You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@spark.apache.org by Kostiantyn Kudriavtsev <ku...@gmail.com> on 2016/01/07 15:35:48 UTC
spark ui security
hi community,
do I understand correctly that spark.ui.filters property sets up filters only for jobui interface? is it any way to protect spark web ui in the same way?
Re: spark ui security
Posted by Kostiantyn Kudriavtsev <ku...@gmail.com>.
I know, but I need only to hide/protect web ui at least with servlet/filter api
On Jan 7, 2016, at 4:59 PM, Ted Yu <yu...@gmail.com> wrote:
> Without kerberos you don't have true security.
>
> Cheers
>
> On Thu, Jan 7, 2016 at 1:56 PM, Kostiantyn Kudriavtsev <ku...@gmail.com> wrote:
> can I do it without kerberos and hadoop?
> ideally using filters as for job UI
>
> On Jan 7, 2016, at 1:22 PM, Prem Sure <pr...@gmail.com> wrote:
>
>> you can refer more on https://searchcode.com/codesearch/view/97658783/
>> https://github.com/apache/spark/blob/master/core/src/main/scala/org/apache/spark/SecurityManager.scala
>>
>> spark.authenticate = true
>> spark.ui.acls.enable = true
>> spark.ui.view.acls = user1,user2
>> spark.ui.filters = org.apache.hadoop.security.authentication.server.AuthenticationFilter
>> spark.org.apache.hadoop.security.authentication.server.AuthenticationFilter.params="type=kerberos,kerberos.principal=HTTP/mybox@MYDOMAIN,kerberos.keytab=/some/keytab"
>>
>>
>>
>>
>> On Thu, Jan 7, 2016 at 10:35 AM, Kostiantyn Kudriavtsev <ku...@gmail.com> wrote:
>> I’m afraid I missed where this property must be specified? I added it to spark-xxx.conf which is basically configurable per job, so I assume to protect WebUI the different place must be used, isn’t it?
>>
>> On Jan 7, 2016, at 10:28 AM, Ted Yu <yu...@gmail.com> wrote:
>>
>>> According to https://spark.apache.org/docs/latest/security.html#web-ui , web UI is covered.
>>>
>>> FYI
>>>
>>> On Thu, Jan 7, 2016 at 6:35 AM, Kostiantyn Kudriavtsev <ku...@gmail.com> wrote:
>>> hi community,
>>>
>>> do I understand correctly that spark.ui.filters property sets up filters only for jobui interface? is it any way to protect spark web ui in the same way?
>>>
>>
>>
>
>
Re: spark ui security
Posted by Ted Yu <yu...@gmail.com>.
Without kerberos you don't have true security.
Cheers
On Thu, Jan 7, 2016 at 1:56 PM, Kostiantyn Kudriavtsev <
kudryavtsev.konstantin@gmail.com> wrote:
> can I do it without kerberos and hadoop?
> ideally using filters as for job UI
>
> On Jan 7, 2016, at 1:22 PM, Prem Sure <pr...@gmail.com> wrote:
>
> you can refer more on https://searchcode.com/codesearch/view/97658783/
>
> https://github.com/apache/spark/blob/master/core/src/main/scala/org/apache/spark/SecurityManager.scala
>
> spark.authenticate = true
> spark.ui.acls.enable = true
> spark.ui.view.acls = user1,user2
> spark.ui.filters =
> org.apache.hadoop.security.authentication.server.AuthenticationFilter
>
> spark.org.apache.hadoop.security.authentication.server.AuthenticationFilter.params="type=kerberos,kerberos.principal=HTTP/mybox@MYDOMAIN
> ,kerberos.keytab=/some/keytab"
>
>
>
>
> On Thu, Jan 7, 2016 at 10:35 AM, Kostiantyn Kudriavtsev <
> kudryavtsev.konstantin@gmail.com> wrote:
>
>> I’m afraid I missed where this property must be specified? I added it to
>> spark-xxx.conf which is basically configurable per job, so I assume to
>> protect WebUI the different place must be used, isn’t it?
>>
>> On Jan 7, 2016, at 10:28 AM, Ted Yu <yu...@gmail.com> wrote:
>>
>> According to https://spark.apache.org/docs/latest/security.html#web-ui ,
>> web UI is covered.
