Examples with PrivilegedOperation - org.apache.hadoop.yarn.server.nodemanager.containermanager.linux.privileged.PrivilegedOperation

Example 31 with PrivilegedOperation

use of org.apache.hadoop.yarn.server.nodemanager.containermanager.linux.privileged.PrivilegedOperation in project hadoop by apache.

the class TestDockerContainerRuntime method testMountSourceTarget.

@Test
public void testMountSourceTarget() throws ContainerExecutionException, PrivilegedOperationException, IOException {
    DockerLinuxContainerRuntime runtime = new DockerLinuxContainerRuntime(mockExecutor, mockCGroupsHandler);
    runtime.initialize(conf);
    env.put(DockerLinuxContainerRuntime.ENV_DOCKER_CONTAINER_LOCAL_RESOURCE_MOUNTS, "test_dir/test_resource_file:test_mount");
    runtime.launchContainer(builder.build());
    PrivilegedOperation op = capturePrivilegedOperationAndVerifyArgs();
    List<String> args = op.getArguments();
    String dockerCommandFile = args.get(11);
    List<String> dockerCommands = Files.readAllLines(Paths.get(dockerCommandFile), Charset.forName("UTF-8"));
    Assert.assertEquals(1, dockerCommands.size());
    String command = dockerCommands.get(0);
    Assert.assertTrue("Did not find expected " + "/test_local_dir/test_resource_file:test_mount mount in docker " + "run args : " + command, command.contains(" -v /test_local_dir/test_resource_file:test_mount" + ":ro "));
}

Also used : PrivilegedOperation(org.apache.hadoop.yarn.server.nodemanager.containermanager.linux.privileged.PrivilegedOperation) Test(org.junit.Test)

Example 32 with PrivilegedOperation

use of org.apache.hadoop.yarn.server.nodemanager.containermanager.linux.privileged.PrivilegedOperation in project hadoop by apache.

the class TestDockerContainerRuntime method testLaunchPrivilegedContainersInvalidEnvVar.

@Test
public void testLaunchPrivilegedContainersInvalidEnvVar() throws ContainerExecutionException, PrivilegedOperationException, IOException {
    DockerLinuxContainerRuntime runtime = new DockerLinuxContainerRuntime(mockExecutor, mockCGroupsHandler);
    runtime.initialize(conf);
    env.put("YARN_CONTAINER_RUNTIME_DOCKER_RUN_PRIVILEGED_CONTAINER", "invalid-value");
    runtime.launchContainer(builder.build());
    PrivilegedOperation op = capturePrivilegedOperationAndVerifyArgs();
    List<String> args = op.getArguments();
    String dockerCommandFile = args.get(11);
    List<String> dockerCommands = Files.readAllLines(Paths.get(dockerCommandFile), Charset.forName("UTF-8"));
    Assert.assertEquals(1, dockerCommands.size());
    String command = dockerCommands.get(0);
    //ensure --privileged isn't in the invocation
    Assert.assertTrue("Unexpected --privileged in docker run args : " + command, !command.contains("--privileged"));
}

Also used : PrivilegedOperation(org.apache.hadoop.yarn.server.nodemanager.containermanager.linux.privileged.PrivilegedOperation) Test(org.junit.Test)

Example 33 with PrivilegedOperation

use of org.apache.hadoop.yarn.server.nodemanager.containermanager.linux.privileged.PrivilegedOperation in project hadoop by apache.

the class TestDockerContainerRuntime method getDockerCommandsForSignal.

private List<String> getDockerCommandsForSignal(ContainerExecutor.Signal signal) throws ContainerExecutionException, PrivilegedOperationException, IOException {
    DockerLinuxContainerRuntime runtime = new DockerLinuxContainerRuntime(mockExecutor, mockCGroupsHandler);
    builder.setExecutionAttribute(RUN_AS_USER, runAsUser).setExecutionAttribute(USER, user).setExecutionAttribute(PID, signalPid).setExecutionAttribute(SIGNAL, signal);
    runtime.initialize(getConfigurationWithMockContainerExecutor());
    runtime.signalContainer(builder.build());
    PrivilegedOperation op = capturePrivilegedOperation();
    Assert.assertEquals(op.getOperationType(), PrivilegedOperation.OperationType.RUN_DOCKER_CMD);
    String dockerCommandFile = op.getArguments().get(0);
    return Files.readAllLines(Paths.get(dockerCommandFile), Charset.forName("UTF-8"));
}

Also used : PrivilegedOperation(org.apache.hadoop.yarn.server.nodemanager.containermanager.linux.privileged.PrivilegedOperation)

Example 34 with PrivilegedOperation

use of org.apache.hadoop.yarn.server.nodemanager.containermanager.linux.privileged.PrivilegedOperation in project hadoop by apache.

the class TestDockerContainerRuntime method capturePrivilegedOperationAndVerifyArgs.

