[
https://issues.apache.org/jira/browse/YARN-7996?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16424713#comment-16424713
]
Shane Kumpf commented on YARN-7996:
-----------------------------------
I rebased the patch and did some additional testing in both secure and
non-secure clusters. The Docker client credentials are correctly passed to the
container in both modes, allowing the image to be pulled from the private
Docker registry.
This patch also fixes a bug that causes the AM RM Token to be added to the
container CLC, which the comments make clear wasn't intended.
For anyone that would like to test this patch, below are the steps.
# Perform a {{docker login}} to the registry that requires authentication.
# Copy {{$HOME/.docker/config.json}} to a location in HDFS.
# Delete the local config.json with {{rm $HOME/.docker/config.json}}, ensuring
it doesn't get used.
# Submit an application using the yarnfile below.
## Replace the docker_client_config path using the HDFS path from Step 2.
## Update the artifact:id with an image appropriate for your registry.
## The submitting user will need read access to the docker_client_config path
in HDFS.
{code:java}
{
"name": "test-centos",
"version": "0.1",
"lifetime": "3600",
"docker_client_config": "hdfs:///user/hadoopuser/config.json",
"components" :
[
{
"name": "centosqe",
"number_of_containers": 1,
"artifact": {
"id": "private.registry.test.site/centos",
"type": "DOCKER"
},
"launch_command": "sleep 6000",
"resource": {
"cpus": 2,
"memory": "1024"
}
}
]
}
{code}
The image will be pulled from the private registry during the {{docker run}}
phase of the launch. Validate the image exists after launch using {{docker
images}}.
> Allow user supplied Docker client configurations with YARN native services
> --------------------------------------------------------------------------
>
> Key: YARN-7996
> URL: https://issues.apache.org/jira/browse/YARN-7996
> Project: Hadoop YARN
> Issue Type: Sub-task
> Reporter: Shane Kumpf
> Assignee: Shane Kumpf
> Priority: Major
> Attachments: YARN-7996.001.patch, YARN-7996.002.patch,
> YARN-7996.003.patch
>
>
> YARN-5428 added support to distributed shell for supplying a Docker client
> configuration at application submission time. The auth tokens within the
> client configuration are then used to pull images from private Docker
> repositories/registries. Add the same support to the YARN Native Services
> framework.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org
