List<String> logDirs = dirsHandler.getLogDirs(); verifyUsernamePattern(user); String runAsUser = getRunAsUser(user); List<String> command = new ArrayList<String>(); addSchedPriorityCommand(command); command.addAll(Arrays.asList(containerExecutorExe, runAsUser, command.add("-Djava.library.path=" + javaLibPath); buildMainArgs(command, user, appId, locId, nmAddr, localDirs); String[] commandArray = command.toArray(new String[command.size()]); ShellCommandExecutor shExec = new ShellCommandExecutor(commandArray, shExec.execute(); if (LOG.isDebugEnabled()) { logOutput(shExec.getOutput()); LOG.warn("Exit code from container " + locId + " startLocalizer is : " + exitCode, e); logOutput(shExec.getOutput()); throw new IOException("Application " + appId + " initialization failed" + " (exitCode=" + exitCode + ") with output: " + shExec.getOutput(), e);
@Override public boolean isContainerProcessAlive(String user, String pid) throws IOException { // Send a test signal to the process as the user to see if it's alive return signalContainer(user, pid, Signal.NULL); }
protected PrivilegedOperationExecutor getPrivilegedOperationExecutor() { return PrivilegedOperationExecutor.getInstance(getConf()); }
PrivilegedOperation listAsUserOp = new PrivilegedOperation( PrivilegedOperation.OperationType.LIST_AS_USER, (String)null); String runAsUser = getRunAsUser(user); String dirString = ""; getPrivilegedOperationExecutor();
@Override public void deleteAsUser(String user, Path dir, Path... baseDirs) { verifyUsernamePattern(user); String runAsUser = getRunAsUser(user); shExec.execute(); if (LOG.isDebugEnabled()) { logOutput(shExec.getOutput()); + " returned with exit code: " + exitCode, e); LOG.error("Output from LinuxContainerExecutor's deleteAsUser follows:"); logOutput(shExec.getOutput());
List<String> localDirs, List<String> logDirs) throws IOException { verifyUsernamePattern(user); String runAsUser = getRunAsUser(user); Path pidFilePath = getPidFilePath(containerId); if (pidFilePath != null) { List<String> command = new ArrayList<String>(); addSchedPriorityCommand(command); command.addAll(Arrays.asList( containerExecutorExe, runAsUser, user, Integer logOutput(shExec.getOutput()); logOutput(diagnostics); container.handle(new ContainerDiagnosticsUpdateEvent(containerId, diagnostics)); logOutput(shExec.getOutput());
List<String> logDirs = dirsHandler.getLogDirs(); verifyUsernamePattern(user); String runAsUser = getRunAsUser(user); PrivilegedOperation initializeContainerOp = new PrivilegedOperation( PrivilegedOperation.OperationType.INITIALIZE_CONTAINER); List<String> prefixCommands = new ArrayList<>(); addSchedPriorityCommand(prefixCommands); initializeContainerOp.appendArgs( runAsUser, initializeContainerOp.appendArgs(ContainerLocalizer.getJavaOpts(getConf())); buildMainArgs(localizerArgs, user, appId, locId, nmAddr, localDirs); Path containerLogDir = getContainerLogDir(dirsHandler, appId, locId); localizerArgs = replaceWithContainerLogDir(localizerArgs, containerLogDir); Configuration conf = super.getConf(); PrivilegedOperationExecutor privilegedOperationExecutor = getPrivilegedOperationExecutor();
List<String> logDirs = dirsHandler.getLogDirs(); verifyUsernamePattern(user); String runAsUser = getRunAsUser(user); PrivilegedOperation initializeContainerOp = new PrivilegedOperation( PrivilegedOperation.OperationType.INITIALIZE_CONTAINER); List<String> prefixCommands = new ArrayList<>(); addSchedPriorityCommand(prefixCommands); initializeContainerOp.appendArgs(ContainerLocalizer.getJavaOpts(getConf())); buildMainArgs(localizerArgs, user, appId, locId, nmAddr, localDirs, userFolder); initializeContainerOp.appendArgs(localizerArgs); if (getConf().getBoolean(CommonConfigurationKeys.IPC_SERVER_SSL_ENABLED, CommonConfigurationKeys.IPC_SERVER_SSL_ENABLED_DEFAULT)) { CertificateLocalization certificateLocalization = CertificateLocalizationCtx.getInstance() Configuration conf = super.getConf(); PrivilegedOperationExecutor privilegedOperationExecutor = getPrivilegedOperationExecutor();
