[
https://issues.apache.org/jira/browse/YARN-6623?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16147713#comment-16147713
]
Eric Badger commented on YARN-6623:
-----------------------------------
Hey [~vvasudev], thanks for the update. It looks like most of my first round
comments were lost, so posting them again.
{noformat}
int is_docker_support_enabled() {
- return is_feature_enabled(DOCKER_SUPPORT_ENABLED_KEY,
- DEFAULT_DOCKER_SUPPORT_ENABLED, &executor_cfg);
+ return is_feature_enabled(DOCKER_SUPPORT_ENABLED_KEY,
+ DEFAULT_DOCKER_SUPPORT_ENABLED, &executor_cfg)
+ || docker_module_enabled(&CFG);
{noformat}
The indentation here should be fixed.
{noformat}
+# The configs below deal with settings for Docker
+#[docker]
+# module.enabled=## enable/disable the module. set to "true" to enable,
disabled by default
+# docker.binary=/usr/bin/docker
+# allowed.capabilities=## comma seperated capabilities that can be granted,
e.g
CHOWN,DAC_OVERRIDE,FSETID,FOWNER,MKNOD,NET_RAW,SETGID,SETUID,SETFCAP,SETPCAP,NET_BIND_SERVICE,SYS_CHROOT,KILL,AUDIT_WRITE
+# allowed.devices=## comma seperated list of devices that can be mounted into
a container
+# allowed.networks=## comma seperated networks that can be used. e.g
bridge,host,none
+# allowed.ro-mounts=## comma seperated volumes that can be mounted as
read-only
+# allowed.rw-mounts=## comma seperate volumes that can be mounted as
read-write, add the yarn local and log dirs to this list to run Hadoop jobs
{noformat}
For the Docker configs, I think it'd be more clear if they were prefixed with
docker.
{noformat}
+ <!-- /proc/mounts,/sys/fs/cgroup are always in the same place -->
<Match>
<Class
name="org.apache.hadoop.yarn.server.nodemanager.util.CgroupsLCEResourcesHandler"
/>
<Method name="parseMtab" />
<Bug pattern="DMI_HARDCODED_ABSOLUTE_FILENAME" />
</Match>
+ <Match>
+ <Class
name="org.apache.hadoop.yarn.server.nodemanager.containermanager.linux.runtime.DockerLinuxContainerRuntime"
/>
+ <Method name="launchContainer" />
+ <Bug pattern="DMI_HARDCODED_ABSOLUTE_FILENAME" />
+ </Match>
{noformat}
Since we're going to remove the hard-coded string in YARN-6968, should we leave
the findbugs warning and take care of it there?
{noformat}
+ protected final void addCommandArguments(String key, String value) {
+ if (commandArguments.containsKey(key)) {
+ commandArguments.get(key).add(value);
+ return;
+ }
{noformat}
No need to call contains() and then call get(). We can just call get and then
add the value if the return value isn't null.
{noformat}
+ @Override
+ public String toString() {
+ StringBuffer ret = new StringBuffer("");
+ ret.append(this.command);
{noformat}
Any reason not to create the string with the command in the constructor?
Something like
{{StringBuffer ret = new StringBuffer(this.command);}}
> Add support to turn off launching privileged containers in the
> container-executor
> ---------------------------------------------------------------------------------
>
> Key: YARN-6623
> URL: https://issues.apache.org/jira/browse/YARN-6623
> Project: Hadoop YARN
> Issue Type: Sub-task
> Components: nodemanager
> Reporter: Varun Vasudev
> Assignee: Varun Vasudev
> Priority: Blocker
> Attachments: YARN-6623.001.patch, YARN-6623.002.patch,
> YARN-6623.003.patch, YARN-6623.004.patch, YARN-6623.005.patch,
> YARN-6623.006.patch, YARN-6623.007.patch
>
>
> Currently, launching privileged containers is controlled by the NM. We should
> add a flag to the container-executor.cfg allowing admins to disable launching
> privileged containers at the container-executor level.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
