Page MenuHomePhabricator
Create Task
Maniphest T288247

Investigate Hadoop 3 container support with reference to Airflow deployment pipelines
Closed, ResolvedPublic
Actions

Description

Update August 2025

I have written a design document relating to this: Docker Support for YARN.

Original description follows:

Hadoop 3 supports running Docker containers.

  • Can Airflow use it to launch jobs in Hadoop?

Related Objects
Search...

Event Timeline

Ottomata created this task.Aug 5 2021, 2:47 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptAug 5 2021, 2:47 PM
Ottomata added a parent task: T282033: Airflow collaborations.Aug 5 2021, 2:48 PM
odimitrijevic added a project: Data-Engineering.Aug 5 2021, 3:16 PM
odimitrijevic moved this task from Incoming (new tickets) to Ops Week on the Data-Engineering board.Aug 12 2021, 4:36 PM
BTullis subscribed.Aug 12 2021, 6:42 PM
odimitrijevic moved this task from Incoming to Operational Excellence on the Analytics board.Aug 20 2021, 8:29 PM
odimitrijevic added a comment.Sep 9 2021, 4:52 PM

Container support has been backported to the version that we are using - 2.10

JAllemandou subscribed.Sep 10 2021, 9:53 AM

From scanning quickly through the docs, it seems this would require Docker to be installed on nodemanagers.

Ottomata added a comment.Sep 23 2021, 8:38 PM

Also

Docker Container Executor runs in non-secure mode of HDFS and YARN. It will not run in secure mode, and will exit if it detects secure mode.

https://hadoop.apache.org/docs/r2.7.2/hadoop-yarn/hadoop-yarn-site/DockerContainerExecutor.html

Secure mode == kerberos.

So,

Can we do it?

I think not :/

Ottomata added a project: Analytics-Kanban.Sep 23 2021, 8:39 PM
Ottomata moved this task from Next Up to Done on the Analytics-Kanban board.
mforns added a comment.EditedSep 24 2021, 2:29 PM

OK, thanks for looking into this!

Ottomata closed this task as Resolved.Oct 21 2021, 5:18 PM
mforns reopened this task as Open.Oct 22 2021, 3:54 PM

Reopening this as we discovered: https://docs.docker.com/engine/security/rootless/

Ottomata closed this task as Resolved.Oct 25 2021, 1:20 PM

It won't work for our Hadoop YARN setup though, we'll still encounter the Kerberos barrier. Rootless docker MAY make it possible to run docker outside of Hadoop YARN though.

Ottomata reopened this task as Open.Dec 2 2021, 2:49 PM

Perhaps hadoop 3 can do this with kerberos?

https://docs.cloudera.com/HDPDocuments/HDP3/HDP-3.1.0/data-operating-system/content/configure_yarn_for_running_docker_containers.html

Kerberos configurations are recommended for production

I can't find any docs on how this would work. But it may be worth investigating given https://phabricator.wikimedia.org/T296543#7538145

Reopening for now to discuss more.

Ottomata moved this task from Operational Excellence to Incoming on the Analytics board.Dec 2 2021, 2:50 PM
Ottomata added a project: Data Pipelines.
odimitrijevic removed a project: Analytics.Jan 12 2022, 12:29 AM
EChetty moved this task from Backlog to Discussed (Radar) on the Data Pipelines board.Sep 6 2022, 10:11 AM
JArguello-WMF moved this task from Ops Week to Event Platform Backlog on the Data-Engineering board.Jun 29 2023, 11:04 PM
JArguello-WMF edited projects, added Data Engineering and Event Platform Team; removed Data Pipelines.Jun 30 2023, 5:43 PM
JArguello-WMF moved this task from Data Eng Backlog to Radar (External Teams) on the Data Engineering and Event Platform Team board.
BTullis edited projects, added Data-Platform-SRE; removed Analytics-Kanban.Jul 15 2023, 12:10 AM
Gehel moved this task from Incoming to Watching on the Data-Platform-SRE board.Oct 18 2023, 8:47 AM
lbowmaker removed a project: Data Engineering and Event Platform Team.Nov 10 2023, 2:22 PM
lbowmaker moved this task from Event Platform Backlog to Tag with Radar on the Data-Engineering board.
Aklapper removed Ottomata as the assignee of this task.Nov 21 2023, 8:20 AM

@Ottomata: Per emails from Sep18 and Oct20 and https://www.mediawiki.org/wiki/Bug_management/Assignee_cleanup , I am resetting the assignee of this task because there has not been progress lately (please correct me if I am wrong!). Resetting the assignee avoids the impression that somebody is already working on this task. It also allows others to potentially work towards fixing this task. Please claim this task again when you plan to work on it (via Add Action...Assign / Claim in the dropdown menu) - it would be welcome. Thanks for your understanding!

BTullis claimed this task.Nov 8 2024, 5:24 PM

I'm going to claim this task because I'm investigating container support as part of a Hadoop 3 upgrade plan.

BTullis added a parent task: T379385: Upgrade Hadoop to version 3.3.6 and Hive to version 4.0.1.Nov 8 2024, 5:24 PM
BTullis added a comment.Nov 8 2024, 5:54 PM

Since this ticket was originally created, the guidance around using the docker daemon in production has been clarified.

Specific advice has been given as to what features should be avoided if a use-case for docker is compelling enough to want to proceed. Specifically, these are: https://wikitech.wikimedia.org/wiki/Docker#However...

  • For networking, the general answer is always run with --net=host
  • Don't use docker volumes, but rather just bind mount from the host the directories you want.
  • Be extremely explicit in which image tag you use in your configuration management
  • Hook up docker to configuration management via the proper systemd unit files

Stripping down docker like this is...

...turning it essentially into an application execution engine for binaries that are bundled in OCI images.

...which is precisely what we need. We wouldn't want any of the messy networking or volume management.

I think that there is also a strong case to be made for using docker to run the Hadoop binaries themselves, rather than using Debian packages for this.
We struggle to keep our bigtop packages in line with the operating system versions that are supported, so this would be made considerably easier with containers.

In terms of launching user workloads on YARN through containers, there are plenty of ways in which we would want to lock down the configuration. e.g.

I'll write this up.

BTullis renamed this task from SPIKE - Will Hadoop 3 container support help us for Airflow deployment pipelines? to Investigate Hadoop 3 container support with reference to Airflow deployment pipelines.Nov 11 2024, 10:55 AM
BTullis triaged this task as Medium priority.Nov 13 2024, 12:49 PM
bking subscribed.Nov 19 2024, 4:21 PM
VirginiaPoundstone added a project: Data-Engineering-Radar.Jan 6 2025, 9:14 PM
BTullis added a comment.Aug 7 2025, 1:20 PM

I have written a design document for this: Docker Support for YARN.

It depends on the Hadoop 3.3.6 upgrade being completed first.

BTullis updated the task description. (Show Details)Aug 7 2025, 1:26 PM
BTullis closed this task as Resolved.Aug 7 2025, 2:52 PM
BTullis edited projects, added Data-Platform-SRE (2025.07.26 - 2025.08.15); removed Data-Platform-SRE.

I will resolve this ticket, based on the fact that the research is done.
A design document has been created and is no shared for review and comments.

BTullis moved this task from Backlog - project to Done on the Data-Platform-SRE (2025.07.26 - 2025.08.15) board.Aug 7 2025, 2:52 PM
BTullis moved this task from Done to Reported on the Data-Platform-SRE (2025.07.26 - 2025.08.15) board.Aug 20 2025, 10:32 AM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits