You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-user@hadoop.apache.org by Juan Carlos <jc...@cediant.es> on 2014/02/20 10:58:40 UTC
Service Level Authorization
Where could I find some information about ACL? I only could find the
available in
http://hadoop.apache.org/docs/r2.2.0/hadoop-project-dist/hadoop-common/ServiceLevelAuth.html,
which isn't so detailed.
Regards
Juan Carlos Fernández Rodríguez
Consultor Tecnológico
Telf: +34918105294
Móvil: +34639311788
CEDIANT
Centro para el Desarrollo, Investigación y Aplicación de Nuevas Tecnologías
HPC Business Solutions
********************* AVISO LEGAL *********************
Este mensaje es solamente para la persona a la que va dirigido. Puede
contener información confidencial o legalmente protegida. No hay renuncia a
la confidencialidad o privilegio por cualquier transmisión mala/errónea. Si
usted ha recibido este mensaje por error,le rogamos que borre de su sistema
inmediatamente el mensaje asi como todas sus copias, destruya todas las
copias del mismo de su disco duro y notifique al remitente. No debe,
directa o indirectamente, usar, revelar, distribuir, imprimir o copiar
ninguna de las partes de este mensaje si no es usted el destinatario.
Cualquier opinión expresada en este mensaje proviene del remitente, excepto
cuando el mensaje establezca lo contrario y el remitente esté autorizado
para establecer que dichas opiniones provienen de 'CEDIANT'. Nótese que el
correo electrónico vía Internet no permite asegurar ni la confidencialidad
de los mensajes que se transmiten ni la correcta recepción de los mismos.
En el caso de que el destinatario de este mensaje no consintiera la
utilización del correo electrónico vía Internet, rogamos lo ponga en
nuestro conocimiento de manera inmediata.
********************* DISCLAIMER *********************
This message is intended exclusively for the named person. It may contain
confidential, propietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission. If
you receive this message in error, please immediately delete it and all
copies of it from your system, destroy any hard copies of it an notify the
sender. Your must not, directly or indirectly, use, disclose, distribute,
print, or copy any part of this message if you are not the intended
recipient. Any views expressed in this message are those of the individual
sender, except where the message states otherwise and the sender is
authorised to state them to be the views of 'CEDIANT'. Please note that
internet e-mail neither guarantees the confidentiality nor the proper
receipt of the message sent. If the addressee of this message does not
consent to the use of internet e-mail, please communicate it to us
immediately.
Re: Service Level Authorization
Posted by Juan Carlos <ju...@gmail.com>.
Thanks Alex, my path to the queue was a mistake when I was testing
configurations and was unable to make work ACLs. My major problem was
about mapreduce.cluster.administrators
parameters. I didn't know anything about this parameter, I have been
looking for it in
http://hadoop.apache.org/docs/stable/hadoop-mapreduce-client/hadoop-mapreduce-client-core/mapred-default.xmlbut
it is missing there.
Thanks for your help, it worked as soon as I set that property to my hadoop
admin group.
2014-02-20 17:38 GMT+01:00 Alex Nastetsky <an...@spryinc.com>:
> If your test1 queue is under test queue, then you have to specify the path
> in the same way:
>
> yarn.scheduler.capacity.root.test.test1.acl_submit_applications (you are
> missing the "test")
>
> Also, if your "hadoop" user is a member of user group "hadoop", that is
> the default value of the mapreduce.cluster.administrators in
> mapred-site.xml. Users of that group can submit jobs to and administer all
> queues.
>
>
> On Thu, Feb 20, 2014 at 11:28 AM, Juan Carlos <ju...@gmail.com> wrote:
>
>> Yes, that is what I'm looking for, but I couldn't find this information
>> for hadoop 2.2.0. I saw mapreduce.cluster.acls.enabled it's now the
>> parameter to use. But I don't know how to set my ACLs.
>> I'm using capacity schedurler and I've created 3 new queues test (which
>> is under root at the same level as default) and test1 and test2, which are
>> under test. As I said, I enabled mapreduce.cluster.acls.enabled in
>> mapred-site.xml and later added the parameter
>> yarn.scheduler.capacity.root.test1.acl_submit_applications with value
>> "jcfernandez ". If I submit a job to queue test1 with user hadoop, it
>> allows it to run it.
>> Which is my error?
>>
>>
>> 2014-02-20 16:41 GMT+01:00 Alex Nastetsky <an...@spryinc.com>:
>>
>> Juan,
>>>
>>> What kind of information are you looking for? The service level ACLs are
>>> for limiting which services can communicate under certain protocols, by
>>> username or user group.
>>>
>>> Perhaps you are looking for client level ACL, something like the
>>> MapReduce ACLs?
>>> https://hadoop.apache.org/docs/r1.2.1/mapred_tutorial.html#Job+Authorization
>>>
>>> Alex.
>>>
>>>
>>> 2014-02-20 4:58 GMT-05:00 Juan Carlos <jc...@cediant.es>:
>>>
>>> Where could I find some information about ACL? I only could find the
>>>> available in
>>>> http://hadoop.apache.org/docs/r2.2.0/hadoop-project-dist/hadoop-common/ServiceLevelAuth.html, which isn't so detailed.
>>>> Regards
>>>>
>>>> Juan Carlos Fernández Rodríguez
>>>> Consultor Tecnológico
>>>>
>>>> Telf: +34918105294
>>>> Móvil: +34639311788
>>>>
>>>> CEDIANT
>>>> Centro para el Desarrollo, Investigación y Aplicación de Nuevas
>>>> Tecnologías
>>>> HPC Business Solutions
>>>>
>>>> ********************* AVISO LEGAL *********************
>>>> Este mensaje es solamente para la persona a la que va dirigido. Puede
>>>> contener información confidencial o legalmente protegida. No hay renuncia a
>>>> la confidencialidad o privilegio por cualquier transmisión mala/errónea. Si
>>>> usted ha recibido este mensaje por error,le rogamos que borre de su sistema
>>>> inmediatamente el mensaje asi como todas sus copias, destruya todas las
>>>> copias del mismo de su disco duro y notifique al remitente. No debe,
>>>> directa o indirectamente, usar, revelar, distribuir, imprimir o copiar
>>>> ninguna de las partes de este mensaje si no es usted el destinatario.
>>>> Cualquier opinión expresada en este mensaje proviene del remitente, excepto
>>>> cuando el mensaje establezca lo contrario y el remitente esté autorizado
>>>> para establecer que dichas opiniones provienen de 'CEDIANT'. Nótese que el
>>>> correo electrónico vía Internet no permite asegurar ni la confidencialidad
>>>> de los mensajes que se transmiten ni la correcta recepción de los mismos.
>>>> En el caso de que el destinatario de este mensaje no consintiera la
>>>> utilización del correo electrónico vía Internet, rogamos lo ponga en
>>>> nuestro conocimiento de manera inmediata.
>>>>
>>>> ********************* DISCLAIMER *********************
>>>> This message is intended exclusively for the named person. It may
>>>> contain confidential, propietary or legally privileged information. No
>>>> confidentiality or privilege is waived or lost by any mistransmission. If
>>>> you receive this message in error, please immediately delete it and all
>>>> copies of it from your system, destroy any hard copies of it an notify the
>>>> sender. Your must not, directly or indirectly, use, disclose, distribute,
>>>> print, or copy any part of this message if you are not the intended
>>>> recipient. Any views expressed in this message are those of the individual
>>>> sender, except where the message states otherwise and the sender is
>>>> authorised to state them to be the views of 'CEDIANT'. Please note that
>>>> internet e-mail neither guarantees the confidentiality nor the proper
>>>> receipt of the message sent. If the addressee of this message does not
>>>> consent to the use of internet e-mail, please communicate it to us
>>>> immediately.
>>>>
>>>>
>>>
>>
>
Re: Service Level Authorization
Posted by Juan Carlos <ju...@gmail.com>.
Thanks Alex, my path to the queue was a mistake when I was testing
configurations and was unable to make work ACLs. My major problem was
about mapreduce.cluster.administrators
parameters. I didn't know anything about this parameter, I have been
looking for it in
http://hadoop.apache.org/docs/stable/hadoop-mapreduce-client/hadoop-mapreduce-client-core/mapred-default.xmlbut
it is missing there.
Thanks for your help, it worked as soon as I set that property to my hadoop
admin group.
2014-02-20 17:38 GMT+01:00 Alex Nastetsky <an...@spryinc.com>:
> If your test1 queue is under test queue, then you have to specify the path
> in the same way:
>
> yarn.scheduler.capacity.root.test.test1.acl_submit_applications (you are
> missing the "test")
>
> Also, if your "hadoop" user is a member of user group "hadoop", that is
> the default value of the mapreduce.cluster.administrators in
> mapred-site.xml. Users of that group can submit jobs to and administer all
> queues.
