Examples with PrivilegedOperation org.apache.hadoop.yarn.server.nodemanager.containermanager.linux.privileged.PrivilegedOperation used on opensource projects

Search in sources :

Example 26 with PrivilegedOperation

use of org.apache.hadoop.yarn.server.nodemanager.containermanager.linux.privileged.PrivilegedOperation in project hadoop by apache.

the class DockerLinuxContainerRuntime method signalContainer.

@Override
public void signalContainer(ContainerRuntimeContext ctx) throws ContainerExecutionException {
    Container container = ctx.getContainer();
    ContainerExecutor.Signal signal = ctx.getExecutionAttribute(SIGNAL);
    PrivilegedOperation privOp = null;
    // Handle liveliness checks, send null signal to pid
    if (ContainerExecutor.Signal.NULL.equals(signal)) {
        privOp = new PrivilegedOperation(PrivilegedOperation.OperationType.SIGNAL_CONTAINER);
        privOp.appendArgs(ctx.getExecutionAttribute(RUN_AS_USER), ctx.getExecutionAttribute(USER), Integer.toString(PrivilegedOperation.RunAsUserCommand.SIGNAL_CONTAINER.getValue()), ctx.getExecutionAttribute(PID), Integer.toString(ctx.getExecutionAttribute(SIGNAL).getValue()));
    // All other signals handled as docker stop
    } else {
        String containerId = ctx.getContainer().getContainerId().toString();
        DockerStopCommand stopCommand = new DockerStopCommand(containerId);
        String commandFile = dockerClient.writeCommandToTempFile(stopCommand, containerId);
        privOp = new PrivilegedOperation(PrivilegedOperation.OperationType.RUN_DOCKER_CMD);
        privOp.appendArgs(commandFile);
    }
    //Some failures here are acceptable. Let the calling executor decide.
    privOp.disableFailureLogging();
    try {
        privilegedOperationExecutor.executePrivilegedOperation(null, privOp, null, container.getLaunchContext().getEnvironment(), false, false);
    } catch (PrivilegedOperationException e) {
        throw new ContainerExecutionException("Signal container failed", e.getExitCode(), e.getOutput(), e.getErrorOutput());
    }
}
Also used : ContainerExecutor(org.apache.hadoop.yarn.server.nodemanager.ContainerExecutor) Container(org.apache.hadoop.yarn.server.nodemanager.containermanager.container.Container) ContainerExecutionException(org.apache.hadoop.yarn.server.nodemanager.containermanager.runtime.ContainerExecutionException) PrivilegedOperationException(org.apache.hadoop.yarn.server.nodemanager.containermanager.linux.privileged.PrivilegedOperationException) PrivilegedOperation(org.apache.hadoop.yarn.server.nodemanager.containermanager.linux.privileged.PrivilegedOperation) DockerStopCommand(org.apache.hadoop.yarn.server.nodemanager.containermanager.linux.runtime.docker.DockerStopCommand)

Example 27 with PrivilegedOperation

use of org.apache.hadoop.yarn.server.nodemanager.containermanager.linux.privileged.PrivilegedOperation in project hadoop by apache.

the class DockerLinuxContainerRuntime method getIpAndHost.

