hadoop-yarn-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Naganarasimha G R (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (YARN-2973) Capacity scheduler configuration ACLs not work.
Date Wed, 17 Dec 2014 06:22:13 GMT

    [ https://issues.apache.org/jira/browse/YARN-2973?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14249543#comment-14249543
] 

Naganarasimha G R commented on YARN-2973:
-----------------------------------------

As per the description in the YARN documentation 
{quote}
"yarn.scheduler.capacity.root.<queue-path>.acl_submit_applications" 
 The ACL which controls who can submit applications to the given queue. If the given user/group
has necessary ACLs on the given queue or one of the parent queues in the hierarchy they can
submit applications. ACLs for this property are inherited from the parent queue if not specified.
{quote}
So basically ACL is union of all ACL's in the queue hierarchy
and there is a note : 
{quote}
Note: An ACL is of the form user1, user2spacegroup1, group2. The special value of * implies
anyone. The special value of space implies no one. The default is * for the root queue if
not specified.
{quote}
So jcsong2 can access all as by default root queue is * .
But i feel the default root queue permission should not be * and better to be taken as no
rights (i.e. space) when acl's are enabled.
May be others can give opinion on this ...

> Capacity scheduler configuration ACLs not work.
> -----------------------------------------------
>
>                 Key: YARN-2973
>                 URL: https://issues.apache.org/jira/browse/YARN-2973
>             Project: Hadoop YARN
>          Issue Type: Bug
>          Components: capacityscheduler
>    Affects Versions: 2.5.0
>         Environment: ubuntu 12.04, cloudera manager, cdh5.2.1
>            Reporter: Jimmy Song
>            Assignee: Rohith
>              Labels: acl, capacity-scheduler, yarn
>
> I follow this page to configure yarn: http://archive.cloudera.com/cdh5/cdh/5/hadoop/hadoop-yarn/hadoop-yarn-site/CapacityScheduler.html.

> I configured YARN to use capacity scheduler in yarn-site.xml with yarn.resourcemanager.scheduler.class
for org.apache.hadoop.yarn.server.resourcemanager.scheduler.capacity.CapacityScheduler. Then
modified capacity-scheduler.xml,
> ___________________________________________________
> <?xml version="1.0"?>
> <configuration>
>   <property>
>     <name>yarn.scheduler.capacity.root.queues</name>
>     <value>default,extract,report,tool</value>
>   </property>
>   <property>
>     <name>yarn.scheduler.capacity.root.state</name>
>     <value>RUNNING</value>
>   </property>
>   <property>
>     <name>yarn.scheduler.capacity.root.default.acl_submit_applications</name>
>     <value>jcsong2, y2 </value>
>   </property>
>   <property>
>     <name>yarn.scheduler.capacity.root.default.acl_administer_queue</name>
>     <value>jcsong2, y2 </value>
>   </property>
>   <property>
>     <name>yarn.scheduler.capacity.root.default.capacity</name>
>     <value>35</value>
>   </property>
>   <property>
>     <name>yarn.scheduler.capacity.root.extract.acl_submit_applications</name>
>     <value>jcsong2 </value>
>   </property>
>   <property>
>     <name>yarn.scheduler.capacity.root.extract.acl_administer_queue</name>
>     <value>jcsong2 </value>
>   </property>
>   <property>
>     <name>yarn.scheduler.capacity.root.extract.capacity</name>
>     <value>15</value>
>   </property>
>   <property>
>     <name>yarn.scheduler.capacity.root.report.acl_submit_applications</name>
>     <value>y2 </value>
>   </property>
>   <property>
>     <name>yarn.scheduler.capacity.root.report.acl_administer_queue</name>
>     <value>y2 </value>
>   </property>
>   <property>
>     <name>yarn.scheduler.capacity.root.report.capacity</name>
>     <value>35</value>
>   </property>
>   <property>
>     <name>yarn.scheduler.capacity.root.tool.acl_submit_applications</name>
>     <value> </value>
>   </property>
>   <property>
>     <name>yarn.scheduler.capacity.root.tool.acl_administer_queue</name>
>     <value> </value>
>   </property>
>   <property>
>     <name>yarn.scheduler.capacity.root.tool.capacity</name>
>     <value>15</value>
>   </property>
> </configuration>
> _______________________________________________
> I have enabled the acl in yarn-site.xml, but the user jcsong2 can submit applications
to every queue. The queue acl does't work! And the queue used capacity more than it was configured!




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message