You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-dev@hadoop.apache.org by "Aroop Maliakkal (JIRA)" <ji...@apache.org> on 2009/03/13 05:46:50 UTC
[jira] Created: (HADOOP-5485) Authorisation machanism required for
acceesing jobtracker url :- jobtracker.com:port/scheduler
Authorisation machanism required for acceesing jobtracker url :- jobtracker.com:port/scheduler
----------------------------------------------------------------------------------------------
Key: HADOOP-5485
URL: https://issues.apache.org/jira/browse/HADOOP-5485
Project: Hadoop Core
Issue Type: Improvement
Components: contrib/fair-share
Affects Versions: 0.20.0
Reporter: Aroop Maliakkal
FS scheduler should have some mechanism to authorize people who can access the advanced scheduler url http://jobtracker.com:port/scheduler . In large clusters , which has hundreds of users, any user can access the url now and change the priority of his/her runing job. We don't want the users to change the job priority. So we should restrcit users accessing the link and only admins should have access to the link.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (HADOOP-5485) Authorisation machanism required
for acceesing jobtracker url :- jobtracker.com:port/scheduler
Posted by "Hemanth Yamijala (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-5485?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12697015#action_12697015 ]
Hemanth Yamijala commented on HADOOP-5485:
------------------------------------------
The changes look fine. One minor nit is that a new configuration object is being created here, which i think is unnecessary. I have two solutions:
- We can use the conf object via the JSPUtil class - we could even have a arePrivateActionsAllowed kind of method maybe.. or just a simple accessor for the conf
- The other option is to read this particular value, cache it and discard the conf.
> Authorisation machanism required for acceesing jobtracker url :- jobtracker.com:port/scheduler
> ----------------------------------------------------------------------------------------------
>
> Key: HADOOP-5485
> URL: https://issues.apache.org/jira/browse/HADOOP-5485
> Project: Hadoop Core
> Issue Type: Improvement
> Components: contrib/fair-share
> Affects Versions: 0.20.0
> Reporter: Aroop Maliakkal
> Assignee: Vinod K V
> Attachments: HADOOP-5485.txt
>
>
> FS scheduler should have some mechanism to authorize people who can access the advanced scheduler url http://jobtracker.com:port/scheduler . In large clusters , which has hundreds of users, any user can access the url now and change the priority of his/her runing job. We don't want the users to change the job priority. So we should restrcit users accessing the link and only admins should have access to the link.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (HADOOP-5485) Authorisation machanism required
for acceesing jobtracker url :- jobtracker.com:port/scheduler
Posted by "rahul k singh (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-5485?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12695245#action_12695245 ]
rahul k singh commented on HADOOP-5485:
---------------------------------------
looked at the code and web ui.
+1
> Authorisation machanism required for acceesing jobtracker url :- jobtracker.com:port/scheduler
> ----------------------------------------------------------------------------------------------
>
> Key: HADOOP-5485
> URL: https://issues.apache.org/jira/browse/HADOOP-5485
> Project: Hadoop Core
> Issue Type: Improvement
> Components: contrib/fair-share
> Affects Versions: 0.20.0
> Reporter: Aroop Maliakkal
> Assignee: Vinod K V
> Attachments: HADOOP-5485.txt
>
>
> FS scheduler should have some mechanism to authorize people who can access the advanced scheduler url http://jobtracker.com:port/scheduler . In large clusters , which has hundreds of users, any user can access the url now and change the priority of his/her runing job. We don't want the users to change the job priority. So we should restrcit users accessing the link and only admins should have access to the link.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Assigned: (HADOOP-5485) Authorisation machanism required for
acceesing jobtracker url :- jobtracker.com:port/scheduler
Posted by "Vinod K V (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-5485?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Vinod K V reassigned HADOOP-5485:
---------------------------------
Assignee: Vinod K V
> Authorisation machanism required for acceesing jobtracker url :- jobtracker.com:port/scheduler
> ----------------------------------------------------------------------------------------------
>
> Key: HADOOP-5485
> URL: https://issues.apache.org/jira/browse/HADOOP-5485
> Project: Hadoop Core
> Issue Type: Improvement
> Components: contrib/fair-share
> Affects Versions: 0.20.0
> Reporter: Aroop Maliakkal
> Assignee: Vinod K V
>
> FS scheduler should have some mechanism to authorize people who can access the advanced scheduler url http://jobtracker.com:port/scheduler . In large clusters , which has hundreds of users, any user can access the url now and change the priority of his/her runing job. We don't want the users to change the job priority. So we should restrcit users accessing the link and only admins should have access to the link.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (HADOOP-5485) Authorisation machanism required
for acceesing jobtracker url :- jobtracker.com:port/scheduler
Posted by "Hemanth Yamijala (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-5485?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12698190#action_12698190 ]
Hemanth Yamijala commented on HADOOP-5485:
------------------------------------------
Actually, never mind. Searching through references of JspUtil, I found that all references are only in the new code or in existing JSPs which are not tested right now. So, I will hazard a guess that the test failures are unrelated and commit.
