> On Jan. 8, 2016, 10:50 a.m., Stephan Erb wrote: > > docs/deploying-aurora-scheduler.md, line 187 > > <https://reviews.apache.org/r/42077/diff/1/?file=1188700#file1188700line187> > > > > Make it more explicit that those will only be used if a job has no > > custom paramters. > > George Sirois wrote: > Yep, can do, although perhaps we should make sure everyone is ok with > that behavior (as opposed to implementing a merge). > > Bill Farner wrote: > I think a merge would be nice for cross-cutting parameters. As for who > trumps whom, i would lean towards the operator (since security controls are > in play). Any thoughts on that approach? > > George Sirois wrote: > A merge makes sense to me, although it still doesn't necessarily mitigate > all security issues. IMO running with allow_docker_parameters=true is a bit > of a caveat emptor situation, so maybe not worth trying to overengineer > around that. > > Presumably the merge would be by *key*, where the value(s) from the > scheduler have precedence over job config? For example (assuming > allow_docker_parameters=true): > > ``` > Scheduler: default_docker_parameters="foo=bar,foo=baz" > Job Config: "foo=zap" > > Final "foo=bar,foo=baz", NOT "foo=bar,foo=baz,foo=zap" > ```
Stephan, any thoughts? I tend to agree with George's comment above - allowing job submitters to specify arbitrary docker parameters should only really be used in a cluster that is secured externally to Aurora. Perhaps the simplest approach is the best - don't try to mix parameters from these two sources. - Bill ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/42077/#review113507 ----------------------------------------------------------- On Jan. 8, 2016, 10:28 a.m., George Sirois wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/42077/ > ----------------------------------------------------------- > > (Updated Jan. 8, 2016, 10:28 a.m.) > > > Review request for Aurora, Joshua Cohen and Bill Farner. > > > Bugs: AURORA-1575 > https://issues.apache.org/jira/browse/AURORA-1575 > > > Repository: aurora > > > Description > ------- > > This flag allows cluster administrators to set arbitrary > Docker parameters which will apply to all jobs. > > Also cleans up some of the existing unit tests around task config. > > > Diffs > ----- > > README.md f3b23247cf3f7e550c1714b4fb8227a2baab3b41 > > commons/src/main/java/org/apache/aurora/common/args/parsers/MultimapParser.java > PRE-CREATION > docs/deploying-aurora-scheduler.md 8a1e68e5d54e9b8b66139bfc731563668584fa77 > src/main/java/org/apache/aurora/scheduler/app/AppModule.java > 4eee8e31a4ccd25ba4a5bcb60b67c79979c3b9b0 > src/main/java/org/apache/aurora/scheduler/base/TaskTestUtil.java > d7f3c60d383cf10afb0c0fcf4fe29972b183458c > > src/main/java/org/apache/aurora/scheduler/configuration/ConfigurationManager.java > 05e8b714043dea89039ce9a1fc4b32c65ab15fe4 > > src/test/java/org/apache/aurora/scheduler/configuration/ConfigurationManagerTest.java > f3b62cc957186bc9673060830572bc1cc073ac49 > > Diff: https://reviews.apache.org/r/42077/diff/ > > > Testing > ------- > > ./build-support/jenkins/build.sh > > > Thanks, > > George Sirois > >