Examples with PrivilegedOperationException org.apache.hadoop.yarn.server.nodemanager.containermanager.linux.privileged.PrivilegedOperationException used on opensource projects

Example 6 with PrivilegedOperationException

use of org.apache.hadoop.yarn.server.nodemanager.containermanager.linux.privileged.PrivilegedOperationException in project hadoop by apache.

the class LinuxContainerExecutor method deleteAsUser.

@Override
public void deleteAsUser(DeletionAsUserContext ctx) {
    String user = ctx.getUser();
    Path dir = ctx.getSubDir();
    List<Path> baseDirs = ctx.getBasedirs();
    verifyUsernamePattern(user);
    String runAsUser = getRunAsUser(user);
    String dirString = dir == null ? "" : dir.toUri().getPath();
    PrivilegedOperation deleteAsUserOp = new PrivilegedOperation(PrivilegedOperation.OperationType.DELETE_AS_USER, (String) null);
    deleteAsUserOp.appendArgs(runAsUser, user, Integer.toString(PrivilegedOperation.RunAsUserCommand.DELETE_AS_USER.getValue()), dirString);
    List<String> pathsToDelete = new ArrayList<String>();
    if (baseDirs == null || baseDirs.size() == 0) {
        LOG.info("Deleting absolute path : " + dir);
        pathsToDelete.add(dirString);
    } else {
        for (Path baseDir : baseDirs) {
            Path del = dir == null ? baseDir : new Path(baseDir, dir);
            LOG.info("Deleting path : " + del);
            pathsToDelete.add(del.toString());
            deleteAsUserOp.appendArgs(baseDir.toUri().getPath());
        }
    }
    try {
        Configuration conf = super.getConf();
        PrivilegedOperationExecutor privilegedOperationExecutor = PrivilegedOperationExecutor.getInstance(conf);
        privilegedOperationExecutor.executePrivilegedOperation(deleteAsUserOp, false);
    } catch (PrivilegedOperationException e) {
        int exitCode = e.getExitCode();
        LOG.error("DeleteAsUser for " + StringUtils.join(" ", pathsToDelete) + " returned with exit code: " + exitCode, e);
    }
}

Example 7 with PrivilegedOperationException

use of org.apache.hadoop.yarn.server.nodemanager.containermanager.linux.privileged.PrivilegedOperationException in project hadoop by apache.

the class LinuxContainerExecutor method init.

@Override
public void init() throws IOException {
    Configuration conf = super.getConf();
    // verify configuration/permissions and exit
    try {
        PrivilegedOperation checkSetupOp = new PrivilegedOperation(PrivilegedOperation.OperationType.CHECK_SETUP);
        PrivilegedOperationExecutor privilegedOperationExecutor = PrivilegedOperationExecutor.getInstance(conf);
        privilegedOperationExecutor.executePrivilegedOperation(checkSetupOp, false);
    } catch (PrivilegedOperationException e) {
        int exitCode = e.getExitCode();
        LOG.warn("Exit code from container executor initialization is : " + exitCode, e);
        throw new IOException("Linux container executor not configured properly" + " (error=" + exitCode + ")", e);
    }
    try {
        resourceHandlerChain = ResourceHandlerModule.getConfiguredResourceHandlerChain(conf);
        if (LOG.isDebugEnabled()) {
            LOG.debug("Resource handler chain enabled = " + (resourceHandlerChain == null));
        }
        if (resourceHandlerChain != null) {
            LOG.debug("Bootstrapping resource handler chain");
            resourceHandlerChain.bootstrap(conf);
        }
    } catch (ResourceHandlerException e) {
        LOG.error("Failed to bootstrap configured resource subsystems! ", e);
        throw new IOException("Failed to bootstrap configured resource subsystems!");
    }
    try {
        if (linuxContainerRuntime == null) {
            LinuxContainerRuntime runtime = new DelegatingLinuxContainerRuntime();
            runtime.initialize(conf);
            this.linuxContainerRuntime = runtime;
        }
    } catch (ContainerExecutionException e) {
        LOG.error("Failed to initialize linux container runtime(s)!", e);
        throw new IOException("Failed to initialize linux container runtime(s)!");
    }
    resourcesHandler.init(this);
}

Example 8 with PrivilegedOperationException

use of org.apache.hadoop.yarn.server.nodemanager.containermanager.linux.privileged.PrivilegedOperationException in project hadoop by apache.

the class LinuxContainerExecutor method startLocalizer.

