Return-Path: 
 <dev-return-21164-apmail-falcon-dev-archive=falcon.apache.org@falcon.apache.org>
X-Original-To: apmail-falcon-dev-archive@minotaur.apache.org
Delivered-To: apmail-falcon-dev-archive@minotaur.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 49983191ED
	for <apmail-falcon-dev-archive@minotaur.apache.org>;
 Tue, 12 Apr 2016 00:34:30 +0000 (UTC)
Received: (qmail 76186 invoked by uid 500); 12 Apr 2016 00:34:30 -0000
Delivered-To: apmail-falcon-dev-archive@falcon.apache.org
Received: (qmail 76153 invoked by uid 500); 12 Apr 2016 00:34:30 -0000
Mailing-List: contact dev-help@falcon.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:dev-help@falcon.apache.org>
List-Unsubscribe: <mailto:dev-unsubscribe@falcon.apache.org>
List-Post: <mailto:dev@falcon.apache.org>
List-Id: <dev.falcon.apache.org>
Reply-To: dev@falcon.apache.org
Delivered-To: mailing list dev@falcon.apache.org
Received: (qmail 76142 invoked by uid 99); 12 Apr 2016 00:34:30 -0000
Received: from pnap-us-west-generic-nat.apache.org (HELO
 spamd3-us-west.apache.org) (209.188.14.142)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 12 Apr 2016 00:34:30 +0000
Received: from localhost (localhost [127.0.0.1])
	by spamd3-us-west.apache.org (ASF Mail Server at spamd3-us-west.apache.org)
 with ESMTP id B3F41180183
	for <dev@falcon.apache.org>; Tue, 12 Apr 2016 00:34:29 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at spamd3-us-west.apache.org
X-Spam-Flag: NO
X-Spam-Score: -3.221
X-Spam-Level: 
X-Spam-Status: No, score=-3.221 tagged_above=-999 required=6.31
	tests=[KAM_ASCII_DIVIDERS=0.8, KAM_LAZY_DOMAIN_SECURITY=1,
	RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01,
	RP_MATCHES_RCVD=-0.001] autolearn=disabled
Received: from mx1-lw-eu.apache.org ([10.40.0.8])
	by localhost (spamd3-us-west.apache.org [10.40.0.10]) (amavisd-new,
 port 10024)
	with ESMTP id G5NZqJqjIcUo for <dev@falcon.apache.org>;
	Tue, 12 Apr 2016 00:34:27 +0000 (UTC)
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by mx1-lw-eu.apache.org (ASF Mail Server at mx1-lw-eu.apache.org) with SMTP
 id AF93A5F232
	for <dev@falcon.incubator.apache.org>; Tue, 12 Apr 2016 00:34:26 +0000 (UTC)
Received: (qmail 73431 invoked by uid 99); 12 Apr 2016 00:34:26 -0000
Received: from arcas.apache.org (HELO arcas) (140.211.11.28)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 12 Apr 2016 00:34:25 +0000
Received: from arcas.apache.org (localhost [127.0.0.1])
	by arcas (Postfix) with ESMTP id C1BF52C1F72
	for <dev@falcon.incubator.apache.org>; Tue, 12 Apr 2016 00:34:25 +0000 (UTC)
Date: Tue, 12 Apr 2016 00:34:25 +0000 (UTC)
From: "ASF GitHub Bot (JIRA)" <jira@apache.org>
To: dev@falcon.incubator.apache.org
Message-ID: <JIRA.12783065.1426721745000.200009.1460421265790@Atlassian.JIRA>
In-Reply-To: <JIRA.12783065.1426721745000@Atlassian.JIRA>
References: <JIRA.12783065.1426721745000@Atlassian.JIRA>
 <JIRA.12783065.1426721745337@arcas>
Subject: [jira] [Commented] (FALCON-1107) Move trusted recipe processing to
 server side
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394


    [ https://issues.apache.org/jira/browse/FALCON-1107?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15236328#comment-15236328 ] 

ASF GitHub Bot commented on FALCON-1107:
----------------------------------------

GitHub user sowmyaramesh opened a pull request:

    https://github.com/apache/falcon/pull/92

    FALCON-1107: Move trusted extensions processing to server side

    Ignore any documentation issues as it will be addressed in https://issues.apache.org/jira/browse/FALCON-1106. Thanks!

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/sowmyaramesh/falcon FALCON-1107

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/falcon/pull/92.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #92
    
----
commit 75420419d7ae863a7c5850e65d778d1cc27fe55a
Author: Sowmya Ramesh <sramesh@hortonworks.com>
Date:   2016-04-12T00:29:04Z

    FALCON-1107: Move trusted extensions processing to server side

----


> Move trusted recipe processing to server side
> ---------------------------------------------
>
>                 Key: FALCON-1107
>                 URL: https://issues.apache.org/jira/browse/FALCON-1107
>             Project: Falcon
>          Issue Type: Sub-task
>            Reporter: Sowmya Ramesh
>            Assignee: Sowmya Ramesh
>              Labels: Recipe
>             Fix For: trunk
>
>         Attachments: ApacheFalcon-RecipeDesignDocument.V1.pdf, ApacheFalcon-RecipeDesignDocument.pdf
>
>
> Today Recipe cooking is a client side logic. Recipe also supports extensions i.e. user can cook his/her own custom recipes.
> Decision to make it client side logic was for the following reasons
>   *   Keep it isolated from falcon server
>   *   As custom recipe cooking is supported, user recipes can introduce security vulnerabilities and also can bring down the falcon server
> Today, falcon provides HDFS DR recipe out of the box. There is a plan to add UI support for DR in Falcon.
> Rest API support cannot be added for recipe as it is client side processing.
> If the UI is pure java script[JS] then all the recipe cooking logic has to be repeated in JS. This is not a feasible solution - if more recipes are added say DR for hive, hbase and others, UI won't be extensible.
> For the above mentioned reasons Recipe should me made a server side logic.
> Provided/Trusted recipes [recipes provided out of the box]  can run as Falcon process. Recipe cooking will be done in a new process if its custom recipe [user code].
> For cooking of custom recipes, design proposed should consider handling security implications, handling the issues where the custom user code can bring down the Falcon server (trapping System.exit), handling  class path isolation.
> Also it shouldn't in anyway destabilize the Falcon system.
> There are couple of approaches which was discussed
> *Approach 1:*
> Custom Recipe cooking can be carried out separately in another Oozie WF, this will ensure isolation. Oozie already has the ability to schedule jobs as a user and handles all the security aspects of it.
> Pros:
> - Provides isolation
> - Piggyback on Oozie as it already provides the required functionality
> Cons:
> - As recipe processing is done in different WF, from operations point of view user cannot figure out recipe processing status and thus adds to the operational pain. Operational issue with this approach is said to be the overall
> apparatus needed to monitor and manage the recipe-cooking workflows.  
> Oozie scheduling can bring arbitrary delays  Granted we can design around the limitations and make use of the strengths of the approach but it seems something we can avoid if we can.
> - There has been few discussions to move away from Oozie as scheduling engine for Falcon. If this is the plan going forward its good not to add new functionality using oozie.
> *Approach 2:*
> Custom recipe cooking is done on the server side in a separate independent process than Falcon process I.e. It runs in a different JVM. Throttling should be added for how many recipe cooking processes can be launched keeping in mind the machine configuration.
> Pros:
> - Provides isolation as recipe cooking is done in a independent process
> Cons:
> - Performance overhead as new process is launched for custom recipe cooking
> - Adds more complexity to the system
> This bug will be used to move recipe processing for trusted recipes to server side.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)