[ https://issues.apache.org/jira/browse/YARN-8927?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16666118#comment-16666118 ]
Eric Yang commented on YARN-8927: --------------------------------- [~tangzhankun] There are two docker pull strategy, pull every time vs pull once and update latest. If latest image hash code has changed on docker hub, then it can affect local image to become the latest on docker hub. If I understand [~ebadger] correctly, he would like to change this behavior that it will use the local image and never get the latest from docker hub.until admin explicitly push out image to the nodes. This provides better control of images from system admin's perspective. This means node manager does a docker image list check for the image before launching "docker run" command to determine if there is a local image available. Base on the new behavior of "library" config, node manager will decide to continue or to stop container launch process. This is an arc outside of original design of docker and require more engineering effort and introducing some delays to container localization and launch. I understand the use case, but I am more in favor of setting up the trusted docker repository to track image evolution instead of implementing the arc to prevent implementing snowflakes. > Better handling of "docker.trusted.registries" in container-executor's > "trusted_image_check" function > ----------------------------------------------------------------------------------------------------- > > Key: YARN-8927 > URL: https://issues.apache.org/jira/browse/YARN-8927 > Project: Hadoop YARN > Issue Type: Improvement > Reporter: Zhankun Tang > Assignee: Zhankun Tang > Priority: Major > > There are some missing cases that we need to catch when handling > "docker.trusted.registries". > The container-executor.cfg configuration is as follows: > {code:java} > docker.trusted.registries=tangzhankun,ubuntu,centos{code} > It works if run DistrubutedShell with "tangzhankun/tensorflow" > {code:java} > "yarn ... -shell_env YARN_CONTAINER_RUNTIME_TYPE=docker -shell_env > YARN_CONTAINER_RUNTIME_DOCKER_IMAGE=tangzhankun/tensorflow > {code} > But run a DistrubutedShell job with "centos", "centos[:tagName]", "ubuntu" > and "ubuntu[:tagName]" fails: > The error message is like: > {code:java} > "image: centos is not trusted" > {code} > We need better handling the above cases. -- This message was sent by Atlassian JIRA (v7.6.3#76005) --------------------------------------------------------------------- To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org