hadoop-yarn-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "daemon (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (YARN-6791) Add a new acl control to make YARN acl control perfect
Date Mon, 10 Jul 2017 12:23:00 GMT

     [ https://issues.apache.org/jira/browse/YARN-6791?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

daemon updated YARN-6791:
-------------------------
    Description: 
The yarn application acl control is not so perfect which could let us pretty confused sometimes.
!screenshot-1.png!

The yarn acl is disabled default, but when we enable it. 
You will find the others who neither  is yarn admin nor queue admin can not view the application
detail. 
It will show something as blow in YARN RM web ui:
!screenshot-2.png! 

So when we enable those configs, you will find it is very inconvenient to view the application
status
when use RM web ui.

There are two ways to solve the problem:
1.  To make the web ui more perfect, and can allow user to login as any uses he want.
Besides, it should provide a perfect verification mechanism.
2. Add a config in YarnConfiguration, which can allow some uses view any applications he want.
But he has not modify permissions. 
In this way, the user can view all applications  but can not kill other users applications.

Of the above two solutions, I will choose the second solution.
It is low cost but is more useful.

I will work on this, and upload the patch later.

  was:
The yarn application acl control is not so perfect which could let us pretty confused sometimes.
!screenshot-1.png!

The yarn acl is disabled default, but when we enable it. 
You will find the others who neither  is yarn admin nor queue admin, he will not view the
status
of the application. It will show something as blow in YARN RM web ui:
!screenshot-2.png! 

So when we enable those configs, you will find it is very inconvenient to view the application
status
for uses.
There are two ways to solve the problem:
1.  To make the web ui more perfect, and can allow user to login as any uses he want.
Besides, it should provide a perfect verification mechanism.
2. Add a config in YarnConfiguration, which can allow some uses view any applications he want.
But he has not modify permissions. 
In this way, the user can view all applications  but can not kill other users applications.

Of the above two solutions, I will choose the second solution.
It is low cost but is more useful.

I will work on this, and upload the patch later.


> Add a new acl control to make YARN acl control perfect
> ------------------------------------------------------
>
>                 Key: YARN-6791
>                 URL: https://issues.apache.org/jira/browse/YARN-6791
>             Project: Hadoop YARN
>          Issue Type: Improvement
>          Components: yarn
>    Affects Versions: 2.7.2
>            Reporter: daemon
>            Assignee: daemon
>             Fix For: 2.7.2
>
>         Attachments: screenshot-1.png, screenshot-2.png
>
>
> The yarn application acl control is not so perfect which could let us pretty confused
sometimes.
> !screenshot-1.png!
> The yarn acl is disabled default, but when we enable it. 
> You will find the others who neither  is yarn admin nor queue admin can not view the
application detail. 
> It will show something as blow in YARN RM web ui:
> !screenshot-2.png! 
> So when we enable those configs, you will find it is very inconvenient to view the application
status
> when use RM web ui.
> There are two ways to solve the problem:
> 1.  To make the web ui more perfect, and can allow user to login as any uses he want.
> Besides, it should provide a perfect verification mechanism.
> 2. Add a config in YarnConfiguration, which can allow some uses view any applications
he want.
> But he has not modify permissions. 
> In this way, the user can view all applications  but can not kill other users applications.
> Of the above two solutions, I will choose the second solution.
> It is low cost but is more useful.
> I will work on this, and upload the patch later.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: yarn-issues-help@hadoop.apache.org


Mime
View raw message