You are viewing a plain text version of this content. The canonical link for it is here.
Posted to yarn-issues@hadoop.apache.org by "Jason Lowe (JIRA)" <ji...@apache.org> on 2018/05/08 13:14:00 UTC
[jira] [Commented] (YARN-8259) Revisit liveliness checks for
privileged Docker containers
[ https://issues.apache.org/jira/browse/YARN-8259?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16467394#comment-16467394 ]
Jason Lowe commented on YARN-8259:
----------------------------------
Linking YARN-8206 since it's somewhat related. Some ideas for checking container liveliness:
* Send the signal as the user except for privileged containers we send it as root instead of the user
* Check for the existence of the container's root process in /proc instead of sending a signal
* Use docker ps -fname=_containerID_
> Revisit liveliness checks for privileged Docker containers
> ----------------------------------------------------------
>
> Key: YARN-8259
> URL: https://issues.apache.org/jira/browse/YARN-8259
> Project: Hadoop YARN
> Issue Type: Sub-task
> Affects Versions: 3.0.2, 3.2.0, 3.1.1
> Reporter: Shane Kumpf
> Priority: Major
> Labels: Docker
>
> As privileged containers may execute as a user that does not match the YARN run as user, sending the null signal for liveliness checks could fail. We need to reconsider how liveliness checks are handled in the Docker case.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: yarn-issues-help@hadoop.apache.org