Class OCIContainerRuntime
java.lang.Object
org.apache.hadoop.yarn.server.nodemanager.containermanager.linux.runtime.OCIContainerRuntime
- All Implemented Interfaces:
LinuxContainerRuntime,ContainerRuntime
- Direct Known Subclasses:
DockerLinuxContainerRuntime,RuncContainerRuntime
@Private
@Unstable
public abstract class OCIContainerRuntime
extends Object
implements LinuxContainerRuntime
This class is a ContainerRuntime implementation that uses the
native container-executor binary via a
PrivilegedOperationExecutor instance to launch processes inside
OCI-compliant containers.
-
Field Summary
Fields -
Constructor Summary
ConstructorsConstructorDescriptionOCIContainerRuntime(PrivilegedOperationExecutor privilegedOperationExecutor) OCIContainerRuntime(PrivilegedOperationExecutor privilegedOperationExecutor, CGroupsHandler cGroupsHandler) -
Method Summary
Modifier and TypeMethodDescriptionprotected booleanallowHostPidNamespace(Container container) Return whether the YARN container is allowed to run using the host's PID namespace for the OCI-compliant container.protected booleanallowPrivilegedContainerExecution(Container container) Return whether the YARN container is allowed to run in a privileged OCI-compliant container.static StringformatOciEnvKey(String runtimeTypeUpper, String envKeySuffix) protected String[]getGroupIdInfo(String userName) protected StringgetUserIdInfo(String userName) voidinitialize(org.apache.hadoop.conf.Configuration conf, Context nmContext) Initialize the runtime.protected voidinitiateCsiClients(org.apache.hadoop.conf.Configuration config) Initiate CSI clients to talk to the CSI adaptors on this node and cache the clients for easier fetch.protected booleanisContainerRequestedAsPrivileged(Container container) This function only returns whether a privileged container was requested, not whether the container was or will be launched as privileged.static booleanisOCICompliantContainerRequested(org.apache.hadoop.conf.Configuration daemonConf, Map<String, String> env) protected StringmountReadOnlyPath(String mount, Map<org.apache.hadoop.fs.Path, List<String>> localizedResources) voidPrepare a container to be ready for launch.protected voidvalidateContainerNetworkType(String network) protected voidvalidateContainerRuntimeType(String runtime) protected static voidvalidateHostname(String hostname) Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, waitMethods inherited from interface org.apache.hadoop.yarn.server.nodemanager.containermanager.runtime.ContainerRuntime
execContainer, getExposedPorts, getIpAndHost, launchContainer, reapContainer, relaunchContainer, signalContainerMethods inherited from interface org.apache.hadoop.yarn.server.nodemanager.containermanager.linux.runtime.LinuxContainerRuntime
getLocalResources, isRuntimeRequested, start, stop
-
Field Details
-
RUNTIME_PREFIX
- See Also:
-
CONTAINER_PID_NAMESPACE_SUFFIX
- See Also:
-
RUN_PRIVILEGED_CONTAINER_SUFFIX
- See Also:
-
-
Constructor Details
-
OCIContainerRuntime
-
OCIContainerRuntime
public OCIContainerRuntime(PrivilegedOperationExecutor privilegedOperationExecutor, CGroupsHandler cGroupsHandler)
-
-
Method Details
-
initialize
public void initialize(org.apache.hadoop.conf.Configuration conf, Context nmContext) throws ContainerExecutionException Description copied from interface:LinuxContainerRuntimeInitialize the runtime.- Specified by:
initializein interfaceLinuxContainerRuntime- Parameters:
conf- theConfigurationto usenmContext- NMContext- Throws:
ContainerExecutionException- if an error occurs while initializing the runtime
-
isOCICompliantContainerRequested
-
mountReadOnlyPath
@VisibleForTesting protected String mountReadOnlyPath(String mount, Map<org.apache.hadoop.fs.Path, List<String>> localizedResources) throws ContainerExecutionException- Throws:
ContainerExecutionException
-
prepareContainer
Description copied from interface:ContainerRuntimePrepare a container to be ready for launch.- Specified by:
prepareContainerin interfaceContainerRuntime- Parameters:
ctx- theContainerRuntimeContext- Throws:
ContainerExecutionException- if an error occurs while preparing the container
-
getUserIdInfo
- Throws:
ContainerExecutionException
-
getGroupIdInfo
- Throws:
ContainerExecutionException
-
validateContainerNetworkType
- Throws:
ContainerExecutionException
-
validateContainerRuntimeType
- Throws:
ContainerExecutionException
-
allowHostPidNamespace
Return whether the YARN container is allowed to run using the host's PID namespace for the OCI-compliant container. For this to be allowed, the submitting user must request the feature and the feature must be enabled on the cluster.- Parameters:
container- the target YARN container- Returns:
- whether host pid namespace is requested and allowed
- Throws:
ContainerExecutionException- if host pid namespace is requested but is not allowed
-
validateHostname
- Throws:
ContainerExecutionException
-
allowPrivilegedContainerExecution
protected boolean allowPrivilegedContainerExecution(Container container) throws ContainerExecutionException Return whether the YARN container is allowed to run in a privileged OCI-compliant container. For a privileged container to be allowed all of the following three conditions must be satisfied:- Submitting user must request for a privileged container
- Privileged containers must be enabled on the cluster
- Submitting user must be white-listed to run a privileged container
- Parameters:
container- the target YARN container- Returns:
- whether privileged container execution is allowed
- Throws:
ContainerExecutionException- if privileged container execution is requested but is not allowed
-
isContainerRequestedAsPrivileged
This function only returns whether a privileged container was requested, not whether the container was or will be launched as privileged.- Parameters:
container-- Returns:
- true if container is requested as privileged
-
getCsiClients
-
initiateCsiClients
protected void initiateCsiClients(org.apache.hadoop.conf.Configuration config) throws ContainerExecutionException Initiate CSI clients to talk to the CSI adaptors on this node and cache the clients for easier fetch.- Parameters:
config- configuration- Throws:
ContainerExecutionException
-
formatOciEnvKey
-