mirror of
https://github.com/ClickHouse/ClickHouse.git
synced 2024-11-22 15:42:02 +00:00
344d648cab
As it turns out, docker does not pass through the sysctls, so adjust this for know users of unprivileged ports (>32K): - HDFS - kafka Signed-off-by: Azat Khuzhin <a.khuzhin@semrush.com>
36 lines
1.2 KiB
YAML
36 lines
1.2 KiB
YAML
version: '2.3'
|
|
|
|
services:
|
|
kerberizedhdfs1:
|
|
cap_add:
|
|
- DAC_READ_SEARCH
|
|
image: clickhouse/kerberized-hadoop:${DOCKER_KERBERIZED_HADOOP_TAG:-latest}
|
|
hostname: kerberizedhdfs1
|
|
restart: always
|
|
volumes:
|
|
- ${KERBERIZED_HDFS_DIR}/../../hdfs_configs/bootstrap.sh:/etc/bootstrap.sh:ro
|
|
- ${KERBERIZED_HDFS_DIR}/secrets:/usr/local/hadoop/etc/hadoop/conf
|
|
- ${KERBERIZED_HDFS_DIR}/secrets/krb_long.conf:/etc/krb5.conf:ro
|
|
- type: ${KERBERIZED_HDFS_FS:-tmpfs}
|
|
source: ${KERBERIZED_HDFS_LOGS:-}
|
|
target: /var/log/hadoop-hdfs
|
|
expose:
|
|
- ${KERBERIZED_HDFS_NAME_PORT:-50070}
|
|
- ${KERBERIZED_HDFS_DATA_PORT:-1006}
|
|
depends_on:
|
|
- hdfskerberos
|
|
entrypoint: /etc/bootstrap.sh -d
|
|
sysctls:
|
|
net.ipv4.ip_local_port_range: '55000 65535'
|
|
|
|
hdfskerberos:
|
|
image: clickhouse/kerberos-kdc:${DOCKER_KERBEROS_KDC_TAG:-latest}
|
|
hostname: hdfskerberos
|
|
volumes:
|
|
- ${KERBERIZED_HDFS_DIR}/secrets:/tmp/keytab
|
|
- ${KERBERIZED_HDFS_DIR}/../../kerberos_image_config.sh:/config.sh
|
|
- /dev/urandom:/dev/random
|
|
expose: [88, 749]
|
|
sysctls:
|
|
net.ipv4.ip_local_port_range: '55000 65535'
|