[
https://issues.apache.org/jira/browse/YARN-5428?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15405645#comment-15405645
]
Zhankun Tang commented on YARN-5428:
------------------------------------
The admin provided creds in config.json is to avoid interactive docker pull I
think.
Indeed, an admin can store several auths for individual repositories. In this
case, the application should provide both repo and image name for YARN.
For the security of global creds, because the config.json can only be owned by
root and set permission to 700, I guess no one else can steal it.
> Allow for specifying the docker client configuration directory
> --------------------------------------------------------------
>
> Key: YARN-5428
> URL: https://issues.apache.org/jira/browse/YARN-5428
> Project: Hadoop YARN
> Issue Type: Sub-task
> Components: yarn
> Reporter: Shane Kumpf
> Assignee: Shane Kumpf
> Attachments: YARN-5428.001.patch, YARN-5428.002.patch,
> YARN-5428.003.patch, YARN-5428.004.patch
>
>
> The docker client allows for specifying a configuration directory that
> contains the docker client's configuration. It is common to store "docker
> login" credentials in this config, to avoid the need to docker login on each
> cluster member.
> By default the docker client config is $HOME/.docker/config.json on Linux.
> However, this does not work with the current container executor user
> switching and it may also be desirable to centralize this configuration
> beyond the single user's home directory.
> Note that the command line arg is for the configuration directory NOT the
> configuration file.
> This change will be needed to allow YARN to automatically pull images at
> localization time or within container executor.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
