You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ambari.apache.org by Vitalyi Brodetskyi <vb...@hortonworks.com> on 2015/06/17 20:23:58 UTC

Review Request 35575: yarn acl related properties are open to everyone (*) for secure cluster

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/35575/
-----------------------------------------------------------

Review request for Ambari and Dmytro Sen.


Bugs: AMBARI-11983
    https://issues.apache.org/jira/browse/AMBARI-11983


Repository: ambari


Description
-------

In capacity-scheduler.xml, the followings are set by default and it is too open for secure cluster:
{noformat}
<property>
<name>yarn.scheduler.capacity.root.acl_administer_queue</name>
<value>*</value>
</property>
<property>
<name>yarn.scheduler.capacity.root.default.acl_administer_jobs</name>
<value>*</value>
</property>
<property>
<name>yarn.scheduler.capacity.root.default.acl_submit_applications</name>
<value>*</value>
</property>
{noformat}


Diffs
-----

  ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/kerberos.json PRE-CREATION 

Diff: https://reviews.apache.org/r/35575/diff/


Testing
-------

mvn clean test


Thanks,

Vitalyi Brodetskyi

Re: Review Request 35575: yarn acl related properties are open to everyone (*) for secure cluster

Posted by Dmytro Sen <ds...@hortonworks.com>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/35575/#review88257
-----------------------------------------------------------

Ship it!


Ship It!

- Dmytro Sen


On Июнь 17, 2015, 6:23 п.п., Vitalyi Brodetskyi wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/35575/
> -----------------------------------------------------------
> 
> (Updated Июнь 17, 2015, 6:23 п.п.)
> 
> 
> Review request for Ambari and Dmytro Sen.
> 
> 
> Bugs: AMBARI-11983
>     https://issues.apache.org/jira/browse/AMBARI-11983
> 
> 
> Repository: ambari
> 
> 
> Description
> -------
> 
> In capacity-scheduler.xml, the followings are set by default and it is too open for secure cluster:
> {noformat}
> <property>
> <name>yarn.scheduler.capacity.root.acl_administer_queue</name>
> <value>*</value>
> </property>
> <property>
> <name>yarn.scheduler.capacity.root.default.acl_administer_jobs</name>
> <value>*</value>
> </property>
> <property>
> <name>yarn.scheduler.capacity.root.default.acl_submit_applications</name>
> <value>*</value>
> </property>
> {noformat}
> 
> 
> Diffs
> -----
> 
>   ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/kerberos.json PRE-CREATION 
> 
> Diff: https://reviews.apache.org/r/35575/diff/
> 
> 
> Testing
> -------
> 
> mvn clean test
> 
> 
> Thanks,
> 
> Vitalyi Brodetskyi
> 
>