> Authorisation machanism required for acceesing jobtracker url :- jobtracker.com:port/scheduler
> ----------------------------------------------------------------------------------------------
>
> Key: HADOOP-5485
> URL: https://issues.apache.org/jira/browse/HADOOP-5485
> Project: Hadoop Core
> Issue Type: Improvement
> Components: contrib/fair-share
> Affects Versions: 0.20.0
> Reporter: Aroop Maliakkal
> Assignee: Vinod K V
> Attachments: HADOOP-5485.1.txt, HADOOP-5485.txt
>
>
> FS scheduler should have some mechanism to authorize people who can access the advanced scheduler url http://jobtracker.com:port/scheduler . In large clusters , which has hundreds of users, any user can access the url now and change the priority of his/her runing job. We don't want the users to change the job priority. So we should restrcit users accessing the link and only admins should have access to the link.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (HADOOP-5485) Authorisation machanism required
for acceesing jobtracker url :- jobtracker.com:port/scheduler
Posted by "Hemanth Yamijala (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-5485?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12683878#action_12683878 ]
Hemanth Yamijala commented on HADOOP-5485:
------------------------------------------
There are two approaches I can think of.
In the short term, I think webinterface.private.actions should be checked and actions disabled in the web page. This is what the standard Hadoop JSPs do.
In the longer term, we may want to unify the UI as per HADOOP-4712.
Matei, the admin changes to job priorities via command line can be controlled by setting up ACLs, and is the way we are using here.
> Authorisation machanism required for acceesing jobtracker url :- jobtracker.com:port/scheduler
> ----------------------------------------------------------------------------------------------
>
> Key: HADOOP-5485
> URL: https://issues.apache.org/jira/browse/HADOOP-5485
> Project: Hadoop Core
> Issue Type: Improvement
> Components: contrib/fair-share
> Affects Versions: 0.20.0
> Reporter: Aroop Maliakkal
>
> FS scheduler should have some mechanism to authorize people who can access the advanced scheduler url http://jobtracker.com:port/scheduler . In large clusters , which has hundreds of users, any user can access the url now and change the priority of his/her runing job. We don't want the users to change the job priority. So we should restrcit users accessing the link and only admins should have access to the link.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (HADOOP-5485) Authorisation machanism required
for acceesing jobtracker url :- jobtracker.com:port/scheduler
Posted by "Hadoop QA (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-5485?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12697576#action_12697576 ]
Hadoop QA commented on HADOOP-5485:
-----------------------------------
-1 overall. Here are the results of testing the latest attachment
http://issues.apache.org/jira/secure/attachment/12405053/HADOOP-5485.1.txt
against trunk revision 763502.
+1 @author. The patch does not contain any @author tags.
-1 tests included. The patch doesn't appear to include any new or modified tests.
Please justify why no tests are needed for this patch.
+1 javadoc. The javadoc tool did not generate any warning messages.
+1 javac. The applied patch does not increase the total number of javac compiler warnings.
+1 findbugs. The patch does not introduce any new Findbugs warnings.
+1 Eclipse classpath. The patch retains Eclipse classpath integrity.
+1 release audit. The applied patch does not increase the total number of release audit warnings.
-1 core tests. The patch failed core unit tests.
