spark-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Anirudh Ramanathan (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (SPARK-23680) entrypoint.sh does not accept arbitrary UIDs, returning as an error
Date Mon, 02 Apr 2018 19:05:00 GMT

    [ https://issues.apache.org/jira/browse/SPARK-23680?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16422987#comment-16422987
] 

Anirudh Ramanathan commented on SPARK-23680:
--------------------------------------------

[~felixcheung] helped me set up the right permissions in JIRA to edit that field.

> entrypoint.sh does not accept arbitrary UIDs, returning as an error
> -------------------------------------------------------------------
>
>                 Key: SPARK-23680
>                 URL: https://issues.apache.org/jira/browse/SPARK-23680
>             Project: Spark
>          Issue Type: Bug
>          Components: Kubernetes
>    Affects Versions: 2.3.0
>         Environment: OpenShift
>            Reporter: Ricardo Martinelli de Oliveira
>            Priority: Major
>              Labels: easyfix
>
> Openshift supports running pods using arbitrary UIDs ([https://docs.openshift.com/container-platform/3.7/creating_images/guidelines.html#openshift-specific-guidelines)] 
to improve security. Although entrypoint.sh was developed to cover this feature, the script
is returning an error[1].
> The issue is that the script uses getent to find the passwd entry of the current UID,
and if the entry is not found it creates an entry in /etc/passwd. According to the getent
man page:
> {code:java}
> EXIT STATUS
>        One of the following exit values can be returned by getent:
>           0         Command completed successfully.
>           1         Missing arguments, or database unknown.
>           2         One or more supplied key could not be found in the
database.
>           3         Enumeration not supported on this database.
> {code}
> And since the script begin with a "set -ex" command, which means it turns on debug and
breaks the script if the command pipelines returns an exit code other than 0.--
> Having that said, this line below must be changed to remove the "-e" flag from set command:
> https://github.com/apache/spark/blob/v2.3.0/resource-managers/kubernetes/docker/src/main/dockerfiles/spark/entrypoint.sh#L20
>  
>  [1]https://github.com/apache/spark/blob/v2.3.0/resource-managers/kubernetes/docker/src/main/dockerfiles/spark/entrypoint.sh#L25-L34



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@spark.apache.org
For additional commands, e-mail: issues-help@spark.apache.org


Mime
View raw message