[
https://issues.apache.org/jira/browse/YARN-9184?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16763883#comment-16763883
]
Eric Yang edited comment on YARN-9184 at 2/8/19 9:14 PM:
---------------------------------------------------------
[~ebadger] {quote}This isn't necessarily true. You can query the docker
registry to get the hash of any arbitrary image and tag.{quote}
Credential to access docker is stored in ~/.docker/config.json. We need to
aggregate docker configuration to find out protocol, server, port, username,
and secret to login to the remote docker registry. Do we want to let
container-executor venture outside of working directory to aggregation those
information? It seems risky.
[~billie.rinaldi] Pull digest does not guarantee the retrieved image has same
name as user specified image name because the latest tag on repository may have
moved to another target. I don't see a way for container-executor ACL to match
pulled digest images.
We should take job image consistency to a separate JIRA from this one.
YARN-9292 filed to track image consistency per application.
was (Author: eyang):
[~ebadger] {quote}This isn't necessarily true. You can query the docker
registry to get the hash of any arbitrary image and tag.{quote}
Credential to access docker is stored in ~/.docker/config.json. We need to
aggregate docker configuration to find out protocol, server, port, username,
and secret to login to the remote docker registry. Do we want to let
container-executor venture outside of working directory to aggregation those
information? It seems risky.
[~billie.rinaldi] Pull digest does not guarantee the retrieved image has same
name as user specified image name because the latest tag on repository may have
moved to another target. I don't see a way for container-executor ACL to match
pulled digest images.
We should take job image consistency to a separate JIRA from this one.
> Docker run doesn't pull down latest image if the image exists locally
> ----------------------------------------------------------------------
>
> Key: YARN-9184
> URL: https://issues.apache.org/jira/browse/YARN-9184
> Project: Hadoop YARN
> Issue Type: Sub-task
> Components: nodemanager
> Affects Versions: 3.1.0, 3.0.3
> Reporter: Zhaohui Xin
> Assignee: Zhaohui Xin
> Priority: Major
> Attachments: YARN-9184.001.patch, YARN-9184.002.patch,
> YARN-9184.003.patch, YARN-9184.004.patch
>
>
> SeeĀ [docker run doesn't pull down latest image if the image exists
> locally|https://github.com/moby/moby/issues/13331].
> So, I think we should pull image before run to make image always latest.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org
