You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-commits@hadoop.apache.org by ey...@apache.org on 2019/02/15 16:19:17 UTC

[hadoop] branch trunk updated: YARN-8927. Added support for top level Dockerhub images to trusted registry using library keyword. Contributed by Zhankun Tang

This is an automated email from the ASF dual-hosted git repository.

eyang pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/hadoop.git


The following commit(s) were added to refs/heads/trunk by this push:
     new 7c1b561  YARN-8927. Added support for top level Dockerhub images to trusted registry using library keyword.            Contributed by Zhankun Tang
7c1b561 is described below

commit 7c1b561e334f32cc0b5011fc52c47e0758fd47a9
Author: Eric Yang <ey...@apache.org>
AuthorDate: Fri Feb 15 11:18:07 2019 -0500

    YARN-8927. Added support for top level Dockerhub images to trusted registry using library keyword.
               Contributed by Zhankun Tang
---
 .../container-executor/impl/utils/docker-util.c    | 13 +++++++
 .../test/utils/test_docker_util.cc                 | 41 ++++++++++++++++++++++
 2 files changed, 54 insertions(+)

diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/impl/utils/docker-util.c b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/impl/utils/docker-util.c
index 0a5d2ed..6db5b5d 100644
--- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/impl/utils/docker-util.c
+++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/impl/utils/docker-util.c
@@ -113,6 +113,7 @@ int check_trusted_image(const struct configuration *command_config, const struct
   int found = 0;
   int i = 0;
   int ret = 0;
+  int no_registry_prefix_in_image_name = 0;
   char *image_name = get_configuration_value("image", DOCKER_COMMAND_FILE_SECTION, command_config);
   char **privileged_registry = get_configuration_values_delimiter("docker.trusted.registries", CONTAINER_EXECUTOR_CFG_DOCKER_SECTION, conf, ",");
   char *registry_ptr = NULL;
@@ -120,8 +121,20 @@ int check_trusted_image(const struct configuration *command_config, const struct
     ret = INVALID_DOCKER_IMAGE_NAME;
     goto free_and_exit;
   }
+  if (strchr(image_name, '/') == NULL) {
+    no_registry_prefix_in_image_name = 1;
+  }
   if (privileged_registry != NULL) {
     for (i = 0; privileged_registry[i] != NULL; i++) {
+      // "library" means we trust public top
+      if (strncmp(privileged_registry[i], "library", strlen("library")) == 0) {
+        if (no_registry_prefix_in_image_name) {
+          // if image doesn't exists, docker pull will automatically happen
+          found = 1;
+          fprintf(LOGFILE, "image: %s is a trusted top-level image.\n", image_name);
+          break;
+        }
+      }
       int len = strlen(privileged_registry[i]);
       if (privileged_registry[i][len - 1] != '/') {
         registry_ptr = (char *) alloc_and_clear_memory(len + 2, sizeof(char));
diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/test/utils/test_docker_util.cc b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/test/utils/test_docker_util.cc
index 6c239d2..0401808 100644
--- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/test/utils/test_docker_util.cc
+++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/test/utils/test_docker_util.cc
@@ -1921,4 +1921,45 @@ namespace ContainerExecutor {
     run_docker_command_test(file_cmd_vec, bad_file_cmd_vec, get_docker_exec_command);
     free_configuration(&container_executor_cfg);
   }
+
+  TEST_F(TestDockerUtil, test_trusted_top_level_image) {
+    struct configuration container_cfg, cmd_cfg;
+    std::string container_executor_contents = "[docker]\n"
+        "  docker.trusted.registries=library\n";
+    write_file(container_executor_cfg_file, container_executor_contents);
+    int ret = read_config(container_executor_cfg_file.c_str(), &container_cfg);
+    if (ret != 0) {
+      FAIL();
+    }
+    ret = create_ce_file();
+    if (ret != 0) {
+      std::cerr << "Could not create ce file, skipping test" << std::endl;
+      return;
+    }
+    std::vector<std::pair<std::string, std::string> > file_cmd_vec;
+    file_cmd_vec.push_back(std::make_pair<std::string, std::string>(
+        "[docker-command-execution]\n"
+            "  image=centos",
+        "centos"));
+    file_cmd_vec.push_back(std::make_pair<std::string, std::string>(
+        "[docker-command-execution]\n"
+            "  image=ubuntu:latest",
+        "centos"));
+    file_cmd_vec.push_back(std::make_pair<std::string, std::string>(
+        "[docker-command-execution]\n"
+            "  image=library/centos",
+        "centos"));
+    std::vector<std::pair<std::string, std::string> >::const_iterator itr;
+
+    for (itr = file_cmd_vec.begin(); itr != file_cmd_vec.end(); ++itr) {
+      write_command_file(itr->first);
+      ret = read_config(docker_command_file.c_str(), &cmd_cfg);
+      if (ret != 0) {
+        FAIL();
+      }
+      ret = check_trusted_image(&cmd_cfg, &container_cfg);
+      ASSERT_EQ(0, ret);
+    }
+    free_configuration(&container_cfg);
+  }
 }


---------------------------------------------------------------------
To unsubscribe, e-mail: common-commits-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-commits-help@hadoop.apache.org