContainerExecutor extends ContainerExecutor { } @Override - public String[] getIpAndHost(Container container) { + public String[] getIpAndHost(Container container) + throws ContainerExecutionException { return linuxContainerRuntime.getIpAndHost(container); } http://git-wip-us.apache.org/repos/asf/hadoop/blob/c004d57d/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/DelegatingLinuxContainerRuntime.java ---------------------------------------------------------------------- diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/DelegatingLinuxContainerRuntime.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/DelegatingLinuxContainerRuntime.java index 25cb7d5..f1f4451 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/DelegatingLinuxContainerRuntime.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/DelegatingLinuxContainerRuntime.java @@ -20,9 +20,11 @@ package org.apache.hadoop.yarn.server.nodemanager.containermanager.linux.runtime; +import com.google.common.annotations.VisibleForTesting; import org.apache.hadoop.classification.InterfaceAudience; import org.apache.hadoop.classification.InterfaceStability; import org.apache.hadoop.conf.Configuration; +import org.apache.hadoop.yarn.conf.YarnConfiguration; import org.apache.hadoop.yarn.server.nodemanager.containermanager.container.Container; import org.apache.hadoop.yarn.server.nodemanager.containermanager.linux.privileged.PrivilegedOperationExecutor; import org.apache.hadoop.yarn.server.nodemanager.containermanager.runtime.ContainerExecutionException; @@ -31,6 +33,7 @@ import org.apache.hadoop.yarn.server.nodemanager.containermanager.runtime.Contai import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import java.util.EnumSet; import java.util.Map; /** @@ -49,28 +52,50 @@ public class DelegatingLinuxContainerRuntime implements LinuxContainerRuntime { LoggerFactory.getLogger(DelegatingLinuxContainerRuntime.class); private DefaultLinuxContainerRuntime defaultLinuxContainerRuntime; private DockerLinuxContainerRuntime dockerLinuxContainerRuntime; + private EnumSet<LinuxContainerRuntimeConstants.RuntimeType> allowedRuntimes = + EnumSet.noneOf(LinuxContainerRuntimeConstants.RuntimeType.class); @Override public void initialize(Configuration conf) throws ContainerExecutionException { - PrivilegedOperationExecutor privilegedOperationExecutor = - PrivilegedOperationExecutor.getInstance(conf); - defaultLinuxContainerRuntime = new DefaultLinuxContainerRuntime( - privilegedOperationExecutor); - defaultLinuxContainerRuntime.initialize(conf); - dockerLinuxContainerRuntime = new DockerLinuxContainerRuntime( - privilegedOperationExecutor); - dockerLinuxContainerRuntime.initialize(conf); + String[] configuredRuntimes = conf.getTrimmedStrings( + YarnConfiguration.LINUX_CONTAINER_RUNTIME_ALLOWED_RUNTIMES, + YarnConfiguration.DEFAULT_LINUX_CONTAINER_RUNTIME_ALLOWED_RUNTIMES); + for (String configuredRuntime : configuredRuntimes) { + try { + allowedRuntimes.add( + LinuxContainerRuntimeConstants.RuntimeType.valueOf( + configuredRuntime.toUpperCase())); + } catch (IllegalArgumentException e) { + throw new ContainerExecutionException("Invalid runtime set in " + + YarnConfiguration.LINUX_CONTAINER_RUNTIME_ALLOWED_RUNTIMES + " : " + + configuredRuntime); + } + } + if (isRuntimeAllowed(LinuxContainerRuntimeConstants.RuntimeType.DOCKER)) { + dockerLinuxContainerRuntime = new DockerLinuxContainerRuntime( + PrivilegedOperationExecutor.getInstance(conf)); + dockerLinuxContainerRuntime.initialize(conf); + } + if (isRuntimeAllowed(LinuxContainerRuntimeConstants.RuntimeType.DEFAULT)) { + defaultLinuxContainerRuntime = new DefaultLinuxContainerRuntime( + PrivilegedOperationExecutor.getInstance(conf)); + defaultLinuxContainerRuntime.initialize(conf); + } } - private LinuxContainerRuntime pickContainerRuntime(Container container) { - Map<String, String> env = container.getLaunchContext().getEnvironment(); + @VisibleForTesting + LinuxContainerRuntime pickContainerRuntime( + Map<String, String> environment) throws ContainerExecutionException { LinuxContainerRuntime runtime; - - if (DockerLinuxContainerRuntime.isDockerContainerRequested(env)){ + if (dockerLinuxContainerRuntime != null && + DockerLinuxContainerRuntime.isDockerContainerRequested(environment)){ runtime = dockerLinuxContainerRuntime; - } else { + } else if (defaultLinuxContainerRuntime != null && + !DockerLinuxContainerRuntime.isDockerContainerRequested(environment)) { runtime = defaultLinuxContainerRuntime; + } else { + throw new ContainerExecutionException("Requested runtime not allowed."); } if (LOG.isDebugEnabled()) { @@ -81,6 +106,11 @@ public class DelegatingLinuxContainerRuntime implements LinuxContainerRuntime { return runtime; } + private LinuxContainerRuntime pickContainerRuntime(Container container) + throws ContainerExecutionException { + return pickContainerRuntime(container.getLaunchContext().getEnvironment()); + } + @Override public void prepareContainer(ContainerRuntimeContext ctx) throws ContainerExecutionException { @@ -118,8 +148,15 @@ public class DelegatingLinuxContainerRuntime implements LinuxContainerRuntime { } @Override - public String[] getIpAndHost(Container container) { + public String[] getIpAndHost(Container container) + throws ContainerExecutionException { LinuxContainerRuntime runtime = pickContainerRuntime(container); return runtime.getIpAndHost(container); } + + @VisibleForTesting + boolean isRuntimeAllowed( + LinuxContainerRuntimeConstants.RuntimeType runtimeType) { + return allowedRuntimes.contains(runtimeType); + } } \ No newline at end of file http://git-wip-us.apache.org/repos/asf/hadoop/blob/c004d57d/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/LinuxContainerRuntimeConstants.java ---------------------------------------------------------------------- diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/LinuxContainerRuntimeConstants.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/LinuxContainerRuntimeConstants.java index 0c1ec3e..7cea4d3 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/LinuxContainerRuntimeConstants.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/LinuxContainerRuntimeConstants.java @@ -31,6 +31,14 @@ public final class LinuxContainerRuntimeConstants { private LinuxContainerRuntimeConstants() { } + /** + * Linux container runtime types for {@link DelegatingLinuxContainerRuntime}. + */ + public enum RuntimeType { + DEFAULT, + DOCKER; + } + public static final Attribute<Map> LOCALIZED_RESOURCES = Attribute .attribute(Map.class, "localized_resources"); public static final Attribute<List> CONTAINER_LAUNCH_PREFIX_COMMANDS = http://git-wip-us.apache.org/repos/asf/hadoop/blob/c004d57d/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/runtime/ContainerRuntime.java ---------------------------------------------------------------------- diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/runtime/ContainerRuntime.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/runtime/ContainerRuntime.java index b15690f..7caa0ed 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/runtime/ContainerRuntime.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/runtime/ContainerRuntime.java @@ -77,6 +77,10 @@ public interface ContainerRuntime { /** * Return the host and ip of the container + * + * @param container the {@link Container} + * @throws ContainerExecutionException if an error occurs while getting the ip + * and hostname */ - String[] getIpAndHost(Container container); + String[] getIpAndHost(Container container) throws ContainerExecutionException; } \ No newline at end of file http://git-wip-us.apache.org/repos/asf/hadoop/blob/c004d57d/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/test/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/TestDelegatingLinuxContainerRuntime.java ---------------------------------------------------------------------- diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/test/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/TestDelegatingLinuxContainerRuntime.