[
https://issues.apache.org/jira/browse/YARN-8342?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16486530#comment-16486530
]
Eric Yang edited comment on YARN-8342 at 5/23/18 12:58 AM:
-----------------------------------------------------------
The current behavior is documented in
[YARN-7516|https://issues.apache.org/jira/browse/YARN-7516?focusedCommentId=16353125&page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#comment-16353125].
Non-trusted image is not allowed to supply launch command into container due
to
[reason|https://issues.apache.org/jira/browse/YARN-7516?focusedCommentId=16347441&page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#comment-16347441]
stated by Shane. We don't allow mounting of host disks to untrusted image to
prevent the image from putting unauthorized files that can not be erased in the
localizer directory. When using untrusted image with yarn mode, this will
generate a launch_container.sh that runs a empty bash command and exit
immediately according to Shane. The end result is some what unexpected even
though it minimized the security risks.
The solution is to set YARN_CONTAINER_RUNTIME_DOCKER_RUN_OVERRIDE_DISABLE=true
in yarn-env.sh, and this will turn the cluster into docker mode as default.
There is no launch_container.sh required in docker mode, and we might be able
to lift drop launch command restriction.
was (Author: eyang):
The current behavior is documented in
[YARN-7516|https://issues.apache.org/jira/browse/YARN-7516?focusedCommentId=16353125&page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#comment-16353125].
Non-trusted image is not allowed to supply launch command into container due
to
[reason|https://issues.apache.org/jira/browse/YARN-7516?focusedCommentId=16353125&page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#comment-16353125]
stated by Shane. We don't allow mounting of host disks to untrusted image to
prevent the image from putting unauthorized files that can not be erased in the
localizer directory. When using untrusted image with yarn mode, this will
generate a launch_container.sh that runs a empty bash command and exit
immediately according to Shane. The end result is some what unexpected even
though it minimized the security risks.
The solution is to set YARN_CONTAINER_RUNTIME_DOCKER_RUN_OVERRIDE_DISABLE=true
in yarn-env.sh, and this will turn the cluster into docker mode as default.
There is no launch_container.sh required in docker mode, and we might be able
to lift drop launch command restriction.
> Using docker image from a non-privileged registry, the launch_command is not
> honored
> ------------------------------------------------------------------------------------
>
> Key: YARN-8342
> URL: https://issues.apache.org/jira/browse/YARN-8342
> Project: Hadoop YARN
> Issue Type: Sub-task
> Reporter: Wangda Tan
> Priority: Critical
> Labels: Docker
>
> During test of the Docker feature, I found that if a container comes from
> non-privileged docker registry, the specified launch command will be ignored.
> Container will success without any log, which is very confusing to end users.
> And this behavior is inconsistent to containers from privileged docker
> registries.
> cc: [~eyang], [~shaneku...@gmail.com], [~ebadger], [~jlowe]
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org
