You are viewing a plain text version of this content. The canonical link for it is here.
Posted to yarn-issues@hadoop.apache.org by "Tao Jie (JIRA)" <ji...@apache.org> on 2016/09/01 02:53:20 UTC

[jira] [Commented] (YARN-4997) Update fair scheduler to use pluggable auth provider

    [ https://issues.apache.org/jira/browse/YARN-4997?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15454117#comment-15454117 ] 

Tao Jie commented on YARN-4997:
-------------------------------

Thank you for your comments, [~kasha].
{quote}
Noticed there is QueueACL is mapreduce code as well that can be dropped altogether? e.g. mapred QueueManager, many parts (all of?) QueueACL etc. Can we file a follow-up JIRA to drop all of that?
{quote}
I am not sure if such code in mapred.QueueMananger still works today. I prefer to clean up those mapreduce code in another JIRA.
{quote} 
onReload: Is there a need to lock the scheduler when setting permissions? Would it be okay to limit the synchronized block to whatever was synchronized before?
{quote}
Have disscussed with [~templedf], synchronized block added here is to avoid findbugs warning. Actually I will be glad to remove redundant lock here.
{quote}
In setQueueAcls, we seem to initially set to default permissions and then "overwrite" it with final permissions. Is the first one necessary? I quickly looked at implementation of ConfiguredAuthorizationProvider, setPermission's semantics appear to be somewhere between append and overwrite. If it is append, may be we should change that name to addPermission?
{quote}
I also feel a little confused about semantics of {{setPermission}}. However this abstract method is introduced by YARN-3100, and I'm not sure {{setPermission}} has implemented in Ranger or Sentry. I prefer to keep {{setPermission}} here as CapacityScheduler does to keep compatibility. Maybe we could refactor it in another JIRA, (maybe could separate {{setPermission}} to {{setPermission}}, {{addPermission}}, {{removePermission}}, {{clearPermission}}). Does it make sense?
And I will update this patch soon.

> Update fair scheduler to use pluggable auth provider
> ----------------------------------------------------
>
>                 Key: YARN-4997
>                 URL: https://issues.apache.org/jira/browse/YARN-4997
>             Project: Hadoop YARN
>          Issue Type: Improvement
>          Components: fairscheduler
>    Affects Versions: 2.8.0
>            Reporter: Daniel Templeton
>            Assignee: Tao Jie
>         Attachments: YARN-4997-001.patch, YARN-4997-002.patch, YARN-4997-003.patch, YARN-4997-004.patch, YARN-4997-005.patch, YARN-4997-006.patch, YARN-4997-007.patch
>
>
> Now that YARN-3100 has made the authorization pluggable, it should be supported by the fair scheduler.  YARN-3100 only updated the capacity scheduler.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: yarn-issues-help@hadoop.apache.org