You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-commits@hadoop.apache.org by ey...@apache.org on 2019/02/15 16:19:17 UTC
[hadoop] branch trunk updated: YARN-8927. Added support for top
level Dockerhub images to trusted registry using library keyword.
Contributed by Zhankun Tang
This is an automated email from the ASF dual-hosted git repository.
eyang pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/hadoop.git
The following commit(s) were added to refs/heads/trunk by this push:
new 7c1b561 YARN-8927. Added support for top level Dockerhub images to trusted registry using library keyword. Contributed by Zhankun Tang
7c1b561 is described below
commit 7c1b561e334f32cc0b5011fc52c47e0758fd47a9
Author: Eric Yang <ey...@apache.org>
AuthorDate: Fri Feb 15 11:18:07 2019 -0500
YARN-8927. Added support for top level Dockerhub images to trusted registry using library keyword.
Contributed by Zhankun Tang
---
.../container-executor/impl/utils/docker-util.c | 13 +++++++
.../test/utils/test_docker_util.cc | 41 ++++++++++++++++++++++
2 files changed, 54 insertions(+)
diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/impl/utils/docker-util.c b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/impl/utils/docker-util.c
index 0a5d2ed..6db5b5d 100644
--- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/impl/utils/docker-util.c
+++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/impl/utils/docker-util.c
@@ -113,6 +113,7 @@ int check_trusted_image(const struct configuration *command_config, const struct
int found = 0;
int i = 0;
int ret = 0;
+ int no_registry_prefix_in_image_name = 0;
char *image_name = get_configuration_value("image", DOCKER_COMMAND_FILE_SECTION, command_config);
char **privileged_registry = get_configuration_values_delimiter("docker.trusted.registries", CONTAINER_EXECUTOR_CFG_DOCKER_SECTION, conf, ",");
char *registry_ptr = NULL;
@@ -120,8 +121,20 @@ int check_trusted_image(const struct configuration *command_config, const struct
ret = INVALID_DOCKER_IMAGE_NAME;
goto free_and_exit;
}
+ if (strchr(image_name, '/') == NULL) {
+ no_registry_prefix_in_image_name = 1;
+ }
if (privileged_registry != NULL) {
for (i = 0; privileged_registry[i] != NULL; i++) {
+ // "library" means we trust public top
+ if (strncmp(privileged_registry[i], "library", strlen("library")) == 0) {
+ if (no_registry_prefix_in_image_name) {
+ // if image doesn't exists, docker pull will automatically happen
+ found = 1;
+ fprintf(LOGFILE, "image: %s is a trusted top-level image.\n", image_name);
+ break;
+ }
+ }
int len = strlen(privileged_registry[i]);
if (privileged_registry[i][len - 1] != '/') {
registry_ptr = (char *) alloc_and_clear_memory(len + 2, sizeof(char));
diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/test/utils/test_docker_util.cc b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/test/utils/test_docker_util.cc
index 6c239d2..0401808 100644
--- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/test/utils/test_docker_util.cc
+++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/test/utils/test_docker_util.cc
@@ -1921,4 +1921,45 @@ namespace ContainerExecutor {
run_docker_command_test(file_cmd_vec, bad_file_cmd_vec, get_docker_exec_command);
free_configuration(&container_executor_cfg);
}
+
+ TEST_F(TestDockerUtil, test_trusted_top_level_image) {
+ struct configuration container_cfg, cmd_cfg;
+ std::string container_executor_contents = "[docker]\n"
+ " docker.trusted.registries=library\n";
+ write_file(container_executor_cfg_file, container_executor_contents);
+ int ret = read_config(container_executor_cfg_file.c_str(), &container_cfg);
+ if (ret != 0) {
+ FAIL();
+ }
+ ret = create_ce_file();
+ if (ret != 0) {
+ std::cerr << "Could not create ce file, skipping test" << std::endl;
+ return;
+ }
+ std::vector<std::pair<std::string, std::string> > file_cmd_vec;
+ file_cmd_vec.push_back(std::make_pair<std::string, std::string>(
+ "[docker-command-execution]\n"
+ " image=centos",
+ "centos"));
+ file_cmd_vec.push_back(std::make_pair<std::string, std::string>(
+ "[docker-command-execution]\n"
+ " image=ubuntu:latest",
+ "centos"));
+ file_cmd_vec.push_back(std::make_pair<std::string, std::string>(
+ "[docker-command-execution]\n"
+ " image=library/centos",
+ "centos"));
+ std::vector<std::pair<std::string, std::string> >::const_iterator itr;
+
+ for (itr = file_cmd_vec.begin(); itr != file_cmd_vec.end(); ++itr) {
+ write_command_file(itr->first);
+ ret = read_config(docker_command_file.c_str(), &cmd_cfg);
+ if (ret != 0) {
+ FAIL();
+ }
+ ret = check_trusted_image(&cmd_cfg, &container_cfg);
+ ASSERT_EQ(0, ret);
+ }
+ free_configuration(&container_cfg);
+ }
}
---------------------------------------------------------------------
To unsubscribe, e-mail: common-commits-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-commits-help@hadoop.apache.org