@InterfaceAudience.Private @InterfaceStability.Unstable public abstract class OCIContainerRuntime extends Object implements LinuxContainerRuntime
This class is a ContainerRuntime
implementation that uses the
native container-executor
binary via a
PrivilegedOperationExecutor
instance to launch processes inside
OCI-compliant containers.
Modifier and Type | Field and Description |
---|---|
static String |
CONTAINER_PID_NAMESPACE_SUFFIX |
static String |
RUN_PRIVILEGED_CONTAINER_SUFFIX |
static String |
RUNTIME_PREFIX |
Constructor and Description |
---|
OCIContainerRuntime(PrivilegedOperationExecutor privilegedOperationExecutor) |
OCIContainerRuntime(PrivilegedOperationExecutor privilegedOperationExecutor,
CGroupsHandler cGroupsHandler) |
Modifier and Type | Method and Description |
---|---|
protected boolean |
allowHostPidNamespace(Container container)
Return whether the YARN container is allowed to run using the host's PID
namespace for the OCI-compliant container.
|
protected boolean |
allowPrivilegedContainerExecution(Container container)
Return whether the YARN container is allowed to run in a privileged
OCI-compliant container.
|
static String |
formatOciEnvKey(String runtimeTypeUpper,
String envKeySuffix) |
Map<String,org.apache.hadoop.yarn.api.CsiAdaptorProtocol> |
getCsiClients() |
protected String[] |
getGroupIdInfo(String userName) |
protected String |
getUserIdInfo(String userName) |
void |
initialize(org.apache.hadoop.conf.Configuration conf,
Context nmContext)
Initialize the runtime.
|
protected void |
initiateCsiClients(org.apache.hadoop.conf.Configuration config)
Initiate CSI clients to talk to the CSI adaptors on this node and
cache the clients for easier fetch.
|
protected boolean |
isContainerRequestedAsPrivileged(Container container)
This function only returns whether a privileged container was requested,
not whether the container was or will be launched as privileged.
|
static boolean |
isOCICompliantContainerRequested(org.apache.hadoop.conf.Configuration daemonConf,
Map<String,String> env) |
protected String |
mountReadOnlyPath(String mount,
Map<org.apache.hadoop.fs.Path,List<String>> localizedResources) |
void |
prepareContainer(ContainerRuntimeContext ctx)
Prepare a container to be ready for launch.
|
protected void |
validateContainerNetworkType(String network) |
protected void |
validateContainerRuntimeType(String runtime) |
protected static void |
validateHostname(String hostname) |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
getLocalResources, isRuntimeRequested, start, stop
execContainer, getExposedPorts, getIpAndHost, launchContainer, reapContainer, relaunchContainer, signalContainer
@InterfaceAudience.Private public static final String RUNTIME_PREFIX
@InterfaceAudience.Private public static final String CONTAINER_PID_NAMESPACE_SUFFIX
@InterfaceAudience.Private public static final String RUN_PRIVILEGED_CONTAINER_SUFFIX
public OCIContainerRuntime(PrivilegedOperationExecutor privilegedOperationExecutor)
public OCIContainerRuntime(PrivilegedOperationExecutor privilegedOperationExecutor, CGroupsHandler cGroupsHandler)
public void initialize(org.apache.hadoop.conf.Configuration conf, Context nmContext) throws ContainerExecutionException
LinuxContainerRuntime
initialize
in interface LinuxContainerRuntime
conf
- the Configuration
to usenmContext
- NMContextContainerExecutionException
- if an error occurs while initializing
the runtimepublic static boolean isOCICompliantContainerRequested(org.apache.hadoop.conf.Configuration daemonConf, Map<String,String> env)
protected String mountReadOnlyPath(String mount, Map<org.apache.hadoop.fs.Path,List<String>> localizedResources) throws ContainerExecutionException
ContainerExecutionException
public void prepareContainer(ContainerRuntimeContext ctx) throws ContainerExecutionException
ContainerRuntime
prepareContainer
in interface ContainerRuntime
ctx
- the ContainerRuntimeContext
ContainerExecutionException
- if an error occurs while preparing
the containerprotected String getUserIdInfo(String userName) throws ContainerExecutionException
ContainerExecutionException
protected String[] getGroupIdInfo(String userName) throws ContainerExecutionException
ContainerExecutionException
protected void validateContainerNetworkType(String network) throws ContainerExecutionException
ContainerExecutionException
protected void validateContainerRuntimeType(String runtime) throws ContainerExecutionException
ContainerExecutionException
protected boolean allowHostPidNamespace(Container container) throws ContainerExecutionException
container
- the target YARN containerContainerExecutionException
- if host pid namespace is requested
but is not allowedprotected static void validateHostname(String hostname) throws ContainerExecutionException
ContainerExecutionException
protected boolean allowPrivilegedContainerExecution(Container container) throws ContainerExecutionException
container
- the target YARN containerContainerExecutionException
- if privileged container execution
is requested but is not allowedprotected boolean isContainerRequestedAsPrivileged(Container container)
container
- protected void initiateCsiClients(org.apache.hadoop.conf.Configuration config) throws ContainerExecutionException
config
- configurationContainerExecutionException
Copyright © 2008–2023 Apache Software Foundation. All rights reserved.