>
>
> On Thu, Feb 20, 2014 at 11:28 AM, Juan Carlos <ju...@gmail.com> wrote:
>
>> Yes, that is what I'm looking for, but I couldn't find this information
>> for hadoop 2.2.0. I saw mapreduce.cluster.acls.enabled it's now the
>> parameter to use. But I don't know how to set my ACLs.
>> I'm using capacity schedurler and I've created 3 new queues test (which
>> is under root at the same level as default) and test1 and test2, which are
>> under test. As I said, I enabled mapreduce.cluster.acls.enabled in
>> mapred-site.xml and later added the parameter
>> yarn.scheduler.capacity.root.test1.acl_submit_applications with value
>> "jcfernandez ". If I submit a job to queue test1 with user hadoop, it
>> allows it to run it.
>> Which is my error?
>>
>>
>> 2014-02-20 16:41 GMT+01:00 Alex Nastetsky <an...@spryinc.com>:
>>
>> Juan,
>>>
>>> What kind of information are you looking for? The service level ACLs are
>>> for limiting which services can communicate under certain protocols, by
>>> username or user group.
>>>
>>> Perhaps you are looking for client level ACL, something like the
>>> MapReduce ACLs?
>>> https://hadoop.apache.org/docs/r1.2.1/mapred_tutorial.html#Job+Authorization
>>>
>>> Alex.
>>>
>>>
>>> 2014-02-20 4:58 GMT-05:00 Juan Carlos <jc...@cediant.es>:
>>>
>>> Where could I find some information about ACL? I only could find the
>>>> available in
>>>> http://hadoop.apache.org/docs/r2.2.0/hadoop-project-dist/hadoop-common/ServiceLevelAuth.html, which isn't so detailed.
>>>> Regards
>>>>
>>>> Juan Carlos Fernández Rodríguez
>>>> Consultor Tecnológico
>>>>
>>>> Telf: +34918105294
>>>> Móvil: +34639311788
>>>>
>>>> CEDIANT
>>>> Centro para el Desarrollo, Investigación y Aplicación de Nuevas
>>>> Tecnologías
>>>> HPC Business Solutions
>>>>
>>>> ********************* AVISO LEGAL *********************
>>>> Este mensaje es solamente para la persona a la que va dirigido. Puede
>>>> contener información confidencial o legalmente protegida. No hay renuncia a
>>>> la confidencialidad o privilegio por cualquier transmisión mala/errónea. Si
>>>> usted ha recibido este mensaje por error,le rogamos que borre de su sistema
>>>> inmediatamente el mensaje asi como todas sus copias, destruya todas las
>>>> copias del mismo de su disco duro y notifique al remitente. No debe,
>>>> directa o indirectamente, usar, revelar, distribuir, imprimir o copiar
>>>> ninguna de las partes de este mensaje si no es usted el destinatario.
>>>> Cualquier opinión expresada en este mensaje proviene del remitente, excepto
>>>> cuando el mensaje establezca lo contrario y el remitente esté autorizado
>>>> para establecer que dichas opiniones provienen de 'CEDIANT'. Nótese que el
>>>> correo electrónico vía Internet no permite asegurar ni la confidencialidad
>>>> de los mensajes que se transmiten ni la correcta recepción de los mismos.
>>>> En el caso de que el destinatario de este mensaje no consintiera la
>>>> utilización del correo electrónico vía Internet, rogamos lo ponga en
>>>> nuestro conocimiento de manera inmediata.
>>>>
>>>> ********************* DISCLAIMER *********************
>>>> This message is intended exclusively for the named person. It may
>>>> contain confidential, propietary or legally privileged information. No
>>>> confidentiality or privilege is waived or lost by any mistransmission. If
>>>> you receive this message in error, please immediately delete it and all
>>>> copies of it from your system, destroy any hard copies of it an notify the
>>>> sender. Your must not, directly or indirectly, use, disclose, distribute,
>>>> print, or copy any part of this message if you are not the intended
>>>> recipient. Any views expressed in this message are those of the individual
>>>> sender, except where the message states otherwise and the sender is
>>>> authorised to state them to be the views of 'CEDIANT'. Please note that
>>>> internet e-mail neither guarantees the confidentiality nor the proper
>>>> receipt of the message sent. If the addressee of this message does not
>>>> consent to the use of internet e-mail, please communicate it to us
>>>> immediately.
>>>>
>>>>
>>>
>>
>
Re: Service Level Authorization
Posted by Juan Carlos <ju...@gmail.com>.
Thanks Alex, my path to the queue was a mistake when I was testing
configurations and was unable to make work ACLs. My major problem was
about mapreduce.cluster.administrators
parameters. I didn't know anything about this parameter, I have been
looking for it in
http://hadoop.apache.org/docs/stable/hadoop-mapreduce-client/hadoop-mapreduce-client-core/mapred-default.xmlbut
it is missing there.
Thanks for your help, it worked as soon as I set that property to my hadoop
admin group.
2014-02-20 17:38 GMT+01:00 Alex Nastetsky <an...@spryinc.com>:
> If your test1 queue is under test queue, then you have to specify the path
> in the same way:
>
> yarn.scheduler.capacity.root.test.test1.acl_submit_applications (you are
> missing the "test")
>
> Also, if your "hadoop" user is a member of user group "hadoop", that is
> the default value of the mapreduce.cluster.administrators in
> mapred-site.xml. Users of that group can submit jobs to and administer all
> queues.
>
>
> On Thu, Feb 20, 2014 at 11:28 AM, Juan Carlos <ju...@gmail.com> wrote:
>
>> Yes, that is what I'm looking for, but I couldn't find this information
>> for hadoop 2.2.0. I saw mapreduce.cluster.acls.enabled it's now the
>> parameter to use. But I don't know how to set my ACLs.
>> I'm using capacity schedurler and I've created 3 new queues test (which
>> is under root at the same level as default) and test1 and test2, which are
>> under test. As I said, I enabled mapreduce.cluster.acls.enabled in
>> mapred-site.xml and later added the parameter
>> yarn.scheduler.capacity.root.test1.acl_submit_applications with value
>> "jcfernandez ". If I submit a job to queue test1 with user hadoop, it
>> allows it to run it.
>> Which is my error?
>>
>>
>> 2014-02-20 16:41 GMT+01:00 Alex Nastetsky <an...@spryinc.com>:
>>
>> Juan,
>>>
>>> What kind of information are you looking for? The service level ACLs are
>>> for limiting which services can communicate under certain protocols, by
>>> username or user group.
>>>
>>> Perhaps you are looking for client level ACL, something like the
>>> MapReduce ACLs?
>>> https://hadoop.apache.org/docs/r1.2.1/mapred_tutorial.html#Job+Authorization
>>>
>>> Alex.
>>>
>>>
>>> 2014-02-20 4:58 GMT-05:00 Juan Carlos <jc...@cediant.es>:
>>>
>>> Where could I find some information about ACL? I only could find the
>>>> available in
>>>> http://hadoop.apache.org/docs/r2.2.0/hadoop-project-dist/hadoop-common/ServiceLevelAuth.html, which isn't so detailed.
>>>> Regards
>>>>
>>>> Juan Carlos Fernández Rodríguez
>>>> Consultor Tecnológico
>>>>
>>>> Telf: +34918105294
>>>> Móvil: +34639311788
>>>>
>>>> CEDIANT
>>>> Centro para el Desarrollo, Investigación y Aplicación de Nuevas
>>>> Tecnologías
>>>> HPC Business Solutions
>>>>
>>>> ********************* AVISO LEGAL *********************
>>>> Este mensaje es solamente para la persona a la que va dirigido. Puede
>>>> contener información confidencial o legalmente protegida. No hay renuncia a
>>>> la confidencialidad o privilegio por cualquier transmisión mala/errónea. Si
>>>> usted ha recibido este mensaje por error,le rogamos que borre de su sistema
>>>> inmediatamente el mensaje asi como todas sus copias, destruya todas las
>>>> copias del mismo de su disco duro y notifique al remitente. No debe,
>>>> directa o indirectamente, usar, revelar, distribuir, imprimir o copiar
>>>> ninguna de las partes de este mensaje si no es usted el destinatario.
>>>> Cualquier opinión expresada en este mensaje proviene del remitente, excepto
>>>> cuando el mensaje establezca lo contrario y el remitente esté autorizado
>>>> para establecer que dichas opiniones provienen de 'CEDIANT'. Nótese que el
>>>> correo electrónico vía Internet no permite asegurar ni la confidencialidad
>>>> de los mensajes que se transmiten ni la correcta recepción de los mismos.
