[
https://issues.apache.org/jira/browse/YARN-8097?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16446459#comment-16446459
]
Eric Yang commented on YARN-8097:
---------------------------------
[~Jim_Brennan] Yes, this is a response to Jason's suggestion of supporting
env-file, and I am doing this to ensure that his good suggestions are not going
ignored. I understand his implementation will not require expose of filename
to end user. However, without expose the filename to end user comes with
certain price to pay.
1. Docker must run as root user to gain access to node manager private
directory.
2. Prevent future evolution to make docker command audit-able.
These limitation will raise eyeballs on high security environments. This is
the reason that I am making sure that each points are clearly communicate to
ensure we are happy with the results of our decisions.
> Add support for Docker env-file switch
> --------------------------------------
>
> Key: YARN-8097
> URL: https://issues.apache.org/jira/browse/YARN-8097
> Project: Hadoop YARN
> Issue Type: Sub-task
> Components: yarn-native-services
> Affects Versions: 3.2.0
> Reporter: Eric Yang
> Priority: Major
> Attachments: YARN-8097.001.patch
>
>
> There are two different ways to pass user environment variables to docker.
> There is -e flag and --env-file which reference to a file that contains
> environment variables key/value pair. It would be nice to have a way to
> express env-file from HDFS, and localize the .env file in container localized
> directory and pass --env-file flag to docker run command. This approach
> would prevent ENV based password to show up in log file.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org
