hadoop-mapreduce-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hemanth Yamijala (JIRA)" <j...@apache.org>
Subject [jira] Commented: (MAPREDUCE-1543) Log messages of JobACLsManager should use security logging of HADOOP-6586
Date Tue, 16 Mar 2010 13:21:27 GMT

    [ https://issues.apache.org/jira/browse/MAPREDUCE-1543?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12845894#action_12845894

Hemanth Yamijala commented on MAPREDUCE-1543:

bq. HDFS uses ugi. As we discussed, we would be logging the usernames in MapReduce. I think
agent can act as a common word for ugi or username.

I prefer userid. Ok with ip, if it maintains parity with HDFS.

bq. [tabs] inline with HDFS.


bq. I would rather prefer having one word representation for permissions for audit logs.

I think the toString of ACLs should be maintained and cannot be changed, it is a constraint.
Further, while permissions is one example, I think there may be other values with spaces.
Since we are using tabs as delimiters, maybe this is less of an issue now.

bq. Reason seems confusing.

Can you confirm if we are changing this to AdditionalInfo, I think that's more general.

bq. I would rather prefer Enums and have JobTracker.Operations and JobInProgress.Operations.
Note we already have QueueManager.QueueOperations.

Umm, but we'll still need to treat these as 'Object' parameters and do a toString on them
to get a log, right ? I see that as no different from passing a string.

bq. Two logs for submitJob because they are 2 authorization checks involved.

My concern is that in a success case, there are multiple lines indicating that job submission
succeeded - one for the queue and one in submitJob itself. But possibly this is OK.

bq. If audit logs are important then what is the point of making some of them WARN, ERROR
or FATAL? Shouldn't all the audit logs be INFO logs?

This was inline with the other audit patch and hence my suggestion. Failure logs are more
important than Success logs. Hence to optimize for e.g. we can turn off success logs by configuring
log level. I would prefer this be done.

> Log messages of JobACLsManager should use security logging of HADOOP-6586
> -------------------------------------------------------------------------
>                 Key: MAPREDUCE-1543
>                 URL: https://issues.apache.org/jira/browse/MAPREDUCE-1543
>             Project: Hadoop Map/Reduce
>          Issue Type: Bug
>          Components: security
>            Reporter: Vinod K V
>            Assignee: Amar Kamat
>             Fix For: 0.22.0
>         Attachments: mapreduce-1543-y20s.patch
> {{JobACLsManager}} added in MAPREDUCE-1307 logs the successes and failures w.r.t job-level
authorization in the corresponding Daemons' logs. The log messages should instead use security
logging of HADOOP-6586.

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message