>>>> En el caso de que el destinatario de este mensaje no consintiera la
>>>> utilización del correo electrónico vía Internet, rogamos lo ponga en
>>>> nuestro conocimiento de manera inmediata.
>>>>
>>>> ********************* DISCLAIMER *********************
>>>> This message is intended exclusively for the named person. It may
>>>> contain confidential, propietary or legally privileged information. No
>>>> confidentiality or privilege is waived or lost by any mistransmission. If
>>>> you receive this message in error, please immediately delete it and all
>>>> copies of it from your system, destroy any hard copies of it an notify the
>>>> sender. Your must not, directly or indirectly, use, disclose, distribute,
>>>> print, or copy any part of this message if you are not the intended
>>>> recipient. Any views expressed in this message are those of the individual
>>>> sender, except where the message states otherwise and the sender is
>>>> authorised to state them to be the views of 'CEDIANT'. Please note that
>>>> internet e-mail neither guarantees the confidentiality nor the proper
>>>> receipt of the message sent. If the addressee of this message does not
>>>> consent to the use of internet e-mail, please communicate it to us
>>>> immediately.
>>>>
>>>>
>>>
>>
>
Re: Service Level Authorization
Posted by Juan Carlos <ju...@gmail.com>.
Thanks Alex, my path to the queue was a mistake when I was testing
configurations and was unable to make work ACLs. My major problem was
about mapreduce.cluster.administrators
parameters. I didn't know anything about this parameter, I have been
looking for it in
http://hadoop.apache.org/docs/stable/hadoop-mapreduce-client/hadoop-mapreduce-client-core/mapred-default.xmlbut
it is missing there.
Thanks for your help, it worked as soon as I set that property to my hadoop
admin group.
2014-02-20 17:38 GMT+01:00 Alex Nastetsky <an...@spryinc.com>:
> If your test1 queue is under test queue, then you have to specify the path
> in the same way:
>
> yarn.scheduler.capacity.root.test.test1.acl_submit_applications (you are
> missing the "test")
>
> Also, if your "hadoop" user is a member of user group "hadoop", that is
> the default value of the mapreduce.cluster.administrators in
> mapred-site.xml. Users of that group can submit jobs to and administer all
> queues.
>
>
> On Thu, Feb 20, 2014 at 11:28 AM, Juan Carlos <ju...@gmail.com> wrote:
>
>> Yes, that is what I'm looking for, but I couldn't find this information
>> for hadoop 2.2.0. I saw mapreduce.cluster.acls.enabled it's now the
>> parameter to use. But I don't know how to set my ACLs.
>> I'm using capacity schedurler and I've created 3 new queues test (which
>> is under root at the same level as default) and test1 and test2, which are
>> under test. As I said, I enabled mapreduce.cluster.acls.enabled in
>> mapred-site.xml and later added the parameter
>> yarn.scheduler.capacity.root.test1.acl_submit_applications with value
>> "jcfernandez ". If I submit a job to queue test1 with user hadoop, it
>> allows it to run it.
>> Which is my error?
>>
>>
>> 2014-02-20 16:41 GMT+01:00 Alex Nastetsky <an...@spryinc.com>:
>>
>> Juan,
>>>
>>> What kind of information are you looking for? The service level ACLs are
>>> for limiting which services can communicate under certain protocols, by
>>> username or user group.
>>>
>>> Perhaps you are looking for client level ACL, something like the
>>> MapReduce ACLs?
>>> https://hadoop.apache.org/docs/r1.2.1/mapred_tutorial.html#Job+Authorization
>>>
>>> Alex.
>>>
>>>
>>> 2014-02-20 4:58 GMT-05:00 Juan Carlos <jc...@cediant.es>:
>>>
>>> Where could I find some information about ACL? I only could find the
>>>> available in
>>>> http://hadoop.apache.org/docs/r2.2.0/hadoop-project-dist/hadoop-common/ServiceLevelAuth.html, which isn't so detailed.
>>>> Regards
>>>>
>>>> Juan Carlos Fernández Rodríguez
>>>> Consultor Tecnológico
>>>>
>>>> Telf: +34918105294
>>>> Móvil: +34639311788
>>>>
>>>> CEDIANT
>>>> Centro para el Desarrollo, Investigación y Aplicación de Nuevas
>>>> Tecnologías
>>>> HPC Business Solutions
>>>>
>>>> ********************* AVISO LEGAL *********************
>>>> Este mensaje es solamente para la persona a la que va dirigido. Puede
>>>> contener información confidencial o legalmente protegida. No hay renuncia a
>>>> la confidencialidad o privilegio por cualquier transmisión mala/errónea. Si
>>>> usted ha recibido este mensaje por error,le rogamos que borre de su sistema
>>>> inmediatamente el mensaje asi como todas sus copias, destruya todas las
>>>> copias del mismo de su disco duro y notifique al remitente. No debe,
>>>> directa o indirectamente, usar, revelar, distribuir, imprimir o copiar
>>>> ninguna de las partes de este mensaje si no es usted el destinatario.
>>>> Cualquier opinión expresada en este mensaje proviene del remitente, excepto
>>>> cuando el mensaje establezca lo contrario y el remitente esté autorizado
>>>> para establecer que dichas opiniones provienen de 'CEDIANT'. Nótese que el
>>>> correo electrónico vía Internet no permite asegurar ni la confidencialidad
>>>> de los mensajes que se transmiten ni la correcta recepción de los mismos.
>>>> En el caso de que el destinatario de este mensaje no consintiera la
>>>> utilización del correo electrónico vía Internet, rogamos lo ponga en
>>>> nuestro conocimiento de manera inmediata.
>>>>
>>>> ********************* DISCLAIMER *********************
>>>> This message is intended exclusively for the named person. It may
>>>> contain confidential, propietary or legally privileged information. No
>>>> confidentiality or privilege is waived or lost by any mistransmission. If
>>>> you receive this message in error, please immediately delete it and all
>>>> copies of it from your system, destroy any hard copies of it an notify the
>>>> sender. Your must not, directly or indirectly, use, disclose, distribute,
>>>> print, or copy any part of this message if you are not the intended
>>>> recipient. Any views expressed in this message are those of the individual
>>>> sender, except where the message states otherwise and the sender is
>>>> authorised to state them to be the views of 'CEDIANT'. Please note that
>>>> internet e-mail neither guarantees the confidentiality nor the proper
>>>> receipt of the message sent. If the addressee of this message does not
>>>> consent to the use of internet e-mail, please communicate it to us
>>>> immediately.
>>>>
>>>>
>>>
>>
>
Re: Service Level Authorization
Posted by Alex Nastetsky <an...@spryinc.com>.
If your test1 queue is under test queue, then you have to specify the path
in the same way:
yarn.scheduler.capacity.root.test.test1.acl_submit_applications (you are
missing the "test")
Also, if your "hadoop" user is a member of user group "hadoop", that is the
default value of the mapreduce.cluster.administrators in mapred-site.xml.
Users of that group can submit jobs to and administer all queues.
On Thu, Feb 20, 2014 at 11:28 AM, Juan Carlos <ju...@gmail.com> wrote:
> Yes, that is what I'm looking for, but I couldn't find this information
> for hadoop 2.2.0. I saw mapreduce.cluster.acls.enabled it's now the
> parameter to use. But I don't know how to set my ACLs.
> I'm using capacity schedurler and I've created 3 new queues test (which is
> under root at the same level as default) and test1 and test2, which are
> under test. As I said, I enabled mapreduce.cluster.acls.enabled in
> mapred-site.xml and later added the parameter
> yarn.scheduler.capacity.root.test1.acl_submit_applications with value
> "jcfernandez ". If I submit a job to queue test1 with user hadoop, it
> allows it to run it.
> Which is my error?
>
>
> 2014-02-20 16:41 GMT+01:00 Alex Nastetsky <an...@spryinc.com>:
>
> Juan,
>>
>> What kind of information are you looking for? The service level ACLs are
>> for limiting which services can communicate under certain protocols, by
>> username or user group.
>>
>> Perhaps you are looking for client level ACL, something like the
>> MapReduce ACLs?
>> https://hadoop.apache.org/docs/r1.2.1/mapred_tutorial.html#Job+Authorization
>>
>> Alex.
>>
>>
>> 2014-02-20 4:58 GMT-05:00 Juan Carlos <jc...@cediant.es>:
>>
>> Where could I find some information about ACL? I only could find the
>>> available in
>>> http://hadoop.apache.org/docs/r2.2.0/hadoop-project-dist/hadoop-common/ServiceLevelAuth.html, which isn't so detailed.
