@InterfaceAudience.Private @InterfaceStability.Unstable public abstract class OCIContainerRuntime extends Object implements LinuxContainerRuntime
This class is a ContainerRuntime implementation that uses the
native container-executor binary via a
PrivilegedOperationExecutor instance to launch processes inside
OCI-compliant containers.
| Modifier and Type | Field and Description |
|---|---|
static String |
CONTAINER_PID_NAMESPACE_SUFFIX |
static String |
RUN_PRIVILEGED_CONTAINER_SUFFIX |
static String |
RUNTIME_PREFIX |
| Constructor and Description |
|---|
OCIContainerRuntime(PrivilegedOperationExecutor privilegedOperationExecutor) |
OCIContainerRuntime(PrivilegedOperationExecutor privilegedOperationExecutor,
CGroupsHandler cGroupsHandler) |
| Modifier and Type | Method and Description |
|---|---|
protected boolean |
allowHostPidNamespace(Container container)
Return whether the YARN container is allowed to run using the host's PID
namespace for the OCI-compliant container.
|
protected boolean |
allowPrivilegedContainerExecution(Container container)
Return whether the YARN container is allowed to run in a privileged
OCI-compliant container.
|
static String |
formatOciEnvKey(String runtimeTypeUpper,
String envKeySuffix) |
Map<String,org.apache.hadoop.yarn.api.CsiAdaptorProtocol> |
getCsiClients() |
protected String[] |
getGroupIdInfo(String userName) |
protected String |
getUserIdInfo(String userName) |
void |
initialize(org.apache.hadoop.conf.Configuration conf,
Context nmContext)
Initialize the runtime.
|
protected void |
initiateCsiClients(org.apache.hadoop.conf.Configuration config)
Initiate CSI clients to talk to the CSI adaptors on this node and
cache the clients for easier fetch.
|
protected boolean |
isContainerRequestedAsPrivileged(Container container)
This function only returns whether a privileged container was requested,
not whether the container was or will be launched as privileged.
|
static boolean |
isOCICompliantContainerRequested(org.apache.hadoop.conf.Configuration daemonConf,
Map<String,String> env) |
protected String |
mountReadOnlyPath(String mount,
Map<org.apache.hadoop.fs.Path,List<String>> localizedResources) |
void |
prepareContainer(ContainerRuntimeContext ctx)
Prepare a container to be ready for launch.
|
protected void |
validateContainerNetworkType(String network) |
protected void |
validateContainerRuntimeType(String runtime) |
protected static void |
validateHostname(String hostname) |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, waitgetLocalResources, isRuntimeRequested, start, stopexecContainer, getExposedPorts, getIpAndHost, launchContainer, reapContainer, relaunchContainer, signalContainer@InterfaceAudience.Private public static final String RUNTIME_PREFIX
@InterfaceAudience.Private public static final String CONTAINER_PID_NAMESPACE_SUFFIX
@InterfaceAudience.Private public static final String RUN_PRIVILEGED_CONTAINER_SUFFIX
public OCIContainerRuntime(PrivilegedOperationExecutor privilegedOperationExecutor)
public OCIContainerRuntime(PrivilegedOperationExecutor privilegedOperationExecutor, CGroupsHandler cGroupsHandler)
public void initialize(org.apache.hadoop.conf.Configuration conf,
Context nmContext)
throws ContainerExecutionException
LinuxContainerRuntimeinitialize in interface LinuxContainerRuntimeconf - the Configuration to usenmContext - NMContextContainerExecutionException - if an error occurs while initializing
the runtimepublic static boolean isOCICompliantContainerRequested(org.apache.hadoop.conf.Configuration daemonConf,
Map<String,String> env)
protected String mountReadOnlyPath(String mount, Map<org.apache.hadoop.fs.Path,List<String>> localizedResources) throws ContainerExecutionException
ContainerExecutionExceptionpublic void prepareContainer(ContainerRuntimeContext ctx) throws ContainerExecutionException
ContainerRuntimeprepareContainer in interface ContainerRuntimectx - the ContainerRuntimeContextContainerExecutionException - if an error occurs while preparing
the containerprotected String getUserIdInfo(String userName) throws ContainerExecutionException
ContainerExecutionExceptionprotected String[] getGroupIdInfo(String userName) throws ContainerExecutionException
ContainerExecutionExceptionprotected void validateContainerNetworkType(String network) throws ContainerExecutionException
ContainerExecutionExceptionprotected void validateContainerRuntimeType(String runtime) throws ContainerExecutionException
ContainerExecutionExceptionprotected boolean allowHostPidNamespace(Container container) throws ContainerExecutionException
container - the target YARN containerContainerExecutionException - if host pid namespace is requested
but is not allowedprotected static void validateHostname(String hostname) throws ContainerExecutionException
ContainerExecutionExceptionprotected boolean allowPrivilegedContainerExecution(Container container) throws ContainerExecutionException
container - the target YARN containerContainerExecutionException - if privileged container execution
is requested but is not allowedprotected boolean isContainerRequestedAsPrivileged(Container container)
container - protected void initiateCsiClients(org.apache.hadoop.conf.Configuration config)
throws ContainerExecutionException
config - configurationContainerExecutionExceptionCopyright © 2008–2023 Apache Software Foundation. All rights reserved.