Description
Support Docker Containers In LinuxContainerExecutor
LinuxContainerExecutor provides useful functionality today with respect to localization, cgroups based resource management and isolation for CPU, network, disk etc. as well as security with a well-defined mechanism to execute privileged operations using the container-executor utility. Bringing docker support to LinuxContainerExecutor lets us use all of this functionality when running docker containers under YARN, while not requiring users and admins to configure and use a different ContainerExecutor.
There are several aspects here that need to be worked through :
- Mechanism(s) to let clients request docker-specific functionality - we could initially implement this via environment variables without impacting the client API.
- Security - both docker daemon as well as application
- Docker image localization
- Running a docker container via container-executor as a specified user
- “Isolate” the docker container in terms of CPU/network/disk/etc
- Communicating with and/or signaling the running container (ensure correct pid handling)
- Figure out workarounds for certain performance-sensitive scenarios like HDFS short-circuit reads
- All of these need to be achieved without changing the current behavior of LinuxContainerExecutor
Attachments
Issue Links
- blocks
-
SPARK-20277 Allow Spark on YARN to be launched with Docker
-
- Resolved
-
- duplicates
-
YARN-5209 Transmission ContainerExecutor Class Parameters By The Client
-
- Resolved
-
- incorporates
-
YARN-7221 Add security check for privileged docker container
-
- Resolved
-
-
-
- Resolved
-
-
-
- Resolved
-
- is duplicated by
-
-
- Resolved
-
- is related to
-
-
- Resolved
-
-
AMBARI-17353 First class support for YARN hosted services
-
- Open
-
-
YARN-7677 Docker image cannot set HADOOP_CONF_DIR
-
- Resolved
-
-
-
- Resolved
-
- relates to
-
-
- Resolved
-
-
-
- Resolved
-