hadoop-yarn-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Varun Vasudev (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (YARN-5042) Mount /sys/fs/cgroup into Docker containers as read only mount
Date Wed, 03 Aug 2016 09:13:20 GMT

    [ https://issues.apache.org/jira/browse/YARN-5042?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15405606#comment-15405606
] 

Varun Vasudev commented on YARN-5042:
-------------------------------------

[~luhuichun] - thanks for the latest patch. Some things need to be fixed -
1)
{code}
+    if (new File("/sys/fs/cgroup").exists())
+      runCommand.addMountLocation("/sys/fs/cgroup", "/sys/fs/cgroup:ro");   
+ 
{code}

Instead of checking if the location exists in DockerLinuxContainerRuntime.java - can you add
a new function in DockerRunCommand.java which takes the paths and a boolean as a param - which
allows the user to toggle whether the mount should happen if the source doesn't exist.
Something like - 
{code}
public DockerRunCommand addMountLocation(String sourcePath, String destinationPath, boolean
createSource) {
    boolean sourceExists = new File(sourcePath).exists();
    if(!sourceExists && !createSource) {
      return this;
   }
    super.addCommandArguments("-v", sourcePath + ":" + destinationPath);
    return this;
  }
{code}
You should also modify the existing mountCommand to call this version with createSource as
true because that's the current behavior. Adding the new function should also fix the FindBugs
warning.

2)
Please fix the failing unit test in TestDockerContainerRuntime.java.

> Mount /sys/fs/cgroup into Docker containers as read only mount
> --------------------------------------------------------------
>
>                 Key: YARN-5042
>                 URL: https://issues.apache.org/jira/browse/YARN-5042
>             Project: Hadoop YARN
>          Issue Type: Sub-task
>          Components: yarn
>            Reporter: Varun Vasudev
>            Assignee: luhuichun
>         Attachments: YARN-5042.001.patch, YARN-5042.002.patch, YARN-5042.003.patch
>
>
> Containers running systemd need access to /sys/fs/cgroup. We should mount it into the
container as a read only mount.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: yarn-issues-help@hadoop.apache.org


Mime
View raw message