You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@oozie.apache.org by "Peter Bacsko (JIRA)" <ji...@apache.org> on 2017/06/01 14:23:04 UTC
[jira] [Updated] (OOZIE-2897) LauncherAM should support ACLs
[ https://issues.apache.org/jira/browse/OOZIE-2897?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Peter Bacsko updated OOZIE-2897:
--------------------------------
Description:
In MapReduce, you can define properties like:
{noformat}
mapreduce.job.acl-view-job
mapreduce.job.acl-modify-job
{noformat}
{{acl-view-job}} defines a list of users/groups who can retrieve the job statistics. {{acl-modify-job}} defines a list of users/groups who can kill a job or adjust the priority of it.
In YARN, we can provide backward compatibility for these properties. Example code:
{code}
Map<ApplicationAccessType, String> acls = new HashMap<ApplicationAccessType, String>();
acls.put(ApplicationAccessType.MODIFY_APP, "*");
acls.put(ApplicationAccessType.VIEW_APP, "*");
amContainer.setApplicationACLs(acls);
{code}
This has to be done before application submission. We have to open {{mapred-site.xml}} and check if {{mapred.acls.enabled}} is true. If so, then read the values of view-job/modify-job and configure the launcher context as described above.
> LauncherAM should support ACLs
> ------------------------------
>
> Key: OOZIE-2897
> URL: https://issues.apache.org/jira/browse/OOZIE-2897
> Project: Oozie
> Issue Type: Sub-task
> Reporter: Peter Bacsko
>
> In MapReduce, you can define properties like:
> {noformat}
> mapreduce.job.acl-view-job
> mapreduce.job.acl-modify-job
> {noformat}
> {{acl-view-job}} defines a list of users/groups who can retrieve the job statistics. {{acl-modify-job}} defines a list of users/groups who can kill a job or adjust the priority of it.
> In YARN, we can provide backward compatibility for these properties. Example code:
> {code}
> Map<ApplicationAccessType, String> acls = new HashMap<ApplicationAccessType, String>();
> acls.put(ApplicationAccessType.MODIFY_APP, "*");
> acls.put(ApplicationAccessType.VIEW_APP, "*");
> amContainer.setApplicationACLs(acls);
> {code}
> This has to be done before application submission. We have to open {{mapred-site.xml}} and check if {{mapred.acls.enabled}} is true. If so, then read the values of view-job/modify-job and configure the launcher context as described above.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)