Package org.apache.hadoop.yarn.server.nodemanager.containermanager.linux.runtime

Class DockerLinuxContainerRuntime

java.lang.Object
org.apache.hadoop.yarn.server.nodemanager.containermanager.linux.runtime.OCIContainerRuntime
org.apache.hadoop.yarn.server.nodemanager.containermanager.linux.runtime.DockerLinuxContainerRuntime
All Implemented Interfaces:
LinuxContainerRuntime, ContainerRuntime
@Private @Unstable public class DockerLinuxContainerRuntime extends OCIContainerRuntime

This class is an extension of OCIContainerRuntime that uses the native container-executor binary via a PrivilegedOperationExecutor instance to launch processes inside Docker containers.

The following environment variables are used to configure the Docker engine:

  • YARN_CONTAINER_RUNTIME_TYPE ultimately determines whether a Docker container will be used. If the value is docker, a Docker container will be used. Otherwise a regular process tree container will be used. This environment variable is checked by the isDockerContainerRequested(org.apache.hadoop.conf.Configuration, java.util.Map<java.lang.String, java.lang.String>) method, which is called by the DelegatingLinuxContainerRuntime.
  • YARN_CONTAINER_RUNTIME_DOCKER_IMAGE names which image will be used to launch the Docker container.
  • YARN_CONTAINER_RUNTIME_DOCKER_RUN_OVERRIDE_DISABLE controls whether the Docker container's default command is overridden. When set to true, the Docker container's command will be bash <path_to_launch_script>. When unset or set to false the Docker container's default command is used.
  • YARN_CONTAINER_RUNTIME_DOCKER_CONTAINER_NETWORK sets the network type to be used by the Docker container. It must be a valid value as determined by the yarn.nodemanager.runtime.linux.docker.allowed-container-networks property.
  • YARN_CONTAINER_RUNTIME_DOCKER_PORTS_MAPPING allows users to specify ports mapping for the bridge network Docker container. The value of the environment variable should be a comma-separated list of ports mapping. It's the same to "-p" option for the Docker run command. If the value is empty, "-P" will be added.
  • YARN_CONTAINER_RUNTIME_DOCKER_CONTAINER_PID_NAMESPACE controls which PID namespace will be used by the Docker container. By default, each Docker container has its own PID namespace. To share the namespace of the host, the yarn.nodemanager.runtime.linux.docker.host-pid-namespace.allowed property must be set to true. If the host PID namespace is allowed and this environment variable is set to host, the Docker container will share the host's PID namespace. No other value is allowed.
  • YARN_CONTAINER_RUNTIME_DOCKER_CONTAINER_HOSTNAME sets the hostname to be used by the Docker container. If not specified, a hostname will be derived from the container ID and set as default hostname for networks other than 'host'.
  • YARN_CONTAINER_RUNTIME_DOCKER_RUN_PRIVILEGED_CONTAINER controls whether the Docker container is a privileged container. In order to use privileged containers, the yarn.nodemanager.runtime.linux.docker.privileged-containers.allowed property must be set to true, and the application owner must appear in the value of the yarn.nodemanager.runtime.linux.docker.privileged-containers.acl property. If this environment variable is set to true, a privileged Docker container will be used if allowed. No other value is allowed, so the environment variable should be left unset rather than setting it to false.
  • YARN_CONTAINER_RUNTIME_DOCKER_MOUNTS allows users to specify additional volume mounts for the Docker container. The value of the environment variable should be a comma-separated list of mounts. All such mounts must be given as source:dest[:mode] and the mode must be "ro" (read-only) or "rw" (read-write) to specify the type of access being requested. If neither is specified, read-write will be assumed. The mode may include a bind propagation option. In that case, the mode should either be of the form [option], rw+[option], or ro+[option]. Valid bind propagation options are shared, rshared, slave, rslave, private, and rprivate. The requested mounts will be validated by container-executor based on the values set in container-executor.cfg for docker.allowed.ro-mounts and docker.allowed.rw-mounts.
  • YARN_CONTAINER_RUNTIME_DOCKER_TMPFS_MOUNTS allows users to specify additional tmpfs mounts for the Docker container. The value of the environment variable should be a comma-separated list of mounts.
  • YARN_CONTAINER_RUNTIME_DOCKER_DELAYED_REMOVAL allows a user to request delayed deletion of the Docker containers on a per container basis. If true, Docker containers will not be removed until the duration defined by yarn.nodemanager.delete.debug-delay-sec has elapsed. Administrators can disable this feature through the yarn-site property yarn.nodemanager.runtime.linux.docker.delayed-removal.allowed. This feature is disabled by default. When this feature is disabled or set to false, the container will be removed as soon as it exits.
  • YARN_CONTAINER_RUNTIME_YARN_SYSFS_ENABLE allows export yarn service json to docker container. This feature is disabled by default. When this feature is set, app.json will be available in /hadoop/yarn/sysfs/app.json.