// ipAndHost[0] contains comma separated list of IPs
// ipAndHost[1] contains the hostname.
@Override
public String[] getIpAndHost(Container container) {
    String containerId = container.getContainerId().toString();
    DockerInspectCommand inspectCommand = new DockerInspectCommand(containerId).getIpAndHost();
    try {
        String commandFile = dockerClient.writeCommandToTempFile(inspectCommand, containerId);
        PrivilegedOperation privOp = new PrivilegedOperation(PrivilegedOperation.OperationType.RUN_DOCKER_CMD);
        privOp.appendArgs(commandFile);
        String output = privilegedOperationExecutor.executePrivilegedOperation(null, privOp, null, container.getLaunchContext().getEnvironment(), true, false);
        LOG.info("Docker inspect output for " + containerId + ": " + output);
        int index = output.lastIndexOf(',');
        if (index == -1) {
            LOG.error("Incorrect format for ip and host");
            return null;
        }
        String ips = output.substring(0, index).trim();
        String host = output.substring(index + 1).trim();
        String[] ipAndHost = new String[2];
        ipAndHost[0] = ips;
        ipAndHost[1] = host;
        return ipAndHost;
    } catch (ContainerExecutionException e) {
        LOG.error("Error when writing command to temp file", e);
    } catch (PrivilegedOperationException e) {
        LOG.error("Error when executing command.", e);
    }
    return null;
}
Also used : DockerInspectCommand(org.apache.hadoop.yarn.server.nodemanager.containermanager.linux.runtime.docker.DockerInspectCommand) ContainerExecutionException(org.apache.hadoop.yarn.server.nodemanager.containermanager.runtime.ContainerExecutionException) PrivilegedOperationException(org.apache.hadoop.yarn.server.nodemanager.containermanager.linux.privileged.PrivilegedOperationException) PrivilegedOperation(org.apache.hadoop.yarn.server.nodemanager.containermanager.linux.privileged.PrivilegedOperation)

Example 28 with PrivilegedOperation

use of org.apache.hadoop.yarn.server.nodemanager.containermanager.linux.privileged.PrivilegedOperation in project hadoop by apache.

the class TestDockerContainerRuntime method testLaunchPrivilegedContainersEnabledAndUserInWhitelist.

@Test
public void testLaunchPrivilegedContainersEnabledAndUserInWhitelist() throws ContainerExecutionException, PrivilegedOperationException, IOException {
    //Enable privileged containers.
    conf.setBoolean(YarnConfiguration.NM_DOCKER_ALLOW_PRIVILEGED_CONTAINERS, true);
    //Add submittingUser to whitelist.
    conf.set(YarnConfiguration.NM_DOCKER_PRIVILEGED_CONTAINERS_ACL, submittingUser);
    DockerLinuxContainerRuntime runtime = new DockerLinuxContainerRuntime(mockExecutor, mockCGroupsHandler);
    runtime.initialize(conf);
    env.put("YARN_CONTAINER_RUNTIME_DOCKER_RUN_PRIVILEGED_CONTAINER", "true");
    runtime.launchContainer(builder.build());
    PrivilegedOperation op = capturePrivilegedOperationAndVerifyArgs();
    List<String> args = op.getArguments();
    String dockerCommandFile = args.get(11);
    List<String> dockerCommands = Files.readAllLines(Paths.get(dockerCommandFile), Charset.forName("UTF-8"));
    Assert.assertEquals(1, dockerCommands.size());
    String command = dockerCommands.get(0);
    //submitting user is whitelisted. ensure --privileged is in the invocation
    Assert.assertTrue("Did not find expected '--privileged' in docker run args " + ": " + command, command.contains("--privileged"));
}
Also used : PrivilegedOperation(org.apache.hadoop.yarn.server.nodemanager.containermanager.linux.privileged.PrivilegedOperation) Test(org.junit.Test)

Example 29 with PrivilegedOperation

use of org.apache.hadoop.yarn.server.nodemanager.containermanager.linux.privileged.PrivilegedOperation in project hadoop by apache.

the class TestDockerContainerRuntime method testMountMultiple.

