[
https://issues.apache.org/jira/browse/YARN-3611?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14537024#comment-14537024
]
Sidharta Seethana commented on YARN-3611:
-----------------------------------------
Hi [~aw] ,
I agree with you that we should ensure that current LinuxContainerExecutor
functionality isn’t broken - but at the same time, I believe it is important to
add useful new features that bring more value to users. This has already been
happening to LinuxContainerExecutor
and related functionality - refactored resource handler/cgroups handler,
support for new resources types.
About YARN-3291 : The patch for this JIRA already moves in the direction
described in this JIRA. DockerContainerExecutor is changed to be a child of
LinuxContainerExecutor (along with some minor changes to LinuxContainerExecutor
itself). In addition, there are changes to the native code in the
linux-specific container-executor tool which has so far only been used by
LinuxContainerExecutor. I don’t believe this JIRA is a dupe of YARN-3291 - the
scope differs quite a bit - more sub-tasks are to be added to this JIRA for
various pieces of functionality that need to be built.
thanks,
-Sidharta
> Support Docker Containers In LinuxContainerExecutor
> ---------------------------------------------------
>
> Key: YARN-3611
> URL: https://issues.apache.org/jira/browse/YARN-3611
> Project: Hadoop YARN
> Issue Type: Bug
> Components: yarn
> Reporter: Sidharta Seethana
> Assignee: Sidharta Seethana
>
> Support Docker Containers In LinuxContainerExecutor
> LinuxContainerExecutor provides useful functionality today with respect to
> localization, cgroups based resource management and isolation for CPU,
> network, disk etc. as well as security with a well-defined mechanism to
> execute privileged operations using the container-executor utility. Bringing
> docker support to LinuxContainerExecutor lets us use all of this
> functionality when running docker containers under YARN, while not requiring
> users and admins to configure and use a different ContainerExecutor.
> There are several aspects here that need to be worked through :
> * Mechanism(s) to let clients request docker-specific functionality - we
> could initially implement this via environment variables without impacting
> the client API.
> * Security - both docker daemon as well as application
> * Docker image localization
> * Running a docker container via container-executor as a specified user
> * “Isolate” the docker container in terms of CPU/network/disk/etc
> * Communicating with and/or signaling the running container (ensure correct
> pid handling)
> * Figure out workarounds for certain performance-sensitive scenarios like
> HDFS short-circuit reads
> * All of these need to be achieved without changing the current behavior of
> LinuxContainerExecutor
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