>>> Regards
>>>
>>> Juan Carlos Fernández Rodríguez
>>> Consultor Tecnológico
>>>
>>> Telf: +34918105294
>>> Móvil: +34639311788
>>>
>>> CEDIANT
>>> Centro para el Desarrollo, Investigación y Aplicación de Nuevas
>>> Tecnologías
>>> HPC Business Solutions
>>>
>>> ********************* AVISO LEGAL *********************
>>> Este mensaje es solamente para la persona a la que va dirigido. Puede
>>> contener información confidencial o legalmente protegida. No hay renuncia a
>>> la confidencialidad o privilegio por cualquier transmisión mala/errónea. Si
>>> usted ha recibido este mensaje por error,le rogamos que borre de su sistema
>>> inmediatamente el mensaje asi como todas sus copias, destruya todas las
>>> copias del mismo de su disco duro y notifique al remitente. No debe,
>>> directa o indirectamente, usar, revelar, distribuir, imprimir o copiar
>>> ninguna de las partes de este mensaje si no es usted el destinatario.
>>> Cualquier opinión expresada en este mensaje proviene del remitente, excepto
>>> cuando el mensaje establezca lo contrario y el remitente esté autorizado
>>> para establecer que dichas opiniones provienen de 'CEDIANT'. Nótese que el
>>> correo electrónico vía Internet no permite asegurar ni la confidencialidad
>>> de los mensajes que se transmiten ni la correcta recepción de los mismos.
>>> En el caso de que el destinatario de este mensaje no consintiera la
>>> utilización del correo electrónico vía Internet, rogamos lo ponga en
>>> nuestro conocimiento de manera inmediata.
>>>
>>> ********************* DISCLAIMER *********************
>>> This message is intended exclusively for the named person. It may
>>> contain confidential, propietary or legally privileged information. No
>>> confidentiality or privilege is waived or lost by any mistransmission. If
>>> you receive this message in error, please immediately delete it and all
>>> copies of it from your system, destroy any hard copies of it an notify the
>>> sender. Your must not, directly or indirectly, use, disclose, distribute,
>>> print, or copy any part of this message if you are not the intended
>>> recipient. Any views expressed in this message are those of the individual
>>> sender, except where the message states otherwise and the sender is
>>> authorised to state them to be the views of 'CEDIANT'. Please note that
>>> internet e-mail neither guarantees the confidentiality nor the proper
>>> receipt of the message sent. If the addressee of this message does not
>>> consent to the use of internet e-mail, please communicate it to us
>>> immediately.
>>>
>>>
>>
>
Re: Service Level Authorization
Posted by Alex Nastetsky <an...@spryinc.com>.
If your test1 queue is under test queue, then you have to specify the path
in the same way:
yarn.scheduler.capacity.root.test.test1.acl_submit_applications (you are
missing the "test")
Also, if your "hadoop" user is a member of user group "hadoop", that is the
default value of the mapreduce.cluster.administrators in mapred-site.xml.
Users of that group can submit jobs to and administer all queues.
On Thu, Feb 20, 2014 at 11:28 AM, Juan Carlos <ju...@gmail.com> wrote:
> Yes, that is what I'm looking for, but I couldn't find this information
> for hadoop 2.2.0. I saw mapreduce.cluster.acls.enabled it's now the
> parameter to use. But I don't know how to set my ACLs.
> I'm using capacity schedurler and I've created 3 new queues test (which is
> under root at the same level as default) and test1 and test2, which are
> under test. As I said, I enabled mapreduce.cluster.acls.enabled in
> mapred-site.xml and later added the parameter
> yarn.scheduler.capacity.root.test1.acl_submit_applications with value
> "jcfernandez ". If I submit a job to queue test1 with user hadoop, it
> allows it to run it.
> Which is my error?
>
>
> 2014-02-20 16:41 GMT+01:00 Alex Nastetsky <an...@spryinc.com>:
>
> Juan,
>>
>> What kind of information are you looking for? The service level ACLs are
>> for limiting which services can communicate under certain protocols, by
>> username or user group.
>>
>> Perhaps you are looking for client level ACL, something like the
>> MapReduce ACLs?
>> https://hadoop.apache.org/docs/r1.2.1/mapred_tutorial.html#Job+Authorization
>>
>> Alex.
>>
>>
>> 2014-02-20 4:58 GMT-05:00 Juan Carlos <jc...@cediant.es>:
>>
>> Where could I find some information about ACL? I only could find the
>>> available in
>>> http://hadoop.apache.org/docs/r2.2.0/hadoop-project-dist/hadoop-common/ServiceLevelAuth.html, which isn't so detailed.
>>> Regards
>>>
>>> Juan Carlos Fernández Rodríguez
>>> Consultor Tecnológico
>>>
>>> Telf: +34918105294
>>> Móvil: +34639311788
>>>
>>> CEDIANT
>>> Centro para el Desarrollo, Investigación y Aplicación de Nuevas
>>> Tecnologías
>>> HPC Business Solutions
>>>
>>> ********************* AVISO LEGAL *********************
>>> Este mensaje es solamente para la persona a la que va dirigido. Puede
>>> contener información confidencial o legalmente protegida. No hay renuncia a
>>> la confidencialidad o privilegio por cualquier transmisión mala/errónea. Si
>>> usted ha recibido este mensaje por error,le rogamos que borre de su sistema
>>> inmediatamente el mensaje asi como todas sus copias, destruya todas las
>>> copias del mismo de su disco duro y notifique al remitente. No debe,
>>> directa o indirectamente, usar, revelar, distribuir, imprimir o copiar
>>> ninguna de las partes de este mensaje si no es usted el destinatario.
>>> Cualquier opinión expresada en este mensaje proviene del remitente, excepto
>>> cuando el mensaje establezca lo contrario y el remitente esté autorizado
>>> para establecer que dichas opiniones provienen de 'CEDIANT'. Nótese que el
>>> correo electrónico vía Internet no permite asegurar ni la confidencialidad
>>> de los mensajes que se transmiten ni la correcta recepción de los mismos.
>>> En el caso de que el destinatario de este mensaje no consintiera la
>>> utilización del correo electrónico vía Internet, rogamos lo ponga en
>>> nuestro conocimiento de manera inmediata.
>>>
>>> ********************* DISCLAIMER *********************
>>> This message is intended exclusively for the named person. It may
>>> contain confidential, propietary or legally privileged information. No
>>> confidentiality or privilege is waived or lost by any mistransmission. If
>>> you receive this message in error, please immediately delete it and all
>>> copies of it from your system, destroy any hard copies of it an notify the
>>> sender. Your must not, directly or indirectly, use, disclose, distribute,
>>> print, or copy any part of this message if you are not the intended
>>> recipient. Any views expressed in this message are those of the individual
>>> sender, except where the message states otherwise and the sender is
>>> authorised to state them to be the views of 'CEDIANT'. Please note that
>>> internet e-mail neither guarantees the confidentiality nor the proper
>>> receipt of the message sent. If the addressee of this message does not
>>> consent to the use of internet e-mail, please communicate it to us
>>> immediately.
>>>
>>>
>>
>
Re: Service Level Authorization
Posted by Alex Nastetsky <an...@spryinc.com>.
If your test1 queue is under test queue, then you have to specify the path
in the same way:
yarn.scheduler.capacity.root.test.test1.acl_submit_applications (you are
missing the "test")
Also, if your "hadoop" user is a member of user group "hadoop", that is the
default value of the mapreduce.cluster.administrators in mapred-site.xml.
Users of that group can submit jobs to and administer all queues.
On Thu, Feb 20, 2014 at 11:28 AM, Juan Carlos <ju...@gmail.com> wrote:
> Yes, that is what I'm looking for, but I couldn't find this information
> for hadoop 2.2.0. I saw mapreduce.cluster.acls.enabled it's now the
> parameter to use. But I don't know how to set my ACLs.
> I'm using capacity schedurler and I've created 3 new queues test (which is
> under root at the same level as default) and test1 and test2, which are
> under test. As I said, I enabled mapreduce.cluster.acls.enabled in
> mapred-site.xml and later added the parameter
> yarn.scheduler.capacity.root.test1.acl_submit_applications with value
> "jcfernandez ". If I submit a job to queue test1 with user hadoop, it
> allows it to run it.
> Which is my error?
>
>
> 2014-02-20 16:41 GMT+01:00 Alex Nastetsky <an...@spryinc.com>:
>
> Juan,
>>
>> What kind of information are you looking for? The service level ACLs are
>> for limiting which services can communicate under certain protocols, by
>> username or user group.
>>
>> Perhaps you are looking for client level ACL, something like the
>> MapReduce ACLs?
>> https://hadoop.apache.org/docs/r1.2.1/mapred_tutorial.html#Job+Authorization
>>
>> Alex.
