[jira] [Commented] (YARN-9184) Docker run doesn't pull down latest image if the image exists locally

Wed, 06 Feb 2019 15:25:27 -0800 


    [ 
https://issues.apache.org/jira/browse/YARN-9184?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16762236#comment-16762236
 ] 

Eric Yang commented on YARN-9184:
---------------------------------

In today's docker meeting, [~ebadger], [~shaneku...@gmail.com], 
[~billie.rinaldi] and [~Jim_Brennan] were present in the meeting.  We have some 
ideas to ensure latest image is consistent within a job.  One of the ideas to 
keep :latest tag consistent for a job, is to use docker image command to figure 
out the image id and use image id to propagate to rest of the container 
requests.  There are some challenges to overcome.

 # The latest tag does not exist on the node where first container starts. The 
first container will need to download the latest image, and find image ID.  
This can introduce lag time for other containers to start.
 # If image id is used to start other container, container-executor may have 
problems to check if the image is coming from a trusted source.  Both image 
name and ID must be supply through .cmd file to container-executor.  However, 
hacker can supply incorrect image id and defeat container-executor security 
checks.

If we can over come those challenges, it will be possible to allow this option 
to be job specific.  Job specific image consistency can be a separate JIRA from 
the current work.

I think Mockito update in HADOOP-14178 may have broken this patch.  The patch 
doesn't compile anymore.  [~uranus] could you take a look?  Thanks

> Docker run doesn't pull down latest image if the image exists locally 
> ----------------------------------------------------------------------
>
>                 Key: YARN-9184
>                 URL: https://issues.apache.org/jira/browse/YARN-9184
>             Project: Hadoop YARN
>          Issue Type: Sub-task
>          Components: nodemanager
>    Affects Versions: 3.1.0, 3.0.3
>            Reporter: Zhaohui Xin
>            Assignee: Zhaohui Xin
>            Priority: Major
>         Attachments: YARN-9184.001.patch, YARN-9184.002.patch, 
> YARN-9184.003.patch, YARN-9184.004.patch
>
>
> See [docker run doesn't pull down latest image if the image exists 
> locally|https://github.com/moby/moby/issues/13331].
> So, I think we should pull image before run to make image always latest.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org

Reply via email to