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/test/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/TestDelegatingLinuxContainerRuntime.java new file mode 100644 index 0000000..4edc8cb --- /dev/null +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/test/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/TestDelegatingLinuxContainerRuntime.java @@ -0,0 +1,80 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.hadoop.yarn.server.nodemanager.containermanager.linux.runtime; + +import org.apache.hadoop.conf.Configuration; +import org.apache.hadoop.yarn.conf.YarnConfiguration; +import org.junit.Before; +import org.junit.Test; + +import java.util.HashMap; +import java.util.Map; + +import static org.junit.Assert.*; + +/** + * Test container runtime delegation. + */ +public class TestDelegatingLinuxContainerRuntime { + + private DelegatingLinuxContainerRuntime delegatingLinuxContainerRuntime; + private Configuration conf; + private Map<String, String> env = new HashMap<>(); + + @Before + public void setUp() throws Exception { + delegatingLinuxContainerRuntime = new DelegatingLinuxContainerRuntime(); + conf = new Configuration(); + env.clear(); + } + + @Test + public void testIsRuntimeAllowedDefault() throws Exception { + conf.set(YarnConfiguration.LINUX_CONTAINER_RUNTIME_ALLOWED_RUNTIMES, + YarnConfiguration.DEFAULT_LINUX_CONTAINER_RUNTIME_ALLOWED_RUNTIMES[0]); + System.out.println(conf.get( + YarnConfiguration.LINUX_CONTAINER_RUNTIME_ALLOWED_RUNTIMES)); + delegatingLinuxContainerRuntime.initialize(conf); + assertTrue(delegatingLinuxContainerRuntime.isRuntimeAllowed( + LinuxContainerRuntimeConstants.RuntimeType.DEFAULT)); + assertFalse(delegatingLinuxContainerRuntime.isRuntimeAllowed( + LinuxContainerRuntimeConstants.RuntimeType.DOCKER)); + } + + @Test + public void testIsRuntimeAllowedDocker() throws Exception { + conf.set(YarnConfiguration.LINUX_CONTAINER_RUNTIME_ALLOWED_RUNTIMES, + "docker"); + delegatingLinuxContainerRuntime.initialize(conf); + assertTrue(delegatingLinuxContainerRuntime.isRuntimeAllowed( + LinuxContainerRuntimeConstants.RuntimeType.DOCKER)); + assertFalse(delegatingLinuxContainerRuntime.isRuntimeAllowed( + LinuxContainerRuntimeConstants.RuntimeType.DEFAULT)); + } + + + @Test + public void testIsRuntimeAllowedMultiple() throws Exception { + conf.set(YarnConfiguration.LINUX_CONTAINER_RUNTIME_ALLOWED_RUNTIMES, + "default,docker"); + delegatingLinuxContainerRuntime.initialize(conf); + assertTrue(delegatingLinuxContainerRuntime.isRuntimeAllowed( + LinuxContainerRuntimeConstants.RuntimeType.DOCKER)); + assertTrue(delegatingLinuxContainerRuntime.isRuntimeAllowed( + LinuxContainerRuntimeConstants.RuntimeType.DEFAULT)); + } +} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/hadoop/blob/c004d57d/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-site/src/site/markdown/DockerContainers.md ---------------------------------------------------------------------- diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-site/src/site/markdown/DockerContainers.md b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-site/src/site/markdown/DockerContainers.md index 4de0a6a..bc40e34 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-site/src/site/markdown/DockerContainers.md +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-site/src/site/markdown/DockerContainers.md @@ -71,68 +71,82 @@ request. For example: The following properties should be set in yarn-site.xml: ```xml -<property> - <name>yarn.nodemanager.container-executor.class</name> - <value>org.apache.hadoop.yarn.server.nodemanager.LinuxContainerExecutor</value> - <description> - This is the container executor setting that ensures that all applications - are started with the LinuxContainerExecutor. - </description> -</property> - -<property> - <name>yarn.nodemanager.linux-container-executor.group</name> - <value>hadoop</value> - <description> - The POSIX group of the NodeManager. It should match the setting in - "container-executor.cfg". This configuration is required for validating - the secure access of the container-executor binary. - </description> -</property> - -<property> - <name>yarn.nodemanager.linux-container-executor.nonsecure-mode.limit-users</name> - <value>false</value> - <description> - Whether all applications should be run as the NodeManager process' owner. - When