You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@oozie.apache.org by "Peter Bacsko (JIRA)" <ji...@apache.org> on 2017/06/01 14:23:04 UTC

[jira] [Updated] (OOZIE-2897) LauncherAM should support ACLs

     [ https://issues.apache.org/jira/browse/OOZIE-2897?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Peter Bacsko updated OOZIE-2897:
--------------------------------
    Description: 
In MapReduce, you can define properties like:

{noformat}
mapreduce.job.acl-view-job
mapreduce.job.acl-modify-job
{noformat}

{{acl-view-job}} defines a list of users/groups who can retrieve the job statistics. {{acl-modify-job}} defines a list of users/groups who can kill a job or adjust the priority of it.

In YARN, we can provide backward compatibility for these properties. Example code:

{code}
Map<ApplicationAccessType, String> acls = new HashMap<ApplicationAccessType, String>();
acls.put(ApplicationAccessType.MODIFY_APP, "*");
acls.put(ApplicationAccessType.VIEW_APP, "*");
amContainer.setApplicationACLs(acls);
{code}

This has to be done before application submission. We have to open {{mapred-site.xml}} and check if {{mapred.acls.enabled}} is true. If so, then read the values of view-job/modify-job and configure the launcher context as described above.

> LauncherAM should support ACLs
> ------------------------------
>
>                 Key: OOZIE-2897
>                 URL: https://issues.apache.org/jira/browse/OOZIE-2897
>             Project: Oozie
>          Issue Type: Sub-task
>            Reporter: Peter Bacsko
>
> In MapReduce, you can define properties like:
> {noformat}
> mapreduce.job.acl-view-job
> mapreduce.job.acl-modify-job
> {noformat}
> {{acl-view-job}} defines a list of users/groups who can retrieve the job statistics. {{acl-modify-job}} defines a list of users/groups who can kill a job or adjust the priority of it.
> In YARN, we can provide backward compatibility for these properties. Example code:
> {code}
> Map<ApplicationAccessType, String> acls = new HashMap<ApplicationAccessType, String>();
> acls.put(ApplicationAccessType.MODIFY_APP, "*");
> acls.put(ApplicationAccessType.VIEW_APP, "*");
> amContainer.setApplicationACLs(acls);
> {code}
> This has to be done before application submission. We have to open {{mapred-site.xml}} and check if {{mapred.acls.enabled}} is true. If so, then read the values of view-job/modify-job and configure the launcher context as described above.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)