>>
>>
>> 2014-02-20 4:58 GMT-05:00 Juan Carlos <jc...@cediant.es>:
>>
>> Where could I find some information about ACL? I only could find the
>>> available in
>>> http://hadoop.apache.org/docs/r2.2.0/hadoop-project-dist/hadoop-common/ServiceLevelAuth.html, which isn't so detailed.
>>> Regards
>>>
>>> Juan Carlos Fernández Rodríguez
>>> Consultor Tecnológico
>>>
>>> Telf: +34918105294
>>> Móvil: +34639311788
>>>
>>> CEDIANT
>>> Centro para el Desarrollo, Investigación y Aplicación de Nuevas
>>> Tecnologías
>>> HPC Business Solutions
>>>
>>> ********************* AVISO LEGAL *********************
>>> Este mensaje es solamente para la persona a la que va dirigido. Puede
>>> contener información confidencial o legalmente protegida. No hay renuncia a
>>> la confidencialidad o privilegio por cualquier transmisión mala/errónea. Si
>>> usted ha recibido este mensaje por error,le rogamos que borre de su sistema
>>> inmediatamente el mensaje asi como todas sus copias, destruya todas las
>>> copias del mismo de su disco duro y notifique al remitente. No debe,
>>> directa o indirectamente, usar, revelar, distribuir, imprimir o copiar
>>> ninguna de las partes de este mensaje si no es usted el destinatario.
>>> Cualquier opinión expresada en este mensaje proviene del remitente, excepto
>>> cuando el mensaje establezca lo contrario y el remitente esté autorizado
>>> para establecer que dichas opiniones provienen de 'CEDIANT'. Nótese que el
>>> correo electrónico vía Internet no permite asegurar ni la confidencialidad
>>> de los mensajes que se transmiten ni la correcta recepción de los mismos.
>>> En el caso de que el destinatario de este mensaje no consintiera la
>>> utilización del correo electrónico vía Internet, rogamos lo ponga en
>>> nuestro conocimiento de manera inmediata.
>>>
>>> ********************* DISCLAIMER *********************
>>> This message is intended exclusively for the named person. It may
>>> contain confidential, propietary or legally privileged information. No
>>> confidentiality or privilege is waived or lost by any mistransmission. If
>>> you receive this message in error, please immediately delete it and all
>>> copies of it from your system, destroy any hard copies of it an notify the
>>> sender. Your must not, directly or indirectly, use, disclose, distribute,
>>> print, or copy any part of this message if you are not the intended
>>> recipient. Any views expressed in this message are those of the individual
>>> sender, except where the message states otherwise and the sender is
>>> authorised to state them to be the views of 'CEDIANT'. Please note that
>>> internet e-mail neither guarantees the confidentiality nor the proper
>>> receipt of the message sent. If the addressee of this message does not
>>> consent to the use of internet e-mail, please communicate it to us
>>> immediately.
>>>
>>>
>>
>
Re: Service Level Authorization
Posted by Alex Nastetsky <an...@spryinc.com>.
If your test1 queue is under test queue, then you have to specify the path
in the same way:
yarn.scheduler.capacity.root.test.test1.acl_submit_applications (you are
missing the "test")
Also, if your "hadoop" user is a member of user group "hadoop", that is the
default value of the mapreduce.cluster.administrators in mapred-site.xml.
Users of that group can submit jobs to and administer all queues.
On Thu, Feb 20, 2014 at 11:28 AM, Juan Carlos <ju...@gmail.com> wrote:
> Yes, that is what I'm looking for, but I couldn't find this information
> for hadoop 2.2.0. I saw mapreduce.cluster.acls.enabled it's now the
> parameter to use. But I don't know how to set my ACLs.
> I'm using capacity schedurler and I've created 3 new queues test (which is
> under root at the same level as default) and test1 and test2, which are
> under test. As I said, I enabled mapreduce.cluster.acls.enabled in
> mapred-site.xml and later added the parameter
> yarn.scheduler.capacity.root.test1.acl_submit_applications with value
> "jcfernandez ". If I submit a job to queue test1 with user hadoop, it
> allows it to run it.
> Which is my error?
>
>
> 2014-02-20 16:41 GMT+01:00 Alex Nastetsky <an...@spryinc.com>:
>
> Juan,
>>
>> What kind of information are you looking for? The service level ACLs are
>> for limiting which services can communicate under certain protocols, by
>> username or user group.
>>
>> Perhaps you are looking for client level ACL, something like the
>> MapReduce ACLs?
>> https://hadoop.apache.org/docs/r1.2.1/mapred_tutorial.html#Job+Authorization
>>
>> Alex.
>>
>>
>> 2014-02-20 4:58 GMT-05:00 Juan Carlos <jc...@cediant.es>:
>>
>> Where could I find some information about ACL? I only could find the
>>> available in
>>> http://hadoop.apache.org/docs/r2.2.0/hadoop-project-dist/hadoop-common/ServiceLevelAuth.html, which isn't so detailed.
>>> Regards
>>>
>>> Juan Carlos Fernández Rodríguez
>>> Consultor Tecnológico
>>>
>>> Telf: +34918105294
>>> Móvil: +34639311788
>>>
>>> CEDIANT
>>> Centro para el Desarrollo, Investigación y Aplicación de Nuevas
>>> Tecnologías
>>> HPC Business Solutions
>>>
>>> ********************* AVISO LEGAL *********************
>>> Este mensaje es solamente para la persona a la que va dirigido. Puede
>>> contener información confidencial o legalmente protegida. No hay renuncia a
>>> la confidencialidad o privilegio por cualquier transmisión mala/errónea. Si
>>> usted ha recibido este mensaje por error,le rogamos que borre de su sistema
>>> inmediatamente el mensaje asi como todas sus copias, destruya todas las
>>> copias del mismo de su disco duro y notifique al remitente. No debe,
>>> directa o indirectamente, usar, revelar, distribuir, imprimir o copiar
>>> ninguna de las partes de este mensaje si no es usted el destinatario.
>>> Cualquier opinión expresada en este mensaje proviene del remitente, excepto
>>> cuando el mensaje establezca lo contrario y el remitente esté autorizado
>>> para establecer que dichas opiniones provienen de 'CEDIANT'. Nótese que el
>>> correo electrónico vía Internet no permite asegurar ni la confidencialidad
>>> de los mensajes que se transmiten ni la correcta recepción de los mismos.
>>> En el caso de que el destinatario de este mensaje no consintiera la
>>> utilización del correo electrónico vía Internet, rogamos lo ponga en
>>> nuestro conocimiento de manera inmediata.
>>>
>>> ********************* DISCLAIMER *********************
>>> This message is intended exclusively for the named person. It may
>>> contain confidential, propietary or legally privileged information. No
>>> confidentiality or privilege is waived or lost by any mistransmission. If
>>> you receive this message in error, please immediately delete it and all
>>> copies of it from your system, destroy any hard copies of it an notify the
>>> sender. Your must not, directly or indirectly, use, disclose, distribute,
>>> print, or copy any part of this message if you are not the intended
>>> recipient. Any views expressed in this message are those of the individual
>>> sender, except where the message states otherwise and the sender is
>>> authorised to state them to be the views of 'CEDIANT'. Please note that
>>> internet e-mail neither guarantees the confidentiality nor the proper
>>> receipt of the message sent. If the addressee of this message does not
>>> consent to the use of internet e-mail, please communicate it to us
>>> immediately.
>>>
>>>
>>
>
Re: Service Level Authorization
Posted by Juan Carlos <ju...@gmail.com>.
Yes, that is what I'm looking for, but I couldn't find this information for
hadoop 2.2.0. I saw mapreduce.cluster.acls.enabled it's now the parameter
to use. But I don't know how to set my ACLs.
I'm using capacity schedurler and I've created 3 new queues test (which is
under root at the same level as default) and test1 and test2, which are
under test. As I said, I enabled mapreduce.cluster.acls.enabled in
mapred-site.xml and later added the parameter
yarn.scheduler.capacity.root.test1.acl_submit_applications with value
"jcfernandez ". If I submit a job to queue test1 with user hadoop, it
allows it to run it.
Which is my error?
2014-02-20 16:41 GMT+01:00 Alex Nastetsky <an...@spryinc.com>:
> Juan,
>
> What kind of information are you looking for? The service level ACLs are
> for limiting which services can communicate under certain protocols, by
> username or user group.
>
> Perhaps you are looking for client level ACL, something like the MapReduce
> ACLs?
> https://hadoop.apache.org/docs/r1.2.1/mapred_tutorial.html#Job+Authorization
>
> Alex.
