hadoop-yarn-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Shane Kumpf (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (YARN-6930) Admins should be able to explicitly enable specific LinuxContainerRuntime in the NodeManager
Date Tue, 08 Aug 2017 12:57:00 GMT

    [ https://issues.apache.org/jira/browse/YARN-6930?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16118300#comment-16118300

Shane Kumpf commented on YARN-6930:

Thanks for the comments, [~miklos.szegedi@cloudera.com]. I will get those assertions added.

I am wondering whether it would be a good idea to specify the user as well not just enabling
a runtime in general. I could imagine that an admin allows Docker runtime only for specific
users first...

I think there could be value in an ACL model for container runtimes, however, there are additional
issues regarding user squashing that need to be addressed before the feature is very useful.
Let's address that in a different issue if that works for you?

I'll also note that there are differences in implementation between the Java Sandbox and Docker
runtimes, so I have not changed the behavior of the existing runtime selection with this patch.
One of the considerations when developing the docker runtime was the ability to control the
runtime per container as opposed to per application/cluster; i.e. AM's run as regular process
based containers, while map and reduce task containers run using the docker runtime. The java
sandbox based runtime takes a different approach and is enabled through configuration. This
may be appropriate for the java sandbox runtime, but I don't want to change the way the docker
runtime selection works today, which is why I decided not to introduce the docker-mode config
and instead check the allowed runtimes after selection.

> Admins should be able to explicitly enable specific LinuxContainerRuntime in the NodeManager
> --------------------------------------------------------------------------------------------
>                 Key: YARN-6930
>                 URL: https://issues.apache.org/jira/browse/YARN-6930
>             Project: Hadoop YARN
>          Issue Type: Improvement
>          Components: nodemanager
>            Reporter: Vinod Kumar Vavilapalli
>            Assignee: Shane Kumpf
>         Attachments: YARN-6930.001.patch
> Today, in the java land, all LinuxContainerRuntimes are always enabled when using LinuxContainerExecutor
and the user can simply invoke anything that he/she wants - default, docker, java-sandbox.
> We should have a way for admins to explicitly enable only specific runtimes that he/she
decides for the cluster. And by default, we should have everything other than the default
one disabled.

This message was sent by Atlassian JIRA

To unsubscribe, e-mail: yarn-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: yarn-issues-help@hadoop.apache.org

View raw message