-1 contrib tests. The patch failed contrib unit tests.
Test results: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-vesta.apache.org/172/testReport/
Findbugs warnings: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-vesta.apache.org/172/artifact/trunk/build/test/findbugs/newPatchFindbugsWarnings.html
Checkstyle results: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-vesta.apache.org/172/artifact/trunk/build/test/checkstyle-errors.html
Console output: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-vesta.apache.org/172/console
This message is automatically generated.
> Authorisation machanism required for acceesing jobtracker url :- jobtracker.com:port/scheduler
> ----------------------------------------------------------------------------------------------
>
> Key: HADOOP-5485
> URL: https://issues.apache.org/jira/browse/HADOOP-5485
> Project: Hadoop Core
> Issue Type: Improvement
> Components: contrib/fair-share
> Affects Versions: 0.20.0
> Reporter: Aroop Maliakkal
> Assignee: Vinod K V
> Attachments: HADOOP-5485.1.txt, HADOOP-5485.txt
>
>
> FS scheduler should have some mechanism to authorize people who can access the advanced scheduler url http://jobtracker.com:port/scheduler . In large clusters , which has hundreds of users, any user can access the url now and change the priority of his/her runing job. We don't want the users to change the job priority. So we should restrcit users accessing the link and only admins should have access to the link.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (HADOOP-5485) Authorisation machanism required for
acceesing jobtracker url :- jobtracker.com:port/scheduler
Posted by "Vinod K V (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-5485?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Vinod K V updated HADOOP-5485:
------------------------------
Status: Patch Available (was: Open)
Pushing to Hudson.
Matei, do the changes look ok to you? In summary, this patch uses webinterface.private.actions for 1) disabling changes to priority/pool from the scheduler servlet and 2) disabling the feature of changing scheduling mode(fair-share to FIFO and vice-versa) from the UI.
> Authorisation machanism required for acceesing jobtracker url :- jobtracker.com:port/scheduler
> ----------------------------------------------------------------------------------------------
>
> Key: HADOOP-5485
> URL: https://issues.apache.org/jira/browse/HADOOP-5485
> Project: Hadoop Core
> Issue Type: Improvement
> Components: contrib/fair-share
> Affects Versions: 0.20.0
> Reporter: Aroop Maliakkal
> Assignee: Vinod K V
> Attachments: HADOOP-5485.txt
>
>
> FS scheduler should have some mechanism to authorize people who can access the advanced scheduler url http://jobtracker.com:port/scheduler . In large clusters , which has hundreds of users, any user can access the url now and change the priority of his/her runing job. We don't want the users to change the job priority. So we should restrcit users accessing the link and only admins should have access to the link.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (HADOOP-5485) Authorisation machanism required
for acceesing jobtracker url :- jobtracker.com:port/scheduler
Posted by "Hudson (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-5485?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12700728#action_12700728 ]
Hudson commented on HADOOP-5485:
--------------------------------
Integrated in Hadoop-trunk #811 (See [http://hudson.zones.apache.org/hudson/job/Hadoop-trunk/811/])
> Authorisation machanism required for acceesing jobtracker url :- jobtracker.com:port/scheduler
> ----------------------------------------------------------------------------------------------
>
> Key: HADOOP-5485
> URL: https://issues.apache.org/jira/browse/HADOOP-5485
> Project: Hadoop Core
> Issue Type: Improvement
> Components: contrib/fair-share
> Affects Versions: 0.20.0
> Reporter: Aroop Maliakkal
> Assignee: Vinod K V
> Fix For: 0.21.0
>
> Attachments: HADOOP-5485.1.txt, HADOOP-5485.txt
>
>
> FS scheduler should have some mechanism to authorize people who can access the advanced scheduler url http://jobtracker.com:port/scheduler . In large clusters , which has hundreds of users, any user can access the url now and change the priority of his/her runing job. We don't want the users to change the job priority. So we should restrcit users accessing the link and only admins should have access to the link.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (HADOOP-5485) Authorisation machanism required for
acceesing jobtracker url :- jobtracker.com:port/scheduler
Posted by "Hemanth Yamijala (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-5485?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Hemanth Yamijala updated HADOOP-5485:
-------------------------------------
Release Note: Added ability to mask actions on the fair scheduler's servlet page based on the value of the webinterface.private.actions config parameter. Setting this value to false will disable changing pools and priorities from the scheduler's servlet page.
