[
https://issues.apache.org/jira/browse/YARN-8927?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16665934#comment-16665934
]
Zhankun Tang commented on YARN-8927:
------------------------------------
[~ebadger] , Thanks for the explanation.
{quote}One minor detail that we don't agree on is whether we should precheck if
image exist locally to prevent docker pull of image to give local image
precedence over public image on Docker hub.
{quote}
If I remember correctly, Docker won't pull image if there's a local one. It
only tries to pull if there's NO local image found with required name. So YARN
does a precheck here won't give precedence to local because local image already
has it.
For the docker pull behavior, it may have an explicit control option "--pull"
on whether "docker run" will pull if local image not exists.
[https://github.com/moby/moby/issues/34394]
But whether control pull operation is probably not related to this JIRA. And we
have YARN-3854 to do the pull operation for us. But YARN-3854 still will depend
on "what are the trusted repositories?".
I think the key difference here between us is whether we should provide a
switch to exclude trust from "library"'s original meaning in Docker behavior.
right?
To make sure we're in the same context, I guess what you prefer is to let
"library" allow local image and Docker hub but define a switch which can forbid
the default Docker hub pull behavior when it found no local image? :)
> Better handling of "docker.trusted.registries" in container-executor's
> "trusted_image_check" function
> -----------------------------------------------------------------------------------------------------
>
> Key: YARN-8927
> URL: https://issues.apache.org/jira/browse/YARN-8927
> Project: Hadoop YARN
> Issue Type: Improvement
> Reporter: Zhankun Tang
> Assignee: Zhankun Tang
> Priority: Major
>
> There are some missing cases that we need to catch when handling
> "docker.trusted.registries".
> The container-executor.cfg configuration is as follows:
> {code:java}
> docker.trusted.registries=tangzhankun,ubuntu,centos{code}
> It works if run DistrubutedShell with "tangzhankun/tensorflow"
> {code:java}
> "yarn ... -shell_env YARN_CONTAINER_RUNTIME_TYPE=docker -shell_env
> YARN_CONTAINER_RUNTIME_DOCKER_IMAGE=tangzhankun/tensorflow
> {code}
> But run a DistrubutedShell job with "centos", "centos[:tagName]", "ubuntu"
> and "ubuntu[:tagName]" fails:
> The error message is like:
> {code:java}
> "image: centos is not trusted"
> {code}
> We need better handling the above cases.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org
