[
https://issues.apache.org/jira/browse/YARN-8259?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16484271#comment-16484271
]
Eric Yang commented on YARN-8259:
---------------------------------
[[email protected]] The proposal for implementing both is okay, but we can
make better software with sensible optimization and pick a solution that can
work for all scenarios without adding extra administration tasks. There is no
objection with current approach. We are aware that hidepid corner case can
generate additional system administration tasks to white list node manager to
access all pid. We also know it cost more resource to fork exec with docker
inspect approach. Human labor to configure OS with knowledge of Hadoop details
is usually more expensive than adding processor or ram. It would be great if
the solution can work without additional configuration flag, nor adding extra
hardware resource. This means doing pid check as privileged user via
container-executor may be preferred solution by system administrators without
adding overhead to system administration chores. Can proc pid check work in
docker in docker environment?
> Revisit liveliness checks for Docker containers
> -----------------------------------------------
>
> Key: YARN-8259
> URL: https://issues.apache.org/jira/browse/YARN-8259
> Project: Hadoop YARN
> Issue Type: Sub-task
> Affects Versions: 3.0.2, 3.2.0, 3.1.1
> Reporter: Shane Kumpf
> Assignee: Shane Kumpf
> Priority: Blocker
> Labels: Docker
> Attachments: YARN-8259.001.patch
>
>
> As privileged containers may execute as a user that does not match the YARN
> run as user, sending the null signal for liveliness checks could fail. We
> need to reconsider how liveliness checks are handled in the Docker case.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