Hadoop Flags: [Incompatible change, Reviewed] (was: [Reviewed])
Marking this an incompatible change, so that it gets attention. Also, setting webinterface.private.actions has other effects like enabling the 'kill job' and 'kill task' links on the Job web UI.
> Authorisation machanism required for acceesing jobtracker url :- jobtracker.com:port/scheduler
> ----------------------------------------------------------------------------------------------
>
> Key: HADOOP-5485
> URL: https://issues.apache.org/jira/browse/HADOOP-5485
> Project: Hadoop Core
> Issue Type: Improvement
> Components: contrib/fair-share
> Affects Versions: 0.20.0
> Reporter: Aroop Maliakkal
> Assignee: Vinod K V
> Fix For: 0.21.0
>
> Attachments: HADOOP-5485.1.txt, HADOOP-5485.txt
>
>
> FS scheduler should have some mechanism to authorize people who can access the advanced scheduler url http://jobtracker.com:port/scheduler . In large clusters , which has hundreds of users, any user can access the url now and change the priority of his/her runing job. We don't want the users to change the job priority. So we should restrcit users accessing the link and only admins should have access to the link.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (HADOOP-5485) Authorisation machanism required for
acceesing jobtracker url :- jobtracker.com:port/scheduler
Posted by "Vinod K V (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-5485?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Vinod K V updated HADOOP-5485:
------------------------------
Attachment: HADOOP-5485.txt
Attaching patch to use webinterface.private.actions for disabling changes to priority/pool from the scheduler servlet. The patch also disables changes to the scheduling mode from the UI. The only nit is that this makes it impossible to change scheduling mode even by admins if webinterface.private.actions is disabled.
> Authorisation machanism required for acceesing jobtracker url :- jobtracker.com:port/scheduler
> ----------------------------------------------------------------------------------------------
>
> Key: HADOOP-5485
> URL: https://issues.apache.org/jira/browse/HADOOP-5485
> Project: Hadoop Core
> Issue Type: Improvement
> Components: contrib/fair-share
> Affects Versions: 0.20.0
> Reporter: Aroop Maliakkal
> Assignee: Vinod K V
> Attachments: HADOOP-5485.txt
>
>
> FS scheduler should have some mechanism to authorize people who can access the advanced scheduler url http://jobtracker.com:port/scheduler . In large clusters , which has hundreds of users, any user can access the url now and change the priority of his/her runing job. We don't want the users to change the job priority. So we should restrcit users accessing the link and only admins should have access to the link.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (HADOOP-5485) Authorisation machanism required for
acceesing jobtracker url :- jobtracker.com:port/scheduler
Posted by "Vinod K V (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-5485?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Vinod K V updated HADOOP-5485:
------------------------------
Attachment: HADOOP-5485.1.txt
Attaching a new patch incorporating the above comments. Added a new method in JSPUtil
{code}boolean privateActionsAllowed(){code}
> Authorisation machanism required for acceesing jobtracker url :- jobtracker.com:port/scheduler
> ----------------------------------------------------------------------------------------------
>
> Key: HADOOP-5485
> URL: https://issues.apache.org/jira/browse/HADOOP-5485
> Project: Hadoop Core
> Issue Type: Improvement
> Components: contrib/fair-share
> Affects Versions: 0.20.0
> Reporter: Aroop Maliakkal
> Assignee: Vinod K V
> Attachments: HADOOP-5485.1.txt, HADOOP-5485.txt
>
>
> FS scheduler should have some mechanism to authorize people who can access the advanced scheduler url http://jobtracker.com:port/scheduler . In large clusters , which has hundreds of users, any user can access the url now and change the priority of his/her runing job. We don't want the users to change the job priority. So we should restrcit users accessing the link and only admins should have access to the link.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (HADOOP-5485) Authorisation machanism required for
acceesing jobtracker url :- jobtracker.com:port/scheduler
Posted by "Hemanth Yamijala (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-5485?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Hemanth Yamijala updated HADOOP-5485:
-------------------------------------
Resolution: Fixed
Fix Version/s: 0.21.0
Hadoop Flags: [Reviewed]
Status: Resolved (was: Patch Available)
I just committed this. Thanks, Vinod !
