[
https://issues.apache.org/jira/browse/YARN-8927?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16666118#comment-16666118
]
Eric Yang commented on YARN-8927:
---------------------------------
[~tangzhankun] There are two docker pull strategy, pull every time vs pull once
and update latest. If latest image hash code has changed on docker hub, then
it can affect local image to become the latest on docker hub. If I understand
[~ebadger] correctly, he would like to change this behavior that it will use
the local image and never get the latest from docker hub.until admin explicitly
push out image to the nodes. This provides better control of images from
system admin's perspective. This means node manager does a docker image list
check for the image before launching "docker run" command to determine if there
is a local image available. Base on the new behavior of "library" config, node
manager will decide to continue or to stop container launch process. This is
an arc outside of original design of docker and require more engineering effort
and introducing some delays to container localization and launch. I understand
the use case, but I am more in favor of setting up the trusted docker
repository to track image evolution instead of implementing the arc to prevent
implementing snowflakes.
> Better handling of "docker.trusted.registries" in container-executor's
> "trusted_image_check" function
> -----------------------------------------------------------------------------------------------------
>
> Key: YARN-8927
> URL: https://issues.apache.org/jira/browse/YARN-8927
> Project: Hadoop YARN
> Issue Type: Improvement
> Reporter: Zhankun Tang
> Assignee: Zhankun Tang
> Priority: Major
>
> There are some missing cases that we need to catch when handling
> "docker.trusted.registries".
> The container-executor.cfg configuration is as follows:
> {code:java}
> docker.trusted.registries=tangzhankun,ubuntu,centos{code}
> It works if run DistrubutedShell with "tangzhankun/tensorflow"
> {code:java}
> "yarn ... -shell_env YARN_CONTAINER_RUNTIME_TYPE=docker -shell_env
> YARN_CONTAINER_RUNTIME_DOCKER_IMAGE=tangzhankun/tensorflow
> {code}
> But run a DistrubutedShell job with "centos", "centos[:tagName]", "ubuntu"
> and "ubuntu[:tagName]" fails:
> The error message is like:
> {code:java}
> "image: centos is not trusted"
> {code}
> We need better handling the above cases.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org
