[jira] [Commented] (YARN-8777) Container Executor C binary change to execute interactive docker command

Wed, 19 Sep 2018 09:30:10 -0700 


    [ 
https://issues.apache.org/jira/browse/YARN-8777?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16620815#comment-16620815
 ] 

Eric Yang commented on YARN-8777:
---------------------------------

[~ebadger] {quote}Opening up a bash session allows the user to then execute 
whatever commands they want to anyway. Am I missing something here?{quote}

The difference is causing harm to container executor's memory prior to docker 
exec -it bash is launched.  The argv is constructed and checked in 
container-executor and forward to docker exec.  If it is fixed number of 
arguments, container-executor logic has little chance of getting it wrong.  If 
the number is dynamic, and passing args exceeding docker's parameter parser 
have unpredictable result, and other corner case such as:

{code}
cmd="mongo --eval 'rs.isMaster()"
docker exec d886e775dfad "$cmd"
{code}

Docker will look for binary named "mongo -eval 'rs.isMaster()'" instead of 
mongo, and the rest of parameters to monogo.  Shell expansion corner cases will 
not handle gracefully and cause people to scratch their heads.  It is entirely 
possible to use ProcessBuilder and launch container-executor to run docker 
exec, and send unix command to be executed.  The added bash gives less 
experienced developers ability to script their execution without thinking about 
parameter passing overflow and shell expansion.  The command are ran inside the 
container without leaking to problems to container-executor level.  Hope this 
explains the choice of parameter passing for this use case.

> Container Executor C binary change to execute interactive docker command
> ------------------------------------------------------------------------
>
>                 Key: YARN-8777
>                 URL: https://issues.apache.org/jira/browse/YARN-8777
>             Project: Hadoop YARN
>          Issue Type: Sub-task
>            Reporter: Zian Chen
>            Assignee: Eric Yang
>            Priority: Major
>              Labels: Docker
>         Attachments: YARN-8777.001.patch
>
>
> Since Container Executor provides Container execution using the native 
> container-executor binary, we also need to make changes to accept new 
> “dockerExec” method to invoke the corresponding native function to execute 
> docker exec command to the running container.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org

Reply via email to