hadoop-yarn-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Zhijie Shen (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (YARN-2446) Using TimelineNamespace to shield the entities of a user
Date Thu, 28 Aug 2014 06:27:58 GMT

     [ https://issues.apache.org/jira/browse/YARN-2446?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel

Zhijie Shen updated YARN-2446:

    Attachment: YARN-2446.1.patch

This patch makes use of the namespace to control the user's access to the entities belonging
to it. The system is going to have a default namespace, which allows every body to read and
write entities. If the user doesn't specify the namespace id when putting an entity, it will
be put into the default one.

One thing it worth mentioning that the patch doesn't cover the part of entity identifier <type,
id> isolation. In the initial proposal, we plan to allow the same entity identifier in
different namespace. However, it will require fully refurnishing the current key space in
leveldb timeline store, which makes the assumption <type, id> is unique globally. Moreover,
the APIs need to be changed according. For example, getEntity is likely to return multiple
entities of the same identifier unless we provide one more namespace param. On the other side,
as the authenticated user in YARN cluster should be reasonable on creating the entity and
its identifier, such that it's rare case of identifier collision unless the attacker intentionally
does it. So we decided to postpone the identifier collision avoidance until some use case
really wants it.

> Using TimelineNamespace to shield the entities of a user
> --------------------------------------------------------
>                 Key: YARN-2446
>                 URL: https://issues.apache.org/jira/browse/YARN-2446
>             Project: Hadoop YARN
>          Issue Type: Sub-task
>          Components: timelineserver
>            Reporter: Zhijie Shen
>            Assignee: Zhijie Shen
>         Attachments: YARN-2446.1.patch
> Given YARN-2102 adds TimelineNamespace, we can make use of it to shield the entities,
preventing them from being accessed or affected by other users' operations.

This message was sent by Atlassian JIRA

View raw message