You are viewing a plain text version of this content. The canonical link for it is here.
Posted to yarn-issues@hadoop.apache.org by "Jim Brennan (JIRA)" <ji...@apache.org> on 2018/08/10 21:38:00 UTC
[jira] [Comment Edited] (YARN-8648) Container cgroups are leaked
when using docker
[ https://issues.apache.org/jira/browse/YARN-8648?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16576855#comment-16576855 ]
Jim Brennan edited comment on YARN-8648 at 8/10/18 9:37 PM:
------------------------------------------------------------
Another problem we have seen is that container-executor still has code that cherry-picks the PID of the launch shell from the docker container and writes that into the {{/sys/fs/cgroup/cpu/hadoop-yarn/container_id/tasks}} file, effectively moving it from {{/sys/fs/cgroup/cpu/hadoop-yarn/container_id/docker_container_id}} to {{/sys/fs/cgroup/cpu/hadoop-yarn/container_id}}. So you end up with one process out of the container in the {{container_id}} cgroup, and the rest in the {{container_id/docker_container_id}} cgroup.
Since we are passing the {{--cgroup-parent}} to docker, there is no need to manually write the pid - we can just remove the code that does this.
was (Author: jim_brennan):
Another problem we have seen is that container-executor still has code that cherry-picks the PID of the launch shell from the docker container and writes that into the {{/sys/fs/cgroup/cpu/hadoop-yarn/container_id/tasks}} file, effectively moving it from {{/sys/fs/cgroup/cpu/hadoop-yarn/container_id/docker_container_id}} to {{/sys/fs/cgroup/cpu/hadoop-yarn/container_id}}. So you end up with one process out of the container in the {{container_id}} cgroup, and the rest in the {{container_id/docker_container_id}} cgroup.
> Container cgroups are leaked when using docker
> ----------------------------------------------
>
> Key: YARN-8648
> URL: https://issues.apache.org/jira/browse/YARN-8648
> Project: Hadoop YARN
> Issue Type: Bug
> Reporter: Jim Brennan
> Assignee: Jim Brennan
> Priority: Major
> Labels: Docker
>
> When you run with docker and enable cgroups for cpu, docker creates cgroups for all resources on the system, not just for cpu. For instance, if the {{yarn.nodemanager.linux-container-executor.cgroups.hierarchy=/hadoop-yarn}}, the nodemanager will create a cgroup for each container under {{/sys/fs/cgroup/cpu/hadoop-yarn}}. In the docker case, we pass this path via the {{--cgroup-parent}} command line argument. Docker then creates a cgroup for the docker container under that, for instance: {{/sys/fs/cgroup/cpu/hadoop-yarn/container_id/docker_container_id}}.
> When the container exits, docker cleans up the {{docker_container_id}} cgroup, and the nodemanager cleans up the {{container_id}} cgroup, All is good under {{/sys/fs/cgroup/hadoop-yarn}}.
> The problem is that docker also creates that same hierarchy under every resource under {{/sys/fs/cgroup}}. On the rhel7 system I am using, these are: blkio, cpuset, devices, freezer, hugetlb, memory, net_cls, net_prio, perf_event, and systemd. So for instance, docker creates {{/sys/fs/cgroup/cpuset/hadoop-yarn/container_id/docker_container_id}}, but it only cleans up the leaf cgroup {{docker_container_id}}. Nobody cleans up the {{container_id}} cgroups for these other resources. On one of our busy clusters, we found > 100,000 of these leaked cgroups.
> I found this in our 2.8-based version of hadoop, but I have been able to repro with current hadoop.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: yarn-issues-help@hadoop.apache.org