@SuppressWarnings("unchecked")
private PrivilegedOperation capturePrivilegedOperationAndVerifyArgs() throws PrivilegedOperationException {
    PrivilegedOperation op = capturePrivilegedOperation();
    Assert.assertEquals(PrivilegedOperation.OperationType.LAUNCH_DOCKER_CONTAINER, op.getOperationType());
    List<String> args = op.getArguments();
    //This invocation of container-executor should use 13 arguments in a
    // specific order (sigh.)
    Assert.assertEquals(13, args.size());
    //verify arguments
    Assert.assertEquals(runAsUser, args.get(0));
    Assert.assertEquals(user, args.get(1));
    Assert.assertEquals(Integer.toString(PrivilegedOperation.RunAsUserCommand.LAUNCH_DOCKER_CONTAINER.getValue()), args.get(2));
    Assert.assertEquals(appId, args.get(3));
    Assert.assertEquals(containerId, args.get(4));
    Assert.assertEquals(containerWorkDir.toString(), args.get(5));
    Assert.assertEquals(nmPrivateContainerScriptPath.toUri().toString(), args.get(6));
    Assert.assertEquals(nmPrivateTokensPath.toUri().getPath(), args.get(7));
    Assert.assertEquals(pidFilePath.toString(), args.get(8));
    Assert.assertEquals(localDirs.get(0), args.get(9));
    Assert.assertEquals(logDirs.get(0), args.get(10));
    Assert.assertEquals(resourcesOptions, args.get(12));
    return op;
}

Also used : PrivilegedOperation(org.apache.hadoop.yarn.server.nodemanager.containermanager.linux.privileged.PrivilegedOperation)

Example 35 with PrivilegedOperation

use of org.apache.hadoop.yarn.server.nodemanager.containermanager.linux.privileged.PrivilegedOperation in project hadoop by apache.

the class TestCGroupsHandlerImpl method testMountController.

@Test
public void testMountController() {
    CGroupsHandler cGroupsHandler = null;
    //Since we enabled (deferred) cgroup controller mounting, no interactions
    //should have occurred, with this mock
    verifyZeroInteractions(privilegedOperationExecutorMock);
    try {
        cGroupsHandler = new CGroupsHandlerImpl(conf, privilegedOperationExecutorMock);
        PrivilegedOperation expectedOp = new PrivilegedOperation(PrivilegedOperation.OperationType.MOUNT_CGROUPS);
        //This is expected to be of the form :
        //net_cls=<mount_path>/net_cls
        StringBuffer controllerKV = new StringBuffer(controller.getName()).append('=').append(tmpPath).append('/').append(controller.getName());
        expectedOp.appendArgs(hierarchy, controllerKV.toString());
        cGroupsHandler.initializeCGroupController(controller);
        try {
            ArgumentCaptor<PrivilegedOperation> opCaptor = ArgumentCaptor.forClass(PrivilegedOperation.class);
            verify(privilegedOperationExecutorMock).executePrivilegedOperation(opCaptor.capture(), eq(false));
            //we'll explicitly capture and assert that the
            //captured op and the expected op are identical.
            Assert.assertEquals(expectedOp, opCaptor.getValue());
            verifyNoMoreInteractions(privilegedOperationExecutorMock);
            //Try mounting the same controller again - this should be a no-op
            cGroupsHandler.initializeCGroupController(controller);
            verifyNoMoreInteractions(privilegedOperationExecutorMock);
        } catch (PrivilegedOperationException e) {
            LOG.error("Caught exception: " + e);
            Assert.assertTrue("Unexpected PrivilegedOperationException from mock!", false);
        }
    } catch (ResourceHandlerException e) {
        LOG.error("Caught exception: " + e);
        Assert.assertTrue("Unexpected ResourceHandler Exception!", false);
    }
}

Also used : PrivilegedOperationException(org.apache.hadoop.yarn.server.nodemanager.containermanager.linux.privileged.PrivilegedOperationException) PrivilegedOperation(org.apache.hadoop.yarn.server.nodemanager.containermanager.linux.privileged.PrivilegedOperation) Test(org.junit.Test)

Aggregations

PrivilegedOperation (org.apache.hadoop.yarn.server.nodemanager.containermanager.linux.privileged.PrivilegedOperation)43 Test (org.junit.Test)19 PrivilegedOperationException (org.apache.hadoop.yarn.server.nodemanager.containermanager.linux.privileged.PrivilegedOperationException)18 Configuration (org.apache.hadoop.conf.Configuration)11 YarnConfiguration (org.apache.hadoop.yarn.conf.YarnConfiguration)11 ArrayList (java.util.ArrayList)9 Container (org.apache.hadoop.yarn.server.nodemanager.containermanager.container.Container)9 ContainerExecutionException (org.apache.hadoop.yarn.server.nodemanager.containermanager.runtime.ContainerExecutionException)9 PrivilegedOperationExecutor (org.apache.hadoop.yarn.server.nodemanager.containermanager.linux.privileged.PrivilegedOperationExecutor)6 IOException (java.io.IOException)5 ContainerId (org.apache.hadoop.yarn.api.records.ContainerId)5 File (java.io.File)4 Path (org.apache.hadoop.fs.Path)4 List (java.util.List)3 ResourceHandlerException (org.apache.hadoop.yarn.server.nodemanager.containermanager.linux.resources.ResourceHandlerException)2 InetSocketAddress (java.net.InetSocketAddress)1 HashSet (java.util.HashSet)1 AccessControlList (org.apache.hadoop.security.authorize.AccessControlList)1 Resource (org.apache.hadoop.yarn.api.records.Resource)1 ContainerExecutor (org.apache.hadoop.yarn.server.nodemanager.ContainerExecutor)1