[jira] [Commented] (YARN-8523) Interactive docker shell

Fri, 03 Aug 2018 13:33:22 -0700 


    [ 
https://issues.apache.org/jira/browse/YARN-8523?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16568721#comment-16568721
 ] 

Eric Badger commented on YARN-8523:
-----------------------------------

bq. The down side is the security model may become harder to enforce because we 
dig another tunnel into root daemon. Giving that we have invested quite a bit 
in security check in container-executor, reuse our investment is probably 
better than carving the alternate path.
Agreed that it's good to keep the number of setuid binaries talking to the 
docker daemon to a minimum. The container-executor stays around until the 
completion of the container, so it could be used as an option. But how would 
that be done? Just have it constantly listening? That seems like a lot of pain 
and overhead for a use case that is probably rather rare.

bq. Same problem also exists if docker daemon is restarted, it could interrupt 
docker exec as well. This unavoidable circumstances may not be solvable. Hence, 
I am ok with this draw back, but keeping an open mind for possible solutions.
I suppose it's possible to reconnect if we're using live-restore, but I don't 
think that is something that needs to be done in the first phase of this 
proposal.

> Interactive docker shell
> ------------------------
>
>                 Key: YARN-8523
>                 URL: https://issues.apache.org/jira/browse/YARN-8523
>             Project: Hadoop YARN
>          Issue Type: Sub-task
>            Reporter: Eric Yang
>            Priority: Major
>              Labels: Docker
>
> Some application might require interactive unix commands executions to carry 
> out operations.  Container-executor can interface with docker exec to debug 
> or analyze docker containers while the application is running.  It would be 
> nice to support an API to invoke docker exec to perform unix commands and 
> report back the output to application master.  Application master can 
> distribute and aggregate execution of the commands to record in application 
> master log file.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org

Reply via email to