List<Path> baseDirs = ctx.getBasedirs(); verifyUsernamePattern(user); String runAsUser = getRunAsUser(user); String dirString = dir == null ? "" : dir.toUri().getPath(); Configuration conf = super.getConf(); PrivilegedOperationExecutor privilegedOperationExecutor = getPrivilegedOperationExecutor();
String user = ctx.getUser(); verifyUsernamePattern(user); Path pidFilePath = getPidFilePath(containerId); if (pidFilePath != null) { ContainerRuntimeContext runtimeContext = buildContainerRuntimeContext( ctx, pidFilePath, resourcesOptions, tcCommandFile, numaArgs); return handleExitCode(e, container, containerId); } finally { resourcesHandler.postExecute(containerId); postComplete(containerId);
Container container = ctx.getContainer(); String user = ctx.getUser(); String runAsUser = getRunAsUser(user); ContainerRuntimeContext runtimeContext = new ContainerRuntimeContext .Builder(container) logOutput(e.getOutput()); throw new IOException("Error in reaping container " + container.getContainerId().toString() + " exit = " + retCode, e); } finally { postComplete(container.getContainerId());
addSchedPriorityCommand(prefixCommands); addNumaArgsToCommand(prefixCommands, numaArgs); .setExecutionAttribute(RUN_AS_USER, getRunAsUser(ctx.getUser())) .setExecutionAttribute(USER, ctx.getUser()) .setExecutionAttribute(APPID, ctx.getAppId())
public void mountCgroups(List<String> cgroupKVs, String hierarchy) throws IOException { List<String> command = new ArrayList<String>( Arrays.asList(containerExecutorExe, "--mount-cgroups", hierarchy)); command.addAll(cgroupKVs); String[] commandArray = command.toArray(new String[command.size()]); ShellCommandExecutor shExec = new ShellCommandExecutor(commandArray); if (LOG.isDebugEnabled()) { LOG.debug("mountCgroups: " + Arrays.toString(commandArray)); } try { shExec.execute(); } catch (IOException e) { int ret_code = shExec.getExitCode(); LOG.warn("Exception in LinuxContainerExecutor mountCgroups ", e); logOutput(shExec.getOutput()); throw new IOException("Problem mounting cgroups " + cgroupKVs + "; exit code = " + ret_code + " and output: " + shExec.getOutput(), e); } } }
@VisibleForTesting void init(LinuxContainerExecutor lce, ResourceCalculatorPlugin plugin) throws IOException { initConfig(); // mount cgroups if requested if (cgroupMount && cgroupMountPath != null) { ArrayList<String> cgroupKVs = new ArrayList<String>(); cgroupKVs.add(CONTROLLER_CPU + "=" + cgroupMountPath + "/" + CONTROLLER_CPU); lce.mountCgroups(cgroupKVs, cgroupPrefix); } initializeControllerPaths(); // cap overall usage to the number of cores allocated to YARN yarnProcessors = NodeManagerHardwareUtils.getContainersCores(plugin, conf); int systemProcessors = plugin.getNumProcessors(); if (systemProcessors != (int) yarnProcessors) { LOG.info("YARN containers restricted to " + yarnProcessors + " cores"); int[] limits = getOverallLimits(yarnProcessors); updateCgroup(CONTROLLER_CPU, "", CPU_PERIOD_US, String.valueOf(limits[0])); updateCgroup(CONTROLLER_CPU, "", CPU_QUOTA_US, String.valueOf(limits[1])); } else if (cpuLimitsExist()) { LOG.info("Removing CPU constraints for YARN containers."); updateCgroup(CONTROLLER_CPU, "", CPU_QUOTA_US, String.valueOf(-1)); } }
