[jira] [Commented] (YARN-7654) Support ENTRY_POINT for docker container

Mon, 02 Apr 2018 06:57:24 -0700 

    [ 
https://issues.apache.org/jira/browse/YARN-7654?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16422531#comment-16422531
 ] 

Jason Lowe commented on YARN-7654:
----------------------------------

It does not make sense to me to support both options.  It significantly 
complicates the design and relies on docker's arbitrary ordering between the 
two options.

bq.  We need to converge on possible solutions with least amount of loopholes.

I completely agree with that, but to me going with a _single way_ to set the 
environment variables is the clear choice to accomplish that.  It's harder to 
close loopholes when there's more than one way to do the same thing, and 
passing untrusted input on a root command-line is clearly riskier than passing 
the same input in a file whose contents cannot be misconstrued as something 
other than environment variable settings.

Using the env-file option would greatly simplify this design, decouple it from 
the execv changes, and make it easier to secure, both from a malicious input 
standpoint and from a secrets-in-the-env standpoint.  I do not understand why 
we would continue to pursue the command-line approach to setting environment 
variables in light of those benefits.


> Support ENTRY_POINT for docker container
> ----------------------------------------
>
>                 Key: YARN-7654
>                 URL: https://issues.apache.org/jira/browse/YARN-7654
>             Project: Hadoop YARN
>          Issue Type: Sub-task
>          Components: yarn
>    Affects Versions: 3.1.0
>            Reporter: Eric Yang
>            Assignee: Eric Yang
>            Priority: Blocker
>         Attachments: YARN-7654.001.patch, YARN-7654.002.patch, 
> YARN-7654.003.patch, YARN-7654.004.patch, YARN-7654.005.patch, 
> YARN-7654.006.patch, YARN-7654.007.patch
>
>
> Docker image may have ENTRY_POINT predefined, but this is not supported in 
> the current implementation.  It would be nice if we can detect existence of 
> {{launch_command}} and base on this variable launch docker container in 
> different ways:
> h3. Launch command exists
> {code}
> docker run [image]:[version]
> docker exec [container_id] [launch_command]
> {code}
> h3. Use ENTRY_POINT
> {code}
> docker run [image]:[version]
> {code}



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org

Reply via email to