Note that since the default value of webinterface.private.actions is false, this might appear like an incompatible interface change for the fair-scheduler servlet UI. But setting this value to true in the cluster's mapred-site.xml will get back the original behavior.
> Authorisation machanism required for acceesing jobtracker url :- jobtracker.com:port/scheduler
> ----------------------------------------------------------------------------------------------
>
> Key: HADOOP-5485
> URL: https://issues.apache.org/jira/browse/HADOOP-5485
> Project: Hadoop Core
> Issue Type: Improvement
> Components: contrib/fair-share
> Affects Versions: 0.20.0
> Reporter: Aroop Maliakkal
> Assignee: Vinod K V
> Fix For: 0.21.0
>
> Attachments: HADOOP-5485.1.txt, HADOOP-5485.txt
>
>
> FS scheduler should have some mechanism to authorize people who can access the advanced scheduler url http://jobtracker.com:port/scheduler . In large clusters , which has hundreds of users, any user can access the url now and change the priority of his/her runing job. We don't want the users to change the job priority. So we should restrcit users accessing the link and only admins should have access to the link.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (HADOOP-5485) Authorisation machanism required for
acceesing jobtracker url :- jobtracker.com:port/scheduler
Posted by "Vinod K V (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-5485?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Vinod K V updated HADOOP-5485:
------------------------------
Status: Patch Available (was: Open)
> Authorisation machanism required for acceesing jobtracker url :- jobtracker.com:port/scheduler
> ----------------------------------------------------------------------------------------------
>
> Key: HADOOP-5485
> URL: https://issues.apache.org/jira/browse/HADOOP-5485
> Project: Hadoop Core
> Issue Type: Improvement
> Components: contrib/fair-share
> Affects Versions: 0.20.0
> Reporter: Aroop Maliakkal
> Assignee: Vinod K V
> Attachments: HADOOP-5485.1.txt, HADOOP-5485.txt
>
>
> FS scheduler should have some mechanism to authorize people who can access the advanced scheduler url http://jobtracker.com:port/scheduler . In large clusters , which has hundreds of users, any user can access the url now and change the priority of his/her runing job. We don't want the users to change the job priority. So we should restrcit users accessing the link and only admins should have access to the link.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (HADOOP-5485) Authorisation machanism required
for acceesing jobtracker url :- jobtracker.com:port/scheduler
Posted by "Hadoop QA (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-5485?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12696296#action_12696296 ]
Hadoop QA commented on HADOOP-5485:
-----------------------------------
-1 overall. Here are the results of testing the latest attachment
http://issues.apache.org/jira/secure/attachment/12403425/HADOOP-5485.txt
against trunk revision 762216.
+1 @author. The patch does not contain any @author tags.
-1 tests included. The patch doesn't appear to include any new or modified tests.
Please justify why no tests are needed for this patch.
+1 javadoc. The javadoc tool did not generate any warning messages.
+1 javac. The applied patch does not increase the total number of javac compiler warnings.
+1 findbugs. The patch does not introduce any new Findbugs warnings.
+1 Eclipse classpath. The patch retains Eclipse classpath integrity.
+1 release audit. The applied patch does not increase the total number of release audit warnings.
+1 core tests. The patch passed core unit tests.
+1 contrib tests. The patch passed contrib unit tests.
Test results: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-vesta.apache.org/155/testReport/
Findbugs warnings: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-vesta.apache.org/155/artifact/trunk/build/test/findbugs/newPatchFindbugsWarnings.html
Checkstyle results: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-vesta.apache.org/155/artifact/trunk/build/test/checkstyle-errors.html
Console output: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-vesta.apache.org/155/console
This message is automatically generated.