>
>
> 2014-02-20 4:58 GMT-05:00 Juan Carlos <jc...@cediant.es>:
>
> Where could I find some information about ACL? I only could find the
>> available in
>> http://hadoop.apache.org/docs/r2.2.0/hadoop-project-dist/hadoop-common/ServiceLevelAuth.html, which isn't so detailed.
>> Regards
>>
>> Juan Carlos Fernández Rodríguez
>> Consultor Tecnológico
>>
>> Telf: +34918105294
>> Móvil: +34639311788
>>
>> CEDIANT
>> Centro para el Desarrollo, Investigación y Aplicación de Nuevas
>> Tecnologías
>> HPC Business Solutions
>>
>> ********************* AVISO LEGAL *********************
>> Este mensaje es solamente para la persona a la que va dirigido. Puede
>> contener información confidencial o legalmente protegida. No hay renuncia a
>> la confidencialidad o privilegio por cualquier transmisión mala/errónea. Si
>> usted ha recibido este mensaje por error,le rogamos que borre de su sistema
>> inmediatamente el mensaje asi como todas sus copias, destruya todas las
>> copias del mismo de su disco duro y notifique al remitente. No debe,
>> directa o indirectamente, usar, revelar, distribuir, imprimir o copiar
>> ninguna de las partes de este mensaje si no es usted el destinatario.
>> Cualquier opinión expresada en este mensaje proviene del remitente, excepto
>> cuando el mensaje establezca lo contrario y el remitente esté autorizado
>> para establecer que dichas opiniones provienen de 'CEDIANT'. Nótese que el
>> correo electrónico vía Internet no permite asegurar ni la confidencialidad
>> de los mensajes que se transmiten ni la correcta recepción de los mismos.
>> En el caso de que el destinatario de este mensaje no consintiera la
>> utilización del correo electrónico vía Internet, rogamos lo ponga en
>> nuestro conocimiento de manera inmediata.
>>
>> ********************* DISCLAIMER *********************
>> This message is intended exclusively for the named person. It may
>> contain confidential, propietary or legally privileged information. No
>> confidentiality or privilege is waived or lost by any mistransmission. If
>> you receive this message in error, please immediately delete it and all
>> copies of it from your system, destroy any hard copies of it an notify the
>> sender. Your must not, directly or indirectly, use, disclose, distribute,
>> print, or copy any part of this message if you are not the intended
>> recipient. Any views expressed in this message are those of the individual
>> sender, except where the message states otherwise and the sender is
>> authorised to state them to be the views of 'CEDIANT'. Please note that
>> internet e-mail neither guarantees the confidentiality nor the proper
>> receipt of the message sent. If the addressee of this message does not
>> consent to the use of internet e-mail, please communicate it to us
>> immediately.
>>
>>
>
Re: Service Level Authorization
Posted by Juan Carlos <ju...@gmail.com>.
Yes, that is what I'm looking for, but I couldn't find this information for
hadoop 2.2.0. I saw mapreduce.cluster.acls.enabled it's now the parameter
to use. But I don't know how to set my ACLs.
I'm using capacity schedurler and I've created 3 new queues test (which is
under root at the same level as default) and test1 and test2, which are
under test. As I said, I enabled mapreduce.cluster.acls.enabled in
mapred-site.xml and later added the parameter
yarn.scheduler.capacity.root.test1.acl_submit_applications with value
"jcfernandez ". If I submit a job to queue test1 with user hadoop, it
allows it to run it.
Which is my error?
2014-02-20 16:41 GMT+01:00 Alex Nastetsky <an...@spryinc.com>:
> Juan,
>
> What kind of information are you looking for? The service level ACLs are
> for limiting which services can communicate under certain protocols, by
> username or user group.
>
> Perhaps you are looking for client level ACL, something like the MapReduce
> ACLs?
> https://hadoop.apache.org/docs/r1.2.1/mapred_tutorial.html#Job+Authorization
>
> Alex.
>
>
> 2014-02-20 4:58 GMT-05:00 Juan Carlos <jc...@cediant.es>:
>
> Where could I find some information about ACL? I only could find the
>> available in
>> http://hadoop.apache.org/docs/r2.2.0/hadoop-project-dist/hadoop-common/ServiceLevelAuth.html, which isn't so detailed.
>> Regards
>>
>> Juan Carlos Fernández Rodríguez
>> Consultor Tecnológico
>>
>> Telf: +34918105294
>> Móvil: +34639311788
>>
>> CEDIANT
>> Centro para el Desarrollo, Investigación y Aplicación de Nuevas
>> Tecnologías
>> HPC Business Solutions
>>
>> ********************* AVISO LEGAL *********************
>> Este mensaje es solamente para la persona a la que va dirigido. Puede
>> contener información confidencial o legalmente protegida. No hay renuncia a
>> la confidencialidad o privilegio por cualquier transmisión mala/errónea. Si
>> usted ha recibido este mensaje por error,le rogamos que borre de su sistema
>> inmediatamente el mensaje asi como todas sus copias, destruya todas las
>> copias del mismo de su disco duro y notifique al remitente. No debe,
>> directa o indirectamente, usar, revelar, distribuir, imprimir o copiar
>> ninguna de las partes de este mensaje si no es usted el destinatario.
>> Cualquier opinión expresada en este mensaje proviene del remitente, excepto
>> cuando el mensaje establezca lo contrario y el remitente esté autorizado
>> para establecer que dichas opiniones provienen de 'CEDIANT'. Nótese que el
>> correo electrónico vía Internet no permite asegurar ni la confidencialidad
>> de los mensajes que se transmiten ni la correcta recepción de los mismos.
>> En el caso de que el destinatario de este mensaje no consintiera la
>> utilización del correo electrónico vía Internet, rogamos lo ponga en
>> nuestro conocimiento de manera inmediata.
>>
>> ********************* DISCLAIMER *********************
>> This message is intended exclusively for the named person. It may
>> contain confidential, propietary or legally privileged information. No
>> confidentiality or privilege is waived or lost by any mistransmission. If
>> you receive this message in error, please immediately delete it and all
>> copies of it from your system, destroy any hard copies of it an notify the
>> sender. Your must not, directly or indirectly, use, disclose, distribute,
>> print, or copy any part of this message if you are not the intended
>> recipient. Any views expressed in this message are those of the individual
>> sender, except where the message states otherwise and the sender is
>> authorised to state them to be the views of 'CEDIANT'. Please note that
>> internet e-mail neither guarantees the confidentiality nor the proper
>> receipt of the message sent. If the addressee of this message does not
>> consent to the use of internet e-mail, please communicate it to us
>> immediately.
>>
>>
>
Re: Service Level Authorization
Posted by Juan Carlos <ju...@gmail.com>.
Yes, that is what I'm looking for, but I couldn't find this information for
hadoop 2.2.0. I saw mapreduce.cluster.acls.enabled it's now the parameter
to use. But I don't know how to set my ACLs.
I'm using capacity schedurler and I've created 3 new queues test (which is
under root at the same level as default) and test1 and test2, which are
under test. As I said, I enabled mapreduce.cluster.acls.enabled in
mapred-site.xml and later added the parameter
yarn.scheduler.capacity.root.test1.acl_submit_applications with value
"jcfernandez ". If I submit a job to queue test1 with user hadoop, it
allows it to run it.
Which is my error?
2014-02-20 16:41 GMT+01:00 Alex Nastetsky <an...@spryinc.com>:
> Juan,
>
> What kind of information are you looking for? The service level ACLs are
> for limiting which services can communicate under certain protocols, by
> username or user group.
>
> Perhaps you are looking for client level ACL, something like the MapReduce
> ACLs?
> https://hadoop.apache.org/docs/r1.2.1/mapred_tutorial.html#Job+Authorization
>
> Alex.
>
>
> 2014-02-20 4:58 GMT-05:00 Juan Carlos <jc...@cediant.es>:
>
> Where could I find some information about ACL? I only could find the
>> available in
>> http://hadoop.apache.org/docs/r2.2.0/hadoop-project-dist/hadoop-common/ServiceLevelAuth.html, which isn't so detailed.
>> Regards
>>
>> Juan Carlos Fernández Rodríguez
>> Consultor Tecnológico
>>
>> Telf: +34918105294
>> Móvil: +34639311788
>>
>> CEDIANT
>> Centro para el Desarrollo, Investigación y Aplicación de Nuevas
>> Tecnologías
>> HPC Business Solutions
>>
>> ********************* AVISO LEGAL *********************
>> Este mensaje es solamente para la persona a la que va dirigido. Puede
>> contener información confidencial o legalmente protegida. No hay renuncia a
>> la confidencialidad o privilegio por cualquier transmisión mala/errónea. Si
>> usted ha recibido este mensaje por error,le rogamos que borre de su sistema
>> inmediatamente el mensaje asi como todas sus copias, destruya todas las
>> copias del mismo de su disco duro y notifique al remitente. No debe,
>> directa o indirectamente, usar, revelar, distribuir, imprimir o copiar
>> ninguna de las partes de este mensaje si no es usted el destinatario.
