[
https://issues.apache.org/jira/browse/YARN-5428?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15405755#comment-15405755
]
Shane Kumpf commented on YARN-5428:
-----------------------------------
To be clear, this patch is enabling the ability to set the docker client's
configuration directory. It is up to the administrator if they want to store
credentials in that configuration. I'm not advocating a global credential store
in any regard. Other client configuration is also stored in config.json.
To answer your question though, one scenario where this is useful is to allow
YARN to automatically pull the image from a docker private repository as
needed. A read-only user can be created at Docker hub and given read access to
the images they require. By storing this read-only credential in config.json,
and setting the property provided in this patch, the administrator or end user
no longer needs to "pre-pull" the image on all machines, which is an
administrative burden. As Zhankun points out, it is common that the config is
owned by root and perms set to 700, but again, it is up to the administrator
how they want to leverage the docker client config.
Hope that helps.
> Allow for specifying the docker client configuration directory
> --------------------------------------------------------------
>
> Key: YARN-5428
> URL: https://issues.apache.org/jira/browse/YARN-5428
> Project: Hadoop YARN
> Issue Type: Sub-task
> Components: yarn
> Reporter: Shane Kumpf
> Assignee: Shane Kumpf
> Attachments: YARN-5428.001.patch, YARN-5428.002.patch,
> YARN-5428.003.patch, YARN-5428.004.patch
>
>
> The docker client allows for specifying a configuration directory that
> contains the docker client's configuration. It is common to store "docker
> login" credentials in this config, to avoid the need to docker login on each
> cluster member.
> By default the docker client config is $HOME/.docker/config.json on Linux.
> However, this does not work with the current container executor user
> switching and it may also be desirable to centralize this configuration
> beyond the single user's home directory.
> Note that the command line arg is for the configuration directory NOT the
> configuration file.
> This change will be needed to allow YARN to automatically pull images at
> localization time or within container executor.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