@Override
public void startLocalizer(LocalizerStartContext ctx) throws IOException, InterruptedException {
    Path nmPrivateContainerTokensPath = ctx.getNmPrivateContainerTokens();
    InetSocketAddress nmAddr = ctx.getNmAddr();
    String user = ctx.getUser();
    String appId = ctx.getAppId();
    String locId = ctx.getLocId();
    LocalDirsHandlerService dirsHandler = ctx.getDirsHandler();
    List<String> localDirs = dirsHandler.getLocalDirs();
    List<String> logDirs = dirsHandler.getLogDirs();
    verifyUsernamePattern(user);
    String runAsUser = getRunAsUser(user);
    PrivilegedOperation initializeContainerOp = new PrivilegedOperation(PrivilegedOperation.OperationType.INITIALIZE_CONTAINER);
    List<String> prefixCommands = new ArrayList<>();
    addSchedPriorityCommand(prefixCommands);
    initializeContainerOp.appendArgs(runAsUser, user, Integer.toString(PrivilegedOperation.RunAsUserCommand.INITIALIZE_CONTAINER.getValue()), appId, nmPrivateContainerTokensPath.toUri().getPath().toString(), StringUtils.join(PrivilegedOperation.LINUX_FILE_PATH_SEPARATOR, localDirs), StringUtils.join(PrivilegedOperation.LINUX_FILE_PATH_SEPARATOR, logDirs));
    // use same jvm as parent
    File jvm = new File(new File(System.getProperty("java.home"), "bin"), "java");
    initializeContainerOp.appendArgs(jvm.toString());
    initializeContainerOp.appendArgs("-classpath");
    initializeContainerOp.appendArgs(System.getProperty("java.class.path"));
    String javaLibPath = System.getProperty("java.library.path");
    if (javaLibPath != null) {
        initializeContainerOp.appendArgs("-Djava.library.path=" + javaLibPath);
    }
    initializeContainerOp.appendArgs(ContainerLocalizer.getJavaOpts(getConf()));
    List<String> localizerArgs = new ArrayList<>();
    buildMainArgs(localizerArgs, user, appId, locId, nmAddr, localDirs);
    initializeContainerOp.appendArgs(localizerArgs);
    try {
        Configuration conf = super.getConf();
        PrivilegedOperationExecutor privilegedOperationExecutor = PrivilegedOperationExecutor.getInstance(conf);
        privilegedOperationExecutor.executePrivilegedOperation(prefixCommands, initializeContainerOp, null, null, false, true);
    } catch (PrivilegedOperationException e) {
        int exitCode = e.getExitCode();
        LOG.warn("Exit code from container " + locId + " startLocalizer is : " + exitCode, e);
        throw new IOException("Application " + appId + " initialization failed" + " (exitCode=" + exitCode + ") with output: " + e.getOutput(), e);
    }
}

Example 9 with PrivilegedOperationException

use of org.apache.hadoop.yarn.server.nodemanager.containermanager.linux.privileged.PrivilegedOperationException in project hadoop by apache.

the class CGroupsHandlerImpl method mountCGroupController.

private void mountCGroupController(CGroupController controller) throws ResourceHandlerException {
    String path = getControllerPath(controller);
    if (path == null) {
        try {
            //lock out other readers/writers till we are done
            rwLock.writeLock().lock();
            String hierarchy = cGroupPrefix;
            StringBuffer controllerPath = new StringBuffer().append(cGroupMountPath).append('/').append(controller.getName());
            StringBuffer cGroupKV = new StringBuffer().append(controller.getName()).append('=').append(controllerPath);
            PrivilegedOperation.OperationType opType = PrivilegedOperation.OperationType.MOUNT_CGROUPS;
            PrivilegedOperation op = new PrivilegedOperation(opType);
            op.appendArgs(hierarchy, cGroupKV.toString());
            LOG.info("Mounting controller " + controller.getName() + " at " + controllerPath);
            privilegedOperationExecutor.executePrivilegedOperation(op, false);
            //if privileged operation succeeds, update controller paths
            controllerPaths.put(controller, controllerPath.toString());
            return;
        } catch (PrivilegedOperationException e) {
            LOG.error("Failed to mount controller: " + controller.getName());
            throw new ResourceHandlerException("Failed to mount controller: " + controller.getName());
        } finally {
            rwLock.writeLock().unlock();
        }
    } else {
        LOG.info("CGroup controller already mounted at: " + path);
        return;
    }
}

Example 10 with PrivilegedOperationException

use of org.apache.hadoop.yarn.server.nodemanager.containermanager.linux.privileged.PrivilegedOperationException in project hadoop by apache.

the class TrafficControlBandwidthHandlerImpl method postComplete.

/**
   * Cleanup operations once container is completed - deletes cgroup and
   * removes traffic shaping rule(s).
   * @param containerId of the container that was completed.
   * @return
   * @throws ResourceHandlerException
   */
@Override
public List<PrivilegedOperation> postComplete(ContainerId containerId) throws ResourceHandlerException {
    LOG.info("postComplete for container: " + containerId.toString());
    cGroupsHandler.deleteCGroup(CGroupsHandler.CGroupController.NET_CLS, containerId.toString());
    Integer classId = containerIdClassIdMap.get(containerId);
    if (classId != null) {
        PrivilegedOperation op = trafficController.new BatchBuilder(PrivilegedOperation.OperationType.TC_MODIFY_STATE).deleteContainerClass(classId).commitBatchToTempFile();
        try {
            privilegedOperationExecutor.executePrivilegedOperation(op, false);
            trafficController.releaseClassId(classId);
        } catch (PrivilegedOperationException e) {
            LOG.warn("Failed to delete tc rule for classId: " + classId);
            throw new ResourceHandlerException("Failed to delete tc rule for classId:" + classId);
        }
    } else {
        LOG.warn("Not cleaning up tc rules. classId unknown for container: " + containerId.toString());
    }
    return null;
}