hadoop-yarn-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Zhijie Shen (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (YARN-899) Get queue administration ACLs working
Date Thu, 26 Sep 2013 18:39:04 GMT

    [ https://issues.apache.org/jira/browse/YARN-899?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13779074#comment-13779074
] 

Zhijie Shen commented on YARN-899:
----------------------------------

bq. Someone more experienced correct me if I'm wrong here, but I believe the goal of queue
administration ACLs is to allow admins to delegate responsibility. So if I am a cluster admin
and I set up a queue for the marketing department and a queue for the engineering department,
I might want to allow the head of marketing to kill applications in the marketing queue without
needing to go through me. With this in mind, I think who has access should be based on a union
of ACLs - I should be able to kill any application in the marketing queue either if I am on
the application's ACL or if I am on the queue's ACL.

Make sense

bq. For the view access, we can check the union of QueueACLs and ApplicationACLs

Then, IMHO, the union of ACLs should be applied to both viewing applications and killing them.
More, I think it's good to document the super permission from the queue administrator.
                
> Get queue administration ACLs working
> -------------------------------------
>
>                 Key: YARN-899
>                 URL: https://issues.apache.org/jira/browse/YARN-899
>             Project: Hadoop YARN
>          Issue Type: Bug
>          Components: scheduler
>    Affects Versions: 2.1.0-beta
>            Reporter: Sandy Ryza
>            Assignee: Xuan Gong
>         Attachments: YARN-899.1.patch, YARN-899.2.patch, YARN-899.3.patch, YARN-899.4.patch,
YARN-899.5.patch, YARN-899.5.patch, YARN-899.6.patch, YARN-899.7.patch, YARN-899.8.patch
>
>
> The Capacity Scheduler documents the yarn.scheduler.capacity.root.<queue-path>.acl_administer_queue
config option for controlling who can administer a queue, but it is not hooked up to anything.
 The Fair Scheduler could make use of a similar option as well.  This is a feature-parity
regression from MR1.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message