[jira] [Commented] (YARN-4262) Allow admins to run privileged docker containers.
[ https://issues.apache.org/jira/browse/YARN-4262?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14957075#comment-14957075 ] Hadoop QA commented on YARN-4262: - \\ \\ | (x) *{color:red}-1 overall{color}* | \\ \\ || Vote || Subsystem || Runtime || Comment || | {color:red}-1{color} | pre-patch | 19m 55s | Pre-patch trunk has 1 extant Findbugs (version 3.0.0) warnings. | | {color:green}+1{color} | @author | 0m 0s | The patch does not contain any @author tags. | | {color:green}+1{color} | tests included | 0m 0s | The patch appears to include 1 new or modified test files. | | {color:green}+1{color} | javac | 7m 57s | There were no new javac warning messages. | | {color:green}+1{color} | javadoc | 10m 30s | There were no new javadoc warning messages. | | {color:green}+1{color} | release audit | 0m 25s | The applied patch does not increase the total number of release audit warnings. | | {color:red}-1{color} | checkstyle | 1m 51s | The applied patch generated 1 new checkstyle issues (total was 211, now 211). | | {color:green}+1{color} | whitespace | 0m 4s | The patch has no lines that end in whitespace. | | {color:green}+1{color} | install | 1m 33s | mvn install still works. | | {color:green}+1{color} | eclipse:eclipse | 0m 34s | The patch built with eclipse:eclipse. | | {color:green}+1{color} | findbugs | 4m 36s | The patch does not introduce any new Findbugs (version 3.0.0) warnings. | | {color:green}+1{color} | yarn tests | 0m 24s | Tests passed in hadoop-yarn-api. | | {color:green}+1{color} | yarn tests | 2m 4s | Tests passed in hadoop-yarn-common. | | {color:green}+1{color} | yarn tests | 8m 52s | Tests passed in hadoop-yarn-server-nodemanager. | | | | 59m 27s | | \\ \\ || Subsystem || Report/Notes || | Patch URL | http://issues.apache.org/jira/secure/attachment/12766551/YARN-4262.001.patch | | Optional Tests | javadoc javac unit findbugs checkstyle | | git revision | trunk / d6c8bad | | Pre-patch Findbugs warnings | https://builds.apache.org/job/PreCommit-YARN-Build/9442/artifact/patchprocess/trunkFindbugsWarningshadoop-yarn-server-nodemanager.html | | checkstyle | https://builds.apache.org/job/PreCommit-YARN-Build/9442/artifact/patchprocess/diffcheckstylehadoop-yarn-api.txt | | hadoop-yarn-api test log | https://builds.apache.org/job/PreCommit-YARN-Build/9442/artifact/patchprocess/testrun_hadoop-yarn-api.txt | | hadoop-yarn-common test log | https://builds.apache.org/job/PreCommit-YARN-Build/9442/artifact/patchprocess/testrun_hadoop-yarn-common.txt | | hadoop-yarn-server-nodemanager test log | https://builds.apache.org/job/PreCommit-YARN-Build/9442/artifact/patchprocess/testrun_hadoop-yarn-server-nodemanager.txt | | Test Results | https://builds.apache.org/job/PreCommit-YARN-Build/9442/testReport/ | | Java | 1.7.0_55 | | uname | Linux asf906.gq1.ygridcore.net 3.13.0-36-lowlatency #63-Ubuntu SMP PREEMPT Wed Sep 3 21:56:12 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux | | Console output | https://builds.apache.org/job/PreCommit-YARN-Build/9442/console | This message was automatically generated. > Allow admins to run privileged docker containers. > -- > > Key: YARN-4262 > URL: https://issues.apache.org/jira/browse/YARN-4262 > Project: Hadoop YARN > Issue Type: Sub-task > Components: yarn >Reporter: Sidharta Seethana >Assignee: Sidharta Seethana > Attachments: YARN-4262.001.patch > > > There are scenarios where privileged containers are necessary in order to run > certain kinds of applications (one example is trying to run postresql/oracle > inside containers). However, given the security implications, we should > ensure that : > 1) privileged containers are disabled by default, even for admins > 2) if enabled, only admins should be allowed to launch such containers and > 3) Not all containers launched by admin users need to be privileged > containers : admin users need to explicitly request that a privileged > container be launched. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (YARN-4262) Allow admins to run privileged docker containers.
[ https://issues.apache.org/jira/browse/YARN-4262?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14957119#comment-14957119 ] Sidharta Seethana commented on YARN-4262: - The checkstyle issue refers to the length of YarnConfiguration.java (there isn't much that can be done about that at this point). Pre-patch failure is unrelated to this patch. > Allow admins to run privileged docker containers. > -- > > Key: YARN-4262 > URL: https://issues.apache.org/jira/browse/YARN-4262 > Project: Hadoop YARN > Issue Type: Sub-task > Components: yarn >Reporter: Sidharta Seethana >Assignee: Sidharta Seethana > Attachments: YARN-4262.001.patch > > > There are scenarios where privileged containers are necessary in order to run > certain kinds of applications (one example is trying to run postresql/oracle > inside containers). However, given the security implications, we should > ensure that : > 1) privileged containers are disabled by default, even for admins > 2) if enabled, only admins should be allowed to launch such containers and > 3) Not all containers launched by admin users need to be privileged > containers : admin users need to explicitly request that a privileged > container be launched. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (YARN-4262) Allow admins to run privileged docker containers.
