hadoop-yarn-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Gordon Wang (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (YARN-1941) Yarn scheduler ACL improvement
Date Sun, 27 Apr 2014 15:27:15 GMT

    [ https://issues.apache.org/jira/browse/YARN-1941?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13982355#comment-13982355

Gordon Wang commented on YARN-1941:

[~rusanu], from the dev engineer view, I can not agree with you more. But as [~sandyr] mentioned,
if a lot of customers are using this, We should evaluate the impact of this change.
I reconsider this. I prefer to change the root ACL now. And here is my thought.
1. If we change root ACL to " ", users who leave root ACL as default should have to update
their scheduler configuration file. But it is an easy update, just implicitly set root ACL
as "*" is OK.
2. Since most of the users may use ClouderaManager or Ambari to do the upgrade job. This kind
of change can be easily implemented in these tools. Thus, the impact of users will be minimised.
For the users who directly use hadoop binary, they must be the experienced hadoop admins.
Change this configuration is not a hard job for them during cluster upgrade. 

[~sandyr], what are your opinions? could you please help me to involve more YARN guys to discuss
this? Your comments are very welcome !


> Yarn scheduler ACL improvement
> ------------------------------
>                 Key: YARN-1941
>                 URL: https://issues.apache.org/jira/browse/YARN-1941
>             Project: Hadoop YARN
>          Issue Type: Improvement
>          Components: scheduler
>    Affects Versions: 2.3.0
>            Reporter: Gordon Wang
>            Assignee: Gordon Wang
>              Labels: scheduler
> Defect:
> 1. Currently, in Yarn Capacity Scheduler and Yarn Fair Scheduler, the queue ACL is always
checked when submitting a app to scheduler, regardless of the property "yarn.acl.enable".
> But for killing an app, the ACL is checked when yarn.acl.enable is set.
> The behaviour is not consistent.
> 2. default ACL for root queue is EVERYBODY_ACL( * ), while default ACL for other queues
is NODODY_ACL( ). From users' view, this is error prone and not easy to understand the ACL
policy of Yarn scheduler. root queue should not be so special compared with other parent queues.
> For example, if I want to set capacity scheduler ACL, the ACL of root has to be set explicitly.
Otherwise, everyone can submit APP to yarn scheduler. Because root queue ACL is EVERYBODY_ACL.
> This is hard for user to administrate yarn scheduler.
> So, I propose to improve the ACL of yarn scheduler in the following aspects.
> 1. only enable scheduler queue ACL when yarn.acl.enable is set to true.
> 2. set the default ACL of root queue as NOBODY_ACL( ). Make all the parent queues' ACL

This message was sent by Atlassian JIRA

View raw message