hadoop-mapreduce-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Juan Carlos <juc...@gmail.com>
Subject Re: Service Level Authorization
Date Fri, 21 Feb 2014 08:25:00 GMT
Thanks Alex, my path to the queue was a mistake when I was testing
configurations and was unable to make work ACLs. My major problem was
about mapreduce.cluster.administrators
parameters. I didn't know anything about this parameter, I have been
looking for it in
http://hadoop.apache.org/docs/stable/hadoop-mapreduce-client/hadoop-mapreduce-client-core/mapred-default.xmlbut
it is missing there.
Thanks for your help, it worked as soon as I set that property to my hadoop
admin group.


2014-02-20 17:38 GMT+01:00 Alex Nastetsky <anastetsky@spryinc.com>:

> If your test1 queue is under test queue, then you have to specify the path
> in the same way:
>
> yarn.scheduler.capacity.root.test.test1.acl_submit_applications (you are
> missing the "test")
>
> Also, if your "hadoop" user is a member of user group "hadoop", that is
> the default value of the mapreduce.cluster.administrators in
> mapred-site.xml. Users of that group can submit jobs to and administer all
> queues.
>
>
> On Thu, Feb 20, 2014 at 11:28 AM, Juan Carlos <jucaf1@gmail.com> wrote:
>
>> Yes, that is what I'm looking for, but I couldn't find this information
>> for hadoop 2.2.0. I saw mapreduce.cluster.acls.enabled it's now the
>> parameter to use. But I don't know how to set my ACLs.
>> I'm using capacity schedurler and I've created 3 new queues test (which
>> is under root at the same level as default) and test1 and test2, which are
>> under test. As I said, I enabled mapreduce.cluster.acls.enabled in
>> mapred-site.xml and later added the parameter
>> yarn.scheduler.capacity.root.test1.acl_submit_applications with value
>> "jcfernandez ". If I submit a job to queue test1 with user hadoop, it
>> allows it to run it.
>> Which is my error?
>>
>>
>> 2014-02-20 16:41 GMT+01:00 Alex Nastetsky <anastetsky@spryinc.com>:
>>
>> Juan,
>>>
>>> What kind of information are you looking for? The service level ACLs are
>>> for limiting which services can communicate under certain protocols, by
>>> username or user group.
>>>
>>> Perhaps you are looking for client level ACL, something like the
>>> MapReduce ACLs?
>>> https://hadoop.apache.org/docs/r1.2.1/mapred_tutorial.html#Job+Authorization
>>>
>>> Alex.
>>>
>>>
>>> 2014-02-20 4:58 GMT-05:00 Juan Carlos <jcfernandez@cediant.es>:
>>>
>>> Where could I find some information about ACL? I only could find the
>>>> available in
>>>> http://hadoop.apache.org/docs/r2.2.0/hadoop-project-dist/hadoop-common/ServiceLevelAuth.html,
which isn't so detailed.
>>>> Regards
>>>>
>>>> Juan Carlos Fernández Rodríguez
>>>> Consultor Tecnológico
>>>>
>>>> Telf: +34918105294
>>>> Móvil: +34639311788
>>>>
>>>> CEDIANT
>>>> Centro para el Desarrollo, Investigación y Aplicación de Nuevas
>>>> Tecnologías
>>>> HPC Business Solutions
>>>>
>>>> ********************* AVISO LEGAL *********************
>>>> Este mensaje es solamente para la persona a la que va dirigido. Puede
>>>> contener información confidencial o legalmente protegida. No hay renuncia
a
>>>> la confidencialidad o privilegio por cualquier transmisión mala/errónea.
Si
>>>> usted ha recibido este mensaje por error,le rogamos que borre de su sistema
>>>> inmediatamente el mensaje asi como todas sus copias, destruya todas las
>>>> copias del mismo de su disco duro y notifique al remitente. No debe,
>>>> directa o indirectamente, usar, revelar, distribuir, imprimir o copiar
>>>> ninguna de las partes de este mensaje si no es usted el destinatario.
>>>> Cualquier opinión expresada en este mensaje proviene del remitente, excepto
>>>> cuando el mensaje establezca lo contrario y el remitente esté autorizado
>>>> para establecer que dichas opiniones provienen de 'CEDIANT'. Nótese que
el
>>>> correo electrónico vía Internet no permite asegurar ni la confidencialidad
>>>> de los mensajes que se transmiten ni la correcta recepción de los mismos.
>>>> En el caso de que el destinatario de este mensaje no consintiera la
>>>> utilización del correo electrónico vía Internet, rogamos lo ponga en
>>>> nuestro conocimiento de manera inmediata.
>>>>
>>>> ********************* DISCLAIMER *********************
>>>>  This message is intended exclusively for the named person. It may
>>>> contain confidential, propietary or legally privileged information. No
>>>> confidentiality or privilege is waived or lost by any mistransmission. If
>>>> you receive this message in error, please immediately delete it and all
>>>> copies of it from your system, destroy any hard copies of it an notify the
>>>> sender. Your must not, directly or indirectly, use, disclose, distribute,
>>>> print, or copy any part of this message if you are not the intended
>>>> recipient. Any views expressed in this message are those of the individual
>>>> sender, except where the message states otherwise and the sender is
>>>> authorised to state them to be the views of 'CEDIANT'. Please note that
>>>> internet e-mail neither guarantees the confidentiality nor the proper
>>>> receipt of the message sent. If the addressee of this message does not
>>>> consent to the use of internet e-mail, please communicate it to us
>>>> immediately.
>>>>
>>>>
>>>
>>
>

Mime
View raw message