[
https://issues.apache.org/jira/browse/YARN-8623?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16573529#comment-16573529
]
Eric Yang commented on YARN-8623:
---------------------------------
[~ccondit-target] The observation is a compounded issues of incomplete setup.
YARN added its own security check to make sure that only a real sudoer can run
privileged container. In order to run privileged container,
container-executor.cfg must contain setting to allow image from Apache
repository can run as privileged container:
{code}
docker.trusted.registries=apache
{code}
The launching user must also be a real sudoer in the host level to allow the
privileged container from launching. To enable ENTRYPOINT, user must pass in
environment variable: YARN_CONTAINER_RUNTIME_DOCKER_RUN_OVERRIDE_DISABLE=true
for apache/hadoop-runner to run as intended. This is probably too much trouble
for first time trying the software. This can be simplified to use
centos:latest image for illustration purpose.
> Update Docker examples to use image which exists
> ------------------------------------------------
>
> Key: YARN-8623
> URL: https://issues.apache.org/jira/browse/YARN-8623
> Project: Hadoop YARN
> Issue Type: Sub-task
> Reporter: Craig Condit
> Priority: Minor
> Labels: Docker
>
> The example Docker image given in the documentation
> (images/hadoop-docker:latest) does not exist. We could change
> images/hadoop-docker:latest to apache/hadoop-runner:latest, which does exist.
> We'd need to do a quick sanity test to see if the image works with YARN.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