false, applications are launched instead as the application owner. - </description> -</property> - -<property> - <name>yarn.nodemanager.runtime.linux.docker.allowed-container-networks</name> - <value>host,none,bridge</value> - <description> - Optional. A comma-separated set of networks allowed when launching - containers. Valid values are determined by Docker networks available from - `docker network ls` - </description> -</property> - -<property> - <description>The network used when launching Docker containers when no - network is specified in the request. This network must be one of the - (configurable) set of allowed container networks.</description> - <name>yarn.nodemanager.runtime.linux.docker.default-container-network</name> - <value>host</value> -</property> - -<property> - <name>yarn.nodemanager.runtime.linux.docker.privileged-containers.allowed</name> - <value>false</value> - <description> - Optional. Whether applications are allowed to run in privileged containers. - </description> -</property> - -<property> - <name>yarn.nodemanager.runtime.linux.docker.privileged-containers.acl</name> - <value></value> - <description> - Optional. A comma-separated list of users who are allowed to request - privileged contains if privileged containers are allowed. - </description> -</property> +<configuration> + <property> + <name>yarn.nodemanager.container-executor.class</name> + <value>org.apache.hadoop.yarn.server.nodemanager.LinuxContainerExecutor</value> + <description> + This is the container executor setting that ensures that all applications + are started with the LinuxContainerExecutor. + </description> + </property> + + <property> + <name>yarn.nodemanager.linux-container-executor.group</name> + <value>hadoop</value> + <description> + The POSIX group of the NodeManager. It should match the setting in + "container-executor.cfg". This configuration is required for validating + the secure access of the container-executor binary. + </description> + </property> + + <property> + <name>yarn.nodemanager.linux-container-executor.nonsecure-mode.limit-users</name> + <value>false</value> + <description> + Whether all applications should be run as the NodeManager process' owner. + When false, applications are launched instead as the application owner. + </description> + </property> + + <property> + <name>yarn.nodemanager.runtime.linux.allowed-runtimes</name> + <value>default,docker</value> + <description> + Comma separated list of runtimes that are allowed when using + LinuxContainerExecutor. The allowed values are default and docker. + </description> + </property> + + <property> + <name>yarn.nodemanager.runtime.linux.docker.allowed-container-networks</name> + <value>host,none,bridge</value> + <description> + Optional. A comma-separated set of networks allowed when launching + containers. Valid values are determined by Docker networks available from + `docker network ls` + </description> + </property> + + <property> + <name>yarn.nodemanager.runtime.linux.docker.default-container-network</name> + <value>host</value> + <description> + The network used when launching Docker containers when no + network is specified in the request. This network must be one of the + (configurable) set of allowed container networks. + </description> + </property> + + <property> + <name>yarn.nodemanager.runtime.linux.docker.privileged-containers.allowed</name> + <value>false</value> + <description> + Optional. Whether applications are allowed to run in privileged + containers. + </description> + </property> + + <property> + <name>yarn.nodemanager.runtime.linux.docker.privileged-containers.acl</name> + <value></value> + <description> + Optional. A comma-separated list of users who are allowed to request + privileged contains if privileged containers are allowed. + </description> + </property> +</configuration> ``` In addition, a container-executer.cfg file must exist and contain settings for --------------------------------------------------------------------- To unsubscribe, e-mail: common-commits-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-commits-h...@hadoop.apache.org