[ https://issues.apache.org/jira/browse/YARN-4262?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14957127#comment-14957127 ] Allen Wittenauer commented on YARN-4262: "admin" is the wrong thing to do here. It really should be a different list of users so that the two feature sets can have separation of privileges. > Allow admins to run privileged docker containers. > -- > > Key: YARN-4262 > URL: https://issues.apache.org/jira/browse/YARN-4262 > Project: Hadoop YARN > Issue Type: Sub-task > Components: yarn >Reporter: Sidharta Seethana >Assignee: Sidharta Seethana > Attachments: YARN-4262.001.patch > > > There are scenarios where privileged containers are necessary in order to run > certain kinds of applications (one example is trying to run postresql/oracle > inside containers). However, given the security implications, we should > ensure that : > 1) privileged containers are disabled by default, even for admins > 2) if enabled, only admins should be allowed to launch such containers and > 3) Not all containers launched by admin users need to be privileged > containers : admin users need to explicitly request that a privileged > container be launched. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (YARN-4262) Allow admins to run privileged docker containers.
[ https://issues.apache.org/jira/browse/YARN-4262?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14957535#comment-14957535 ] Sidharta Seethana commented on YARN-4262: - Hi [~aw], I did consider using a separate list. Running a privileged container in some ways provides the equivalent of superuser access to the underlying node. So, the question here would be : should we expose such functionality to anybody who is not in the 'admin' role for the cluster? Thoughts? thanks, -Sidharta > Allow admins to run privileged docker containers. > -- > > Key: YARN-4262 > URL: https://issues.apache.org/jira/browse/YARN-4262 > Project: Hadoop YARN > Issue Type: Sub-task > Components: yarn >Reporter: Sidharta Seethana >Assignee: Sidharta Seethana > Attachments: YARN-4262.001.patch > > > There are scenarios where privileged containers are necessary in order to run > certain kinds of applications (one example is trying to run postresql/oracle > inside containers). However, given the security implications, we should > ensure that : > 1) privileged containers are disabled by default, even for admins > 2) if enabled, only admins should be allowed to launch such containers and > 3) Not all containers launched by admin users need to be privileged > containers : admin users need to explicitly request that a privileged > container be launched. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (YARN-4262) Allow admins to run privileged docker containers.
[ https://issues.apache.org/jira/browse/YARN-4262?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14957635#comment-14957635 ] Allen Wittenauer commented on YARN-4262: But admin also exposes functionality on the RM. bq. should we expose such functionality to anybody who is not in the 'admin' role for the cluster? No, which is why it should be a separate list. This isn't an "either/or". You need three lists: regular users, users who can run docker in priv mode, and admin level privs. This is particular relevant when you think about OSes that aren't Linux that support Docker container formats but do support roles... > Allow admins to run privileged docker containers. > -- > > Key: YARN-4262 > URL: https://issues.apache.org/jira/browse/YARN-4262 > Project: Hadoop YARN > Issue Type: Sub-task > Components: yarn >Reporter: Sidharta Seethana >Assignee: Sidharta Seethana > Attachments: YARN-4262.001.patch > > > There are scenarios where privileged containers are necessary in order to run > certain kinds of applications (one example is trying to run postresql/oracle > inside containers). However, given the security implications, we should > ensure that : > 1) privileged containers are disabled by default, even for admins > 2) if enabled, only admins should be allowed to launch such containers and > 3) Not all containers launched by admin users need to be privileged > containers : admin users need to explicitly request that a privileged > container be launched. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (YARN-4262) Allow admins to run privileged docker containers.
[ https://issues.apache.org/jira/browse/YARN-4262?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14958364#comment-14958364 ] Sidharta Seethana commented on YARN-4262: - bq, should we expose such functionality to anybody who is not in the 'admin' role for the cluster? What I meant here is : if users A, B, C are admins in a cluster, should *any* users apart from A, B, C be allowed to run privileged containers? In other words, should the list for docker privileged mode be entirely orthogonal/unrelated to the admin list or should it be a subset? If I understand you correctly, you are suggesting that the list should be completely unrelated to the admin role. I see the value in separation of privileges but I thought tying this to the admin role might lead to this feature being used more carefully - hence the path chosen in the first version of the patch. I'll upload a new patch using a different list as you suggested. I'll update the description accordingly. > Allow admins to run privileged docker containers. > -- > > Key: YARN-4262 > URL: https://issues.apache.org/jira/browse/YARN-4262 > Project: Hadoop YARN > Issue Type: Sub-task > Components: yarn >Reporter: Sidharta Seethana >Assignee: Sidharta Seethana > Attachments: YARN-4262.001.patch > > > There are scenarios where privileged containers are necessary in order to run > certain kinds of applications (one example is trying to run postresql/oracle > inside containers). However, given the security implications, we should > ensure that : > 1) privileged containers are disabled by default, even for admins > 2) if enabled, only admins should be allowed to launch such containers and > 3) Not all containers launched by admin users need to be privileged > containers : admin users need to explicitly request that a privileged > container be launched. -- This message was sent by Atlassian JIRA (v6.3.4#6332)