>> Cualquier opinión expresada en este mensaje proviene del remitente, excepto
>> cuando el mensaje establezca lo contrario y el remitente esté autorizado
>> para establecer que dichas opiniones provienen de 'CEDIANT'. Nótese que el
>> correo electrónico vía Internet no permite asegurar ni la confidencialidad
>> de los mensajes que se transmiten ni la correcta recepción de los mismos.
>> En el caso de que el destinatario de este mensaje no consintiera la
>> utilización del correo electrónico vía Internet, rogamos lo ponga en
>> nuestro conocimiento de manera inmediata.
>>
>> ********************* DISCLAIMER *********************
>> This message is intended exclusively for the named person. It may
>> contain confidential, propietary or legally privileged information. No
>> confidentiality or privilege is waived or lost by any mistransmission. If
>> you receive this message in error, please immediately delete it and all
>> copies of it from your system, destroy any hard copies of it an notify the
>> sender. Your must not, directly or indirectly, use, disclose, distribute,
>> print, or copy any part of this message if you are not the intended
>> recipient. Any views expressed in this message are those of the individual
>> sender, except where the message states otherwise and the sender is
>> authorised to state them to be the views of 'CEDIANT'. Please note that
>> internet e-mail neither guarantees the confidentiality nor the proper
>> receipt of the message sent. If the addressee of this message does not
>> consent to the use of internet e-mail, please communicate it to us
>> immediately.
>>
>>
>
Re: Service Level Authorization
Posted by Juan Carlos <ju...@gmail.com>.
Yes, that is what I'm looking for, but I couldn't find this information for
hadoop 2.2.0. I saw mapreduce.cluster.acls.enabled it's now the parameter
to use. But I don't know how to set my ACLs.
I'm using capacity schedurler and I've created 3 new queues test (which is
under root at the same level as default) and test1 and test2, which are
under test. As I said, I enabled mapreduce.cluster.acls.enabled in
mapred-site.xml and later added the parameter
yarn.scheduler.capacity.root.test1.acl_submit_applications with value
"jcfernandez ". If I submit a job to queue test1 with user hadoop, it
allows it to run it.
Which is my error?
2014-02-20 16:41 GMT+01:00 Alex Nastetsky <an...@spryinc.com>:
> Juan,
>
> What kind of information are you looking for? The service level ACLs are
> for limiting which services can communicate under certain protocols, by
> username or user group.
>
> Perhaps you are looking for client level ACL, something like the MapReduce
> ACLs?
> https://hadoop.apache.org/docs/r1.2.1/mapred_tutorial.html#Job+Authorization
>
> Alex.
>
>
> 2014-02-20 4:58 GMT-05:00 Juan Carlos <jc...@cediant.es>:
>
> Where could I find some information about ACL? I only could find the
>> available in
>> http://hadoop.apache.org/docs/r2.2.0/hadoop-project-dist/hadoop-common/ServiceLevelAuth.html, which isn't so detailed.
>> Regards
>>
>> Juan Carlos Fernández Rodríguez
>> Consultor Tecnológico
>>
>> Telf: +34918105294
>> Móvil: +34639311788
>>
>> CEDIANT
>> Centro para el Desarrollo, Investigación y Aplicación de Nuevas
>> Tecnologías
>> HPC Business Solutions
>>
>> ********************* AVISO LEGAL *********************
>> Este mensaje es solamente para la persona a la que va dirigido. Puede
>> contener información confidencial o legalmente protegida. No hay renuncia a
>> la confidencialidad o privilegio por cualquier transmisión mala/errónea. Si
>> usted ha recibido este mensaje por error,le rogamos que borre de su sistema
>> inmediatamente el mensaje asi como todas sus copias, destruya todas las
>> copias del mismo de su disco duro y notifique al remitente. No debe,
>> directa o indirectamente, usar, revelar, distribuir, imprimir o copiar
>> ninguna de las partes de este mensaje si no es usted el destinatario.
>> Cualquier opinión expresada en este mensaje proviene del remitente, excepto
>> cuando el mensaje establezca lo contrario y el remitente esté autorizado
>> para establecer que dichas opiniones provienen de 'CEDIANT'. Nótese que el
>> correo electrónico vía Internet no permite asegurar ni la confidencialidad
>> de los mensajes que se transmiten ni la correcta recepción de los mismos.
>> En el caso de que el destinatario de este mensaje no consintiera la
>> utilización del correo electrónico vía Internet, rogamos lo ponga en
>> nuestro conocimiento de manera inmediata.
>>
>> ********************* DISCLAIMER *********************
>> This message is intended exclusively for the named person. It may
>> contain confidential, propietary or legally privileged information. No
>> confidentiality or privilege is waived or lost by any mistransmission. If
>> you receive this message in error, please immediately delete it and all
>> copies of it from your system, destroy any hard copies of it an notify the
>> sender. Your must not, directly or indirectly, use, disclose, distribute,
>> print, or copy any part of this message if you are not the intended
>> recipient. Any views expressed in this message are those of the individual
>> sender, except where the message states otherwise and the sender is
>> authorised to state them to be the views of 'CEDIANT'. Please note that
>> internet e-mail neither guarantees the confidentiality nor the proper
>> receipt of the message sent. If the addressee of this message does not
>> consent to the use of internet e-mail, please communicate it to us
>> immediately.
>>
>>
>
Re: Service Level Authorization
Posted by Alex Nastetsky <an...@spryinc.com>.
Juan,
What kind of information are you looking for? The service level ACLs are
for limiting which services can communicate under certain protocols, by
username or user group.
Perhaps you are looking for client level ACL, something like the MapReduce
ACLs?
https://hadoop.apache.org/docs/r1.2.1/mapred_tutorial.html#Job+Authorization
Alex.
2014-02-20 4:58 GMT-05:00 Juan Carlos <jc...@cediant.es>:
> Where could I find some information about ACL? I only could find the
> available in
> http://hadoop.apache.org/docs/r2.2.0/hadoop-project-dist/hadoop-common/ServiceLevelAuth.html, which isn't so detailed.
> Regards
>
> Juan Carlos Fernández Rodríguez
> Consultor Tecnológico
>
> Telf: +34918105294
> Móvil: +34639311788
>
> CEDIANT
> Centro para el Desarrollo, Investigación y Aplicación de Nuevas Tecnologías
> HPC Business Solutions
>
> ********************* AVISO LEGAL *********************
> Este mensaje es solamente para la persona a la que va dirigido. Puede
> contener información confidencial o legalmente protegida. No hay renuncia a
> la confidencialidad o privilegio por cualquier transmisión mala/errónea. Si
> usted ha recibido este mensaje por error,le rogamos que borre de su sistema
> inmediatamente el mensaje asi como todas sus copias, destruya todas las
> copias del mismo de su disco duro y notifique al remitente. No debe,
> directa o indirectamente, usar, revelar, distribuir, imprimir o copiar
> ninguna de las partes de este mensaje si no es usted el destinatario.
> Cualquier opinión expresada en este mensaje proviene del remitente, excepto
> cuando el mensaje establezca lo contrario y el remitente esté autorizado
> para establecer que dichas opiniones provienen de 'CEDIANT'. Nótese que el
> correo electrónico vía Internet no permite asegurar ni la confidencialidad
> de los mensajes que se transmiten ni la correcta recepción de los mismos.
> En el caso de que el destinatario de este mensaje no consintiera la
> utilización del correo electrónico vía Internet, rogamos lo ponga en
> nuestro conocimiento de manera inmediata.
>
> ********************* DISCLAIMER *********************
> This message is intended exclusively for the named person. It may contain
> confidential, propietary or legally privileged information. No
> confidentiality or privilege is waived or lost by any mistransmission. If
> you receive this message in error, please immediately delete it and all
> copies of it from your system, destroy any hard copies of it an notify the
> sender. Your must not, directly or indirectly, use, disclose, distribute,
> print, or copy any part of this message if you are not the intended
> recipient. Any views expressed in this message are those of the individual
> sender, except where the message states otherwise and the sender is
> authorised to state them to be the views of 'CEDIANT'. Please note that
> internet e-mail neither guarantees the confidentiality nor the proper
> receipt of the message sent. If the addressee of this message does not
> consent to the use of internet e-mail, please communicate it to us
> immediately.
>
>
Re: Service Level Authorization
Posted by Alex Nastetsky <an...@spryinc.com>.
Juan,
What kind of information are you looking for? The service level ACLs are
for limiting which services can communicate under certain protocols, by
username or user group.
