hadoop-mapreduce-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hemanth Yamijala (JIRA)" <j...@apache.org>
Subject [jira] Commented: (MAPREDUCE-1543) Log messages of JobACLsManager should use security logging of HADOOP-6586
Date Thu, 11 Mar 2010 11:28:27 GMT

    [ https://issues.apache.org/jira/browse/MAPREDUCE-1543?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12844029#action_12844029

Hemanth Yamijala commented on MAPREDUCE-1543:


Primarily I am thinking that having a format close to HDFS is good, because the HDFS audit
log has been around for a while now and is probably something users are used to. That said,
I think we may also want to keep in mind the cost of getting all the information to keep the
two logs similar.

I had a discussion with Vinod and Ravi also about this. To me, printing UGI (in place of agent,
which is just user name) and remote-ip would be good. However, opinion is not fully converging
on this. Ravi and Vinod feel UGI might be too verbose and also getting the groups for a user
could impact performance if the groups are not cached.

Remote IP is very useful, IMO. If something failed, having the remote IP will help identify
the source of trouble. I am even thinking there might be cases where valid users due to misconfigured
nodes could face failures. And logging the remote IP will help weed out these misconfigurations.

Given the above, one thought is to have groups and remote-ip optional, and log them only for

Permissions equals ACLs for us. ACLs can be verbose too. Hence, it falls in the same category
as the above two fields.

I would also suggest a key=value kind of format for this. If HDFS is also using the same,
I think this is definitely the way to go.

> Log messages of JobACLsManager should use security logging of HADOOP-6586
> -------------------------------------------------------------------------
>                 Key: MAPREDUCE-1543
>                 URL: https://issues.apache.org/jira/browse/MAPREDUCE-1543
>             Project: Hadoop Map/Reduce
>          Issue Type: Bug
>          Components: security
>            Reporter: Vinod K V
>             Fix For: 0.22.0
> {{JobACLsManager}} added in MAPREDUCE-1307 logs the successes and failures w.r.t job-level
authorization in the corresponding Daemons' logs. The log messages should instead use security
logging of HADOOP-6586.

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message