You are viewing a plain text version of this content. The canonical link for it is here.

Posted to yarn-issues@hadoop.apache.org by "Sidharta Seethana (JIRA)" <ji...@apache.org> on 2015/06/25 23:32:05 UTC

[jira] [Commented] (YARN-3611) Support Docker Containers In LinuxContainerExecutor

    [ https://issues.apache.org/jira/browse/YARN-3611?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14601981#comment-14601981 ] 

Sidharta Seethana commented on YARN-3611:
-----------------------------------------

[~ashahab] and I have been working together on this for the past few weeks. (We demoed this recently as well). I am going to file sub tasks so that we can make progress. 

thanks,
-Sidharta

> Support Docker Containers In LinuxContainerExecutor
> ---------------------------------------------------
>
>                 Key: YARN-3611
>                 URL: https://issues.apache.org/jira/browse/YARN-3611
>             Project: Hadoop YARN
>          Issue Type: Bug
>          Components: yarn
>            Reporter: Sidharta Seethana
>            Assignee: Sidharta Seethana
>
> Support Docker Containers In LinuxContainerExecutor
> LinuxContainerExecutor provides useful functionality today with respect to localization, cgroups based resource management and isolation for CPU, network, disk etc. as well as security with a well-defined mechanism to execute privileged operations using the container-executor utility.  Bringing docker support to LinuxContainerExecutor lets us use all of this functionality when running docker containers under YARN, while not requiring users and admins to configure and use a different ContainerExecutor. 
> There are several aspects here that need to be worked through :
> * Mechanism(s) to let clients request docker-specific functionality - we could initially implement this via environment variables without impacting the client API.
> * Security - both docker daemon as well as application
> * Docker image localization
> * Running a docker container via container-executor as a specified user
> * “Isolate” the docker container in terms of CPU/network/disk/etc
> * Communicating with and/or signaling the running container (ensure correct pid handling)
> * Figure out workarounds for certain performance-sensitive scenarios like HDFS short-circuit reads 
> * All of these need to be achieved without changing the current behavior of LinuxContainerExecutor



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)