[jira] [Commented] (YARN-5621) Support LinuxContainerExecutor to create symlinks for continuously localized resources

Fri, 09 Sep 2016 10:21:34 -0700 

    [ 
https://issues.apache.org/jira/browse/YARN-5621?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15477639#comment-15477639
 ] 

Chris Douglas commented on YARN-5621:
-------------------------------------

bq. Because the passed in symlink path is an absolute path

Yes, obviously. :) I'm asking why this is an absolute path, if (per the design 
doc) the symlink is still relative to the container's working dir.

bq. later on we need to create multiple symlinks in a single operation as done 
in current container_launch script, because if there is a large number of local 
Resources to be localized, we don't want to invoke the binary for each of them. 

Invoking the binary for each resource isn't so dire. Linking a group of 
resources only if they're all successfully localized could be useful for 
services/upgrades, though.

bq. I guess the question is why the original container_launch script is not 
done in this way?

I think Allen's point is that the TC/CE binaries have avoided abstraction and 
other conventional good taste to reduce the attack surface. If the CE can only 
run scripts that were written by the NM to a specific, restricted directory, it 
can only run them as the user in a destination following the NM schema, etc. 
that makes it harder to involve the CE in an attack. If the CE can invoke one 
stage without preconditions guaranteed by the previous stage, as 
{{--run-script}} may allow, that's substantively different from the existing 
behavior.

> Support LinuxContainerExecutor to create symlinks for continuously localized 
> resources
> --------------------------------------------------------------------------------------
>
>                 Key: YARN-5621
>                 URL: https://issues.apache.org/jira/browse/YARN-5621
>             Project: Hadoop YARN
>          Issue Type: Sub-task
>            Reporter: Jian He
>            Assignee: Jian He
>         Attachments: YARN-5621.1.patch, YARN-5621.2.patch, YARN-5621.3.patch
>
>
> When new resources are localized, new symlink needs to be created for the 
> localized resource. This is the change for the LinuxContainerExecutor to 
> create the symlinks.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org

Reply via email to