>>
>> FYI
>>
>> On Thu, Jan 7, 2016 at 6:35 AM, Kostiantyn Kudriavtsev <
>> kudryavtsev.konstantin@gmail.com> wrote:
>>
>>> hi community,
>>>
>>> do I understand correctly that spark.ui.filters property sets up
>>> filters only for jobui interface? is it any way to protect spark web ui in
>>> the same *way?*
>>>
>>
>>
>>
>
>
Re: spark ui security
Posted by Kostiantyn Kudriavtsev <ku...@gmail.com>.
can I do it without kerberos and hadoop?
ideally using filters as for job UI
On Jan 7, 2016, at 1:22 PM, Prem Sure <pr...@gmail.com> wrote:
> you can refer more on https://searchcode.com/codesearch/view/97658783/
> https://github.com/apache/spark/blob/master/core/src/main/scala/org/apache/spark/SecurityManager.scala
>
> spark.authenticate = true
> spark.ui.acls.enable = true
> spark.ui.view.acls = user1,user2
> spark.ui.filters = org.apache.hadoop.security.authentication.server.AuthenticationFilter
> spark.org.apache.hadoop.security.authentication.server.AuthenticationFilter.params="type=kerberos,kerberos.principal=HTTP/mybox@MYDOMAIN,kerberos.keytab=/some/keytab"
>
>
>
>
> On Thu, Jan 7, 2016 at 10:35 AM, Kostiantyn Kudriavtsev <ku...@gmail.com> wrote:
> I’m afraid I missed where this property must be specified? I added it to spark-xxx.conf which is basically configurable per job, so I assume to protect WebUI the different place must be used, isn’t it?
>
> On Jan 7, 2016, at 10:28 AM, Ted Yu <yu...@gmail.com> wrote:
>
>> According to https://spark.apache.org/docs/latest/security.html#web-ui , web UI is covered.
>>
>> FYI
>>
>> On Thu, Jan 7, 2016 at 6:35 AM, Kostiantyn Kudriavtsev <ku...@gmail.com> wrote:
>> hi community,
>>
>> do I understand correctly that spark.ui.filters property sets up filters only for jobui interface? is it any way to protect spark web ui in the same way?
>>
>
>
Re: spark ui security
Posted by Prem Sure <pr...@gmail.com>.
you can refer more on https://searchcode.com/codesearch/view/97658783/
https://github.com/apache/spark/blob/master/core/src/main/scala/org/apache/spark/SecurityManager.scala
spark.authenticate = true
spark.ui.acls.enable = true
spark.ui.view.acls = user1,user2
spark.ui.filters =
org.apache.hadoop.security.authentication.server.AuthenticationFilter
spark.org.apache.hadoop.security.authentication.server.AuthenticationFilter.params="type=kerberos,kerberos.principal=HTTP/mybox@MYDOMAIN
,kerberos.keytab=/some/keytab"
On Thu, Jan 7, 2016 at 10:35 AM, Kostiantyn Kudriavtsev <
kudryavtsev.konstantin@gmail.com> wrote:
> I’m afraid I missed where this property must be specified? I added it to
> spark-xxx.conf which is basically configurable per job, so I assume to
> protect WebUI the different place must be used, isn’t it?
>
> On Jan 7, 2016, at 10:28 AM, Ted Yu <yu...@gmail.com> wrote:
>
> According to https://spark.apache.org/docs/latest/security.html#web-ui ,
> web UI is covered.
>
> FYI
>
> On Thu, Jan 7, 2016 at 6:35 AM, Kostiantyn Kudriavtsev <
> kudryavtsev.konstantin@gmail.com> wrote:
>
>> hi community,
>>
>> do I understand correctly that spark.ui.filters property sets up filters
>> only for jobui interface? is it any way to protect spark web ui in the same
>> *way?*
>>
>
>
>
Re: spark ui security
Posted by Kostiantyn Kudriavtsev <ku...@gmail.com>.
I’m afraid I missed where this property must be specified? I added it to spark-xxx.conf which is basically configurable per job, so I assume to protect WebUI the different place must be used, isn’t it?
On Jan 7, 2016, at 10:28 AM, Ted Yu <yu...@gmail.com> wrote:
> According to https://spark.apache.org/docs/latest/security.html#web-ui , web UI is covered.
>
> FYI
>
> On Thu, Jan 7, 2016 at 6:35 AM, Kostiantyn Kudriavtsev <ku...@gmail.com> wrote:
> hi community,
>
> do I understand correctly that spark.ui.filters property sets up filters only for jobui interface? is it any way to protect spark web ui in the same way?
>
Re: spark ui security
Posted by Ted Yu <yu...@gmail.com>.
According to https://spark.apache.org/docs/latest/security.html#web-ui ,
web UI is covered.
FYI
On Thu, Jan 7, 2016 at 6:35 AM, Kostiantyn Kudriavtsev <
kudryavtsev.konstantin@gmail.com> wrote:
> hi community,
>
> do I understand correctly that spark.ui.filters property sets up filters
> only for jobui interface? is it any way to protect spark web ui in the same
> *way?*
>