@Override public void setConf(Configuration conf) { super.setConf(conf); containerExecutorExe = getContainerExecutorExecutablePath(conf); resourcesHandler = ReflectionUtils.newInstance( conf.getClass(YarnConfiguration.NM_LINUX_CONTAINER_RESOURCES_HANDLER, DefaultLCEResourcesHandler.class, LCEResourcesHandler.class), conf); resourcesHandler.setConf(conf); if (conf.get(YarnConfiguration.NM_CONTAINER_EXECUTOR_SCHED_PRIORITY) != null) { containerSchedPriorityIsSet = true; containerSchedPriorityAdjustment = conf .getInt(YarnConfiguration.NM_CONTAINER_EXECUTOR_SCHED_PRIORITY, YarnConfiguration.DEFAULT_NM_CONTAINER_EXECUTOR_SCHED_PRIORITY); } nonsecureLocalUser = conf.get( YarnConfiguration.NM_NONSECURE_MODE_LOCAL_USER_KEY, YarnConfiguration.DEFAULT_NM_NONSECURE_MODE_LOCAL_USER); nonsecureLocalUserPattern = Pattern.compile( conf.get(YarnConfiguration.NM_NONSECURE_MODE_USER_PATTERN_KEY, YarnConfiguration.DEFAULT_NM_NONSECURE_MODE_USER_PATTERN)); containerLimitUsers = conf.getBoolean( YarnConfiguration.NM_NONSECURE_MODE_LIMIT_USERS, YarnConfiguration.DEFAULT_NM_NONSECURE_MODE_LIMIT_USERS); if (!containerLimitUsers) { LOG.warn(YarnConfiguration.NM_NONSECURE_MODE_LIMIT_USERS + ": impersonation without authentication enabled"); } }
List<String> localDirs, List<String> logDirs) throws IOException { verifyUsernamePattern(user); String runAsUser = getRunAsUser(user); Path pidFilePath = getPidFilePath(containerId); if (pidFilePath != null) { List<String> command = new ArrayList<String>(); addSchedPriorityCommand(command); command.addAll(Arrays.asList( containerExecutorExe, runAsUser, user, Integer logOutput(shExec.getOutput()); logOutput(diagnostics); container.handle(new ContainerDiagnosticsUpdateEvent(containerId, diagnostics)); logOutput(shExec.getOutput());
@Override public void deleteAsUser(String user, Path dir, Path... baseDirs) { verifyUsernamePattern(user); String runAsUser = getRunAsUser(user); shExec.execute(); if (LOG.isDebugEnabled()) { logOutput(shExec.getOutput()); + " returned with exit code: " + exitCode, e); LOG.error("Output from LinuxContainerExecutor's deleteAsUser follows:"); logOutput(shExec.getOutput());
List<Path> baseDirs = ctx.getBasedirs(); verifyUsernamePattern(user); String runAsUser = getRunAsUser(user); String dirString = dir == null ? "" : dir.toUri().getPath(); Configuration conf = super.getConf(); PrivilegedOperationExecutor privilegedOperationExecutor = getPrivilegedOperationExecutor();
public void mountCgroups(List<String> cgroupKVs, String hierarchy) throws IOException { List<String> command = new ArrayList<String>( Arrays.asList(containerExecutorExe, "--mount-cgroups", hierarchy)); command.addAll(cgroupKVs); String[] commandArray = command.toArray(new String[command.size()]); ShellCommandExecutor shExec = new ShellCommandExecutor(commandArray); if (LOG.isDebugEnabled()) { LOG.debug("mountCgroups: " + Arrays.toString(commandArray)); } try { shExec.execute(); } catch (IOException e) { int ret_code = shExec.getExitCode(); LOG.warn("Exception in LinuxContainerExecutor mountCgroups ", e); logOutput(shExec.getOutput()); throw new IOException("Problem mounting cgroups " + cgroupKVs + "; exit code = " + ret_code + " and output: " + shExec.getOutput(), e); } } }
@VisibleForTesting void init(LinuxContainerExecutor lce, ResourceCalculatorPlugin plugin) throws IOException { initConfig(); // mount cgroups if requested if (cgroupMount && cgroupMountPath != null) { ArrayList<String> cgroupKVs = new ArrayList<String>(); cgroupKVs.add(CONTROLLER_CPU + "=" + cgroupMountPath + "/" + CONTROLLER_CPU); lce.mountCgroups(cgroupKVs, cgroupPrefix); } initializeControllerPaths(); // cap overall usage to the number of cores allocated to YARN yarnProcessors = NodeManagerHardwareUtils.getContainersCores(plugin, conf); int systemProcessors = plugin.getNumProcessors(); if (systemProcessors != (int) yarnProcessors) { LOG.info("YARN containers restricted to " + yarnProcessors + " cores"); int[] limits = getOverallLimits(yarnProcessors); updateCgroup(CONTROLLER_CPU, "", CPU_PERIOD_US, String.valueOf(limits[0])); updateCgroup(CONTROLLER_CPU, "", CPU_QUOTA_US, String.valueOf(limits[1])); } else if (cpuLimitsExist()) { LOG.info("Removing CPU constraints for YARN containers."); updateCgroup(CONTROLLER_CPU, "", CPU_QUOTA_US, String.valueOf(-1)); } }