@Test
public void testMountMultiple() throws ContainerExecutionException, PrivilegedOperationException, IOException {
    DockerLinuxContainerRuntime runtime = new DockerLinuxContainerRuntime(mockExecutor, mockCGroupsHandler);
    runtime.initialize(conf);
    env.put(DockerLinuxContainerRuntime.ENV_DOCKER_CONTAINER_LOCAL_RESOURCE_MOUNTS, "test_dir/test_resource_file:test_mount1," + "test_dir/test_resource_file:test_mount2");
    runtime.launchContainer(builder.build());
    PrivilegedOperation op = capturePrivilegedOperationAndVerifyArgs();
    List<String> args = op.getArguments();
    String dockerCommandFile = args.get(11);
    List<String> dockerCommands = Files.readAllLines(Paths.get(dockerCommandFile), Charset.forName("UTF-8"));
    Assert.assertEquals(1, dockerCommands.size());
    String command = dockerCommands.get(0);
    Assert.assertTrue("Did not find expected " + "/test_local_dir/test_resource_file:test_mount1 mount in docker " + "run args : " + command, command.contains(" -v /test_local_dir/test_resource_file:test_mount1" + ":ro "));
    Assert.assertTrue("Did not find expected " + "/test_local_dir/test_resource_file:test_mount2 mount in docker " + "run args : " + command, command.contains(" -v /test_local_dir/test_resource_file:test_mount2" + ":ro "));
}
Also used : PrivilegedOperation(org.apache.hadoop.yarn.server.nodemanager.containermanager.linux.privileged.PrivilegedOperation) Test(org.junit.Test)

Example 30 with PrivilegedOperation

use of org.apache.hadoop.yarn.server.nodemanager.containermanager.linux.privileged.PrivilegedOperation in project hadoop by apache.

the class TestDockerContainerRuntime method testContainerLivelinessCheck.

@Test
public void testContainerLivelinessCheck() throws ContainerExecutionException, PrivilegedOperationException {
    DockerLinuxContainerRuntime runtime = new DockerLinuxContainerRuntime(mockExecutor, mockCGroupsHandler);
    builder.setExecutionAttribute(RUN_AS_USER, runAsUser).setExecutionAttribute(USER, user).setExecutionAttribute(PID, signalPid).setExecutionAttribute(SIGNAL, ContainerExecutor.Signal.NULL);
    runtime.initialize(getConfigurationWithMockContainerExecutor());
    runtime.signalContainer(builder.build());
    PrivilegedOperation op = capturePrivilegedOperation();
    Assert.assertEquals(op.getOperationType(), PrivilegedOperation.OperationType.SIGNAL_CONTAINER);
    Assert.assertEquals("run_as_user", op.getArguments().get(0));
    Assert.assertEquals("user", op.getArguments().get(1));
    Assert.assertEquals("2", op.getArguments().get(2));
    Assert.assertEquals("1234", op.getArguments().get(3));
    Assert.assertEquals("0", op.getArguments().get(4));
}
Also used : PrivilegedOperation(org.apache.hadoop.yarn.server.nodemanager.containermanager.linux.privileged.PrivilegedOperation) Test(org.junit.Test)

Aggregations

PrivilegedOperation (org.apache.hadoop.yarn.server.nodemanager.containermanager.linux.privileged.PrivilegedOperation)43 Test (org.junit.Test)19 PrivilegedOperationException (org.apache.hadoop.yarn.server.nodemanager.containermanager.linux.privileged.PrivilegedOperationException)18 Configuration (org.apache.hadoop.conf.Configuration)11 YarnConfiguration (org.apache.hadoop.yarn.conf.YarnConfiguration)11 ArrayList (java.util.ArrayList)9 Container (org.apache.hadoop.yarn.server.nodemanager.containermanager.container.Container)9 ContainerExecutionException (org.apache.hadoop.yarn.server.nodemanager.containermanager.runtime.ContainerExecutionException)9 PrivilegedOperationExecutor (org.apache.hadoop.yarn.server.nodemanager.containermanager.linux.privileged.PrivilegedOperationExecutor)6 IOException (java.io.IOException)5 ContainerId (org.apache.hadoop.yarn.api.records.ContainerId)5 File (java.io.File)4 Path (org.apache.hadoop.fs.Path)4 List (java.util.List)3 ResourceHandlerException (org.apache.hadoop.yarn.server.nodemanager.containermanager.linux.resources.ResourceHandlerException)2 InetSocketAddress (java.net.InetSocketAddress)1 HashSet (java.util.HashSet)1 AccessControlList (org.apache.hadoop.security.authorize.AccessControlList)1 Resource (org.apache.hadoop.yarn.api.records.Resource)1 ContainerExecutor (org.apache.hadoop.yarn.server.nodemanager.ContainerExecutor)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial