LinuxContainerRuntime, ContainerRuntimeDockerLinuxContainerRuntime, RuncContainerRuntime@Private @Unstable public abstract class OCIContainerRuntime extends java.lang.Object implements LinuxContainerRuntime
This class is a ContainerRuntime implementation that uses the
native container-executor binary via a
PrivilegedOperationExecutor instance to launch processes inside
OCI-compliant containers.
| Modifier and Type | Field | Description |
|---|---|---|
static java.lang.String |
CONTAINER_PID_NAMESPACE_SUFFIX |
|
static java.lang.String |
RUN_PRIVILEGED_CONTAINER_SUFFIX |
|
static java.lang.String |
RUNTIME_PREFIX |
| Constructor | Description |
|---|---|
OCIContainerRuntime(PrivilegedOperationExecutor privilegedOperationExecutor) |
|
OCIContainerRuntime(PrivilegedOperationExecutor privilegedOperationExecutor,
CGroupsHandler cGroupsHandler) |
| Modifier and Type | Method | Description |
|---|---|---|
protected boolean |
allowHostPidNamespace(Container container) |
Return whether the YARN container is allowed to run using the host's PID
namespace for the OCI-compliant container.
|
protected boolean |
allowPrivilegedContainerExecution(Container container) |
Return whether the YARN container is allowed to run in a privileged
OCI-compliant container.
|
static java.lang.String |
formatOciEnvKey(java.lang.String runtimeTypeUpper,
java.lang.String envKeySuffix) |
|
java.util.Map<java.lang.String,org.apache.hadoop.yarn.api.CsiAdaptorProtocol> |
getCsiClients() |
|
protected java.lang.String[] |
getGroupIdInfo(java.lang.String userName) |
|
protected java.lang.String |
getUserIdInfo(java.lang.String userName) |
|
void |
initialize(org.apache.hadoop.conf.Configuration conf,
Context nmContext) |
Initialize the runtime.
|
protected void |
initiateCsiClients(org.apache.hadoop.conf.Configuration config) |
Initiate CSI clients to talk to the CSI adaptors on this node and
cache the clients for easier fetch.
|
protected boolean |
isContainerRequestedAsPrivileged(Container container) |
This function only returns whether a privileged container was requested,
not whether the container was or will be launched as privileged.
|
static boolean |
isOCICompliantContainerRequested(org.apache.hadoop.conf.Configuration daemonConf,
java.util.Map<java.lang.String,java.lang.String> env) |
|
protected java.lang.String |
mountReadOnlyPath(java.lang.String mount,
java.util.Map<org.apache.hadoop.fs.Path,java.util.List<java.lang.String>> localizedResources) |
|
void |
prepareContainer(ContainerRuntimeContext ctx) |
Prepare a container to be ready for launch.
|
protected void |
validateContainerNetworkType(java.lang.String network) |
|
protected void |
validateContainerRuntimeType(java.lang.String runtime) |
|
protected static void |
validateHostname(java.lang.String hostname) |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, waitexecContainer, getExposedPorts, getIpAndHost, launchContainer, reapContainer, relaunchContainer, signalContainergetLocalResources, isRuntimeRequested, start, stop@Private public static final java.lang.String RUNTIME_PREFIX
@Private public static final java.lang.String CONTAINER_PID_NAMESPACE_SUFFIX
@Private public static final java.lang.String RUN_PRIVILEGED_CONTAINER_SUFFIX
public OCIContainerRuntime(PrivilegedOperationExecutor privilegedOperationExecutor)
public OCIContainerRuntime(PrivilegedOperationExecutor privilegedOperationExecutor, CGroupsHandler cGroupsHandler)
public void initialize(org.apache.hadoop.conf.Configuration conf,
Context nmContext)
throws ContainerExecutionException
LinuxContainerRuntimeinitialize in interface LinuxContainerRuntimeconf - the Configuration to usenmContext - NMContextContainerExecutionException - if an error occurs while initializing
the runtimepublic static boolean isOCICompliantContainerRequested(org.apache.hadoop.conf.Configuration daemonConf,
java.util.Map<java.lang.String,java.lang.String> env)
@VisibleForTesting
protected java.lang.String mountReadOnlyPath(java.lang.String mount,
java.util.Map<org.apache.hadoop.fs.Path,java.util.List<java.lang.String>> localizedResources)
throws ContainerExecutionException
ContainerExecutionExceptionpublic void prepareContainer(ContainerRuntimeContext ctx) throws ContainerExecutionException
ContainerRuntimeprepareContainer in interface ContainerRuntimectx - the ContainerRuntimeContextContainerExecutionException - if an error occurs while preparing
the containerprotected java.lang.String getUserIdInfo(java.lang.String userName)
throws ContainerExecutionException
ContainerExecutionExceptionprotected java.lang.String[] getGroupIdInfo(java.lang.String userName)
throws ContainerExecutionException
ContainerExecutionExceptionprotected void validateContainerNetworkType(java.lang.String network)
throws ContainerExecutionException
ContainerExecutionExceptionprotected void validateContainerRuntimeType(java.lang.String runtime)
throws ContainerExecutionException
ContainerExecutionExceptionprotected boolean allowHostPidNamespace(Container container) throws ContainerExecutionException
container - the target YARN containerContainerExecutionException - if host pid namespace is requested
but is not allowedprotected static void validateHostname(java.lang.String hostname)
throws ContainerExecutionException
ContainerExecutionExceptionprotected boolean allowPrivilegedContainerExecution(Container container) throws ContainerExecutionException
container - the target YARN containerContainerExecutionException - if privileged container execution
is requested but is not allowedprotected boolean isContainerRequestedAsPrivileged(Container container)
container - public java.util.Map<java.lang.String,org.apache.hadoop.yarn.api.CsiAdaptorProtocol> getCsiClients()
protected void initiateCsiClients(org.apache.hadoop.conf.Configuration config)
throws ContainerExecutionException
config - configurationContainerExecutionExceptionpublic static java.lang.String formatOciEnvKey(java.lang.String runtimeTypeUpper,
java.lang.String envKeySuffix)
Copyright © 2008–2025 Apache Software Foundation. All rights reserved.