> Authorisation machanism required for acceesing jobtracker url :- jobtracker.com:port/scheduler
> ----------------------------------------------------------------------------------------------
>
> Key: HADOOP-5485
> URL: https://issues.apache.org/jira/browse/HADOOP-5485
> Project: Hadoop Core
> Issue Type: Improvement
> Components: contrib/fair-share
> Affects Versions: 0.20.0
> Reporter: Aroop Maliakkal
> Assignee: Vinod K V
> Attachments: HADOOP-5485.txt
>
>
> FS scheduler should have some mechanism to authorize people who can access the advanced scheduler url http://jobtracker.com:port/scheduler . In large clusters , which has hundreds of users, any user can access the url now and change the priority of his/her runing job. We don't want the users to change the job priority. So we should restrcit users accessing the link and only admins should have access to the link.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (HADOOP-5485) Authorisation machanism required
for acceesing jobtracker url :- jobtracker.com:port/scheduler
Posted by "Matei Zaharia (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-5485?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12683690#action_12683690 ]
Matei Zaharia commented on HADOOP-5485:
---------------------------------------
As another option, we can have a config parameter for disabling updates through this UI. Admins can still change job priorities through the standard command line.
> Authorisation machanism required for acceesing jobtracker url :- jobtracker.com:port/scheduler
> ----------------------------------------------------------------------------------------------
>
> Key: HADOOP-5485
> URL: https://issues.apache.org/jira/browse/HADOOP-5485
> Project: Hadoop Core
> Issue Type: Improvement
> Components: contrib/fair-share
> Affects Versions: 0.20.0
> Reporter: Aroop Maliakkal
>
> FS scheduler should have some mechanism to authorize people who can access the advanced scheduler url http://jobtracker.com:port/scheduler . In large clusters , which has hundreds of users, any user can access the url now and change the priority of his/her runing job. We don't want the users to change the job priority. So we should restrcit users accessing the link and only admins should have access to the link.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (HADOOP-5485) Authorisation machanism required for
acceesing jobtracker url :- jobtracker.com:port/scheduler
Posted by "Vinod K V (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-5485?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Vinod K V updated HADOOP-5485:
------------------------------
Status: Open (was: Patch Available)
> Authorisation machanism required for acceesing jobtracker url :- jobtracker.com:port/scheduler
> ----------------------------------------------------------------------------------------------
>
> Key: HADOOP-5485
> URL: https://issues.apache.org/jira/browse/HADOOP-5485
> Project: Hadoop Core
> Issue Type: Improvement
> Components: contrib/fair-share
> Affects Versions: 0.20.0
> Reporter: Aroop Maliakkal
> Assignee: Vinod K V
> Attachments: HADOOP-5485.txt
>
>
> FS scheduler should have some mechanism to authorize people who can access the advanced scheduler url http://jobtracker.com:port/scheduler . In large clusters , which has hundreds of users, any user can access the url now and change the priority of his/her runing job. We don't want the users to change the job priority. So we should restrcit users accessing the link and only admins should have access to the link.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (HADOOP-5485) Authorisation machanism required
for acceesing jobtracker url :- jobtracker.com:port/scheduler
Posted by "Hemanth Yamijala (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-5485?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12698189#action_12698189 ]
Hemanth Yamijala commented on HADOOP-5485:
------------------------------------------
Code changes look fine to me. Can you please verify the test failures are unrelated ? Unfortunately, I can't get the results from the link mentioned above. This may mean we need to run the tests manually.
> Authorisation machanism required for acceesing jobtracker url :- jobtracker.com:port/scheduler
> ----------------------------------------------------------------------------------------------
>
> Key: HADOOP-5485
> URL: https://issues.apache.org/jira/browse/HADOOP-5485
> Project: Hadoop Core
> Issue Type: Improvement
> Components: contrib/fair-share
> Affects Versions: 0.20.0
> Reporter: Aroop Maliakkal
> Assignee: Vinod K V
> Attachments: HADOOP-5485.1.txt, HADOOP-5485.txt
>
>
> FS scheduler should have some mechanism to authorize people who can access the advanced scheduler url http://jobtracker.com:port/scheduler . In large clusters , which has hundreds of users, any user can access the url now and change the priority of his/her runing job. We don't want the users to change the job priority. So we should restrcit users accessing the link and only admins should have access to the link.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.