You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@spark.apache.org by "Felix Cheung (JIRA)" <ji...@apache.org> on 2018/04/04 08:50:00 UTC

[jira] [Assigned] (SPARK-23680) entrypoint.sh does not accept arbitrary UIDs, returning as an error

     [ https://issues.apache.org/jira/browse/SPARK-23680?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Felix Cheung reassigned SPARK-23680:
------------------------------------

    Assignee: Ricardo Martinelli de Oliveira

> entrypoint.sh does not accept arbitrary UIDs, returning as an error
> -------------------------------------------------------------------
>
>                 Key: SPARK-23680
>                 URL: https://issues.apache.org/jira/browse/SPARK-23680
>             Project: Spark
>          Issue Type: Bug
>          Components: Kubernetes
>    Affects Versions: 2.3.0
>         Environment: OpenShift
>            Reporter: Ricardo Martinelli de Oliveira
>            Assignee: Ricardo Martinelli de Oliveira
>            Priority: Major
>              Labels: easyfix
>
> Openshift supports running pods using arbitrary UIDs ([https://docs.openshift.com/container-platform/3.7/creating_images/guidelines.html#openshift-specific-guidelines)]  to improve security. Although entrypoint.sh was developed to cover this feature, the script is returning an error[1].
> The issue is that the script uses getent to find the passwd entry of the current UID, and if the entry is not found it creates an entry in /etc/passwd. According to the getent man page:
> {code:java}
> EXIT STATUS
>        One of the following exit values can be returned by getent:
>           0         Command completed successfully.
>           1         Missing arguments, or database unknown.
>           2         One or more supplied key could not be found in the database.
>           3         Enumeration not supported on this database.
> {code}
> And since the script begin with a "set -ex" command, which means it turns on debug and breaks the script if the command pipelines returns an exit code other than 0.--
> Having that said, this line below must be changed to remove the "-e" flag from set command:
> https://github.com/apache/spark/blob/v2.3.0/resource-managers/kubernetes/docker/src/main/dockerfiles/spark/entrypoint.sh#L20
>  
>  [1]https://github.com/apache/spark/blob/v2.3.0/resource-managers/kubernetes/docker/src/main/dockerfiles/spark/entrypoint.sh#L25-L34



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@spark.apache.org
For additional commands, e-mail: issues-help@spark.apache.org