Perhaps you are looking for client level ACL, something like the MapReduce
ACLs?
https://hadoop.apache.org/docs/r1.2.1/mapred_tutorial.html#Job+Authorization
Alex.
2014-02-20 4:58 GMT-05:00 Juan Carlos <jc...@cediant.es>:
> Where could I find some information about ACL? I only could find the
> available in
> http://hadoop.apache.org/docs/r2.2.0/hadoop-project-dist/hadoop-common/ServiceLevelAuth.html, which isn't so detailed.
> Regards
>
> Juan Carlos Fernández Rodríguez
> Consultor Tecnológico
>
> Telf: +34918105294
> Móvil: +34639311788
>
> CEDIANT
> Centro para el Desarrollo, Investigación y Aplicación de Nuevas Tecnologías
> HPC Business Solutions
>
> ********************* AVISO LEGAL *********************
> Este mensaje es solamente para la persona a la que va dirigido. Puede
> contener información confidencial o legalmente protegida. No hay renuncia a
> la confidencialidad o privilegio por cualquier transmisión mala/errónea. Si
> usted ha recibido este mensaje por error,le rogamos que borre de su sistema
> inmediatamente el mensaje asi como todas sus copias, destruya todas las
> copias del mismo de su disco duro y notifique al remitente. No debe,
> directa o indirectamente, usar, revelar, distribuir, imprimir o copiar
> ninguna de las partes de este mensaje si no es usted el destinatario.
> Cualquier opinión expresada en este mensaje proviene del remitente, excepto
> cuando el mensaje establezca lo contrario y el remitente esté autorizado
> para establecer que dichas opiniones provienen de 'CEDIANT'. Nótese que el
> correo electrónico vía Internet no permite asegurar ni la confidencialidad
> de los mensajes que se transmiten ni la correcta recepción de los mismos.
> En el caso de que el destinatario de este mensaje no consintiera la
> utilización del correo electrónico vía Internet, rogamos lo ponga en
> nuestro conocimiento de manera inmediata.
>
> ********************* DISCLAIMER *********************
> This message is intended exclusively for the named person. It may contain
> confidential, propietary or legally privileged information. No
> confidentiality or privilege is waived or lost by any mistransmission. If
> you receive this message in error, please immediately delete it and all
> copies of it from your system, destroy any hard copies of it an notify the
> sender. Your must not, directly or indirectly, use, disclose, distribute,
> print, or copy any part of this message if you are not the intended
> recipient. Any views expressed in this message are those of the individual
> sender, except where the message states otherwise and the sender is
> authorised to state them to be the views of 'CEDIANT'. Please note that
> internet e-mail neither guarantees the confidentiality nor the proper
> receipt of the message sent. If the addressee of this message does not
> consent to the use of internet e-mail, please communicate it to us
> immediately.
>
>
Re: Service Level Authorization
Posted by Alex Nastetsky <an...@spryinc.com>.
Juan,
What kind of information are you looking for? The service level ACLs are
for limiting which services can communicate under certain protocols, by
username or user group.
Perhaps you are looking for client level ACL, something like the MapReduce
ACLs?
https://hadoop.apache.org/docs/r1.2.1/mapred_tutorial.html#Job+Authorization
Alex.
2014-02-20 4:58 GMT-05:00 Juan Carlos <jc...@cediant.es>:
> Where could I find some information about ACL? I only could find the
> available in
> http://hadoop.apache.org/docs/r2.2.0/hadoop-project-dist/hadoop-common/ServiceLevelAuth.html, which isn't so detailed.
> Regards
>
> Juan Carlos Fernández Rodríguez
> Consultor Tecnológico
>
> Telf: +34918105294
> Móvil: +34639311788
>
> CEDIANT
> Centro para el Desarrollo, Investigación y Aplicación de Nuevas Tecnologías
> HPC Business Solutions
>
> ********************* AVISO LEGAL *********************
> Este mensaje es solamente para la persona a la que va dirigido. Puede
> contener información confidencial o legalmente protegida. No hay renuncia a
> la confidencialidad o privilegio por cualquier transmisión mala/errónea. Si
> usted ha recibido este mensaje por error,le rogamos que borre de su sistema
> inmediatamente el mensaje asi como todas sus copias, destruya todas las
> copias del mismo de su disco duro y notifique al remitente. No debe,
> directa o indirectamente, usar, revelar, distribuir, imprimir o copiar
> ninguna de las partes de este mensaje si no es usted el destinatario.
> Cualquier opinión expresada en este mensaje proviene del remitente, excepto
> cuando el mensaje establezca lo contrario y el remitente esté autorizado
> para establecer que dichas opiniones provienen de 'CEDIANT'. Nótese que el
> correo electrónico vía Internet no permite asegurar ni la confidencialidad
> de los mensajes que se transmiten ni la correcta recepción de los mismos.
> En el caso de que el destinatario de este mensaje no consintiera la
> utilización del correo electrónico vía Internet, rogamos lo ponga en
> nuestro conocimiento de manera inmediata.
>
> ********************* DISCLAIMER *********************
> This message is intended exclusively for the named person. It may contain
> confidential, propietary or legally privileged information. No
> confidentiality or privilege is waived or lost by any mistransmission. If
> you receive this message in error, please immediately delete it and all
> copies of it from your system, destroy any hard copies of it an notify the
> sender. Your must not, directly or indirectly, use, disclose, distribute,
> print, or copy any part of this message if you are not the intended
> recipient. Any views expressed in this message are those of the individual
> sender, except where the message states otherwise and the sender is
> authorised to state them to be the views of 'CEDIANT'. Please note that
> internet e-mail neither guarantees the confidentiality nor the proper
> receipt of the message sent. If the addressee of this message does not
> consent to the use of internet e-mail, please communicate it to us
> immediately.
>
>
Re: Service Level Authorization
Posted by Alex Nastetsky <an...@spryinc.com>.
Juan,
What kind of information are you looking for? The service level ACLs are
for limiting which services can communicate under certain protocols, by
username or user group.
Perhaps you are looking for client level ACL, something like the MapReduce
ACLs?
https://hadoop.apache.org/docs/r1.2.1/mapred_tutorial.html#Job+Authorization
Alex.
2014-02-20 4:58 GMT-05:00 Juan Carlos <jc...@cediant.es>:
> Where could I find some information about ACL? I only could find the
> available in
> http://hadoop.apache.org/docs/r2.2.0/hadoop-project-dist/hadoop-common/ServiceLevelAuth.html, which isn't so detailed.
> Regards
>
> Juan Carlos Fernández Rodríguez
> Consultor Tecnológico
>
> Telf: +34918105294
> Móvil: +34639311788
>
> CEDIANT
> Centro para el Desarrollo, Investigación y Aplicación de Nuevas Tecnologías
> HPC Business Solutions
>
> ********************* AVISO LEGAL *********************
> Este mensaje es solamente para la persona a la que va dirigido. Puede
> contener información confidencial o legalmente protegida. No hay renuncia a
> la confidencialidad o privilegio por cualquier transmisión mala/errónea. Si
> usted ha recibido este mensaje por error,le rogamos que borre de su sistema
> inmediatamente el mensaje asi como todas sus copias, destruya todas las
> copias del mismo de su disco duro y notifique al remitente. No debe,
> directa o indirectamente, usar, revelar, distribuir, imprimir o copiar
> ninguna de las partes de este mensaje si no es usted el destinatario.
> Cualquier opinión expresada en este mensaje proviene del remitente, excepto
> cuando el mensaje establezca lo contrario y el remitente esté autorizado
> para establecer que dichas opiniones provienen de 'CEDIANT'. Nótese que el
> correo electrónico vía Internet no permite asegurar ni la confidencialidad
> de los mensajes que se transmiten ni la correcta recepción de los mismos.
> En el caso de que el destinatario de este mensaje no consintiera la
> utilización del correo electrónico vía Internet, rogamos lo ponga en
> nuestro conocimiento de manera inmediata.
>
> ********************* DISCLAIMER *********************
> This message is intended exclusively for the named person. It may contain
> confidential, propietary or legally privileged information. No
> confidentiality or privilege is waived or lost by any mistransmission. If
> you receive this message in error, please immediately delete it and all
> copies of it from your system, destroy any hard copies of it an notify the
> sender. Your must not, directly or indirectly, use, disclose, distribute,
> print, or copy any part of this message if you are not the intended
> recipient. Any views expressed in this message are those of the individual
> sender, except where the message states otherwise and the sender is
> authorised to state them to be the views of 'CEDIANT'. Please note that
> internet e-mail neither guarantees the confidentiality nor the proper
> receipt of the message sent. If the addressee of this message does not
> consent to the use of internet e-mail, please communicate it to us
> immediately.
>
>