You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ambari.apache.org by Vitalyi Brodetskyi <vb...@hortonworks.com> on 2015/06/17 20:23:58 UTC
Review Request 35575: yarn acl related properties are open to
everyone (*) for secure cluster
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/35575/
-----------------------------------------------------------
Review request for Ambari and Dmytro Sen.
Bugs: AMBARI-11983
https://issues.apache.org/jira/browse/AMBARI-11983
Repository: ambari
Description
-------
In capacity-scheduler.xml, the followings are set by default and it is too open for secure cluster:
{noformat}
<property>
<name>yarn.scheduler.capacity.root.acl_administer_queue</name>
<value>*</value>
</property>
<property>
<name>yarn.scheduler.capacity.root.default.acl_administer_jobs</name>
<value>*</value>
</property>
<property>
<name>yarn.scheduler.capacity.root.default.acl_submit_applications</name>
<value>*</value>
</property>
{noformat}
Diffs
-----
ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/kerberos.json PRE-CREATION
Diff: https://reviews.apache.org/r/35575/diff/
Testing
-------
mvn clean test
Thanks,
Vitalyi Brodetskyi
Re: Review Request 35575: yarn acl related properties are open to
everyone (*) for secure cluster
Posted by Dmytro Sen <ds...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/35575/#review88257
-----------------------------------------------------------
Ship it!
Ship It!
- Dmytro Sen
On Июнь 17, 2015, 6:23 п.п., Vitalyi Brodetskyi wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/35575/
> -----------------------------------------------------------
>
> (Updated Июнь 17, 2015, 6:23 п.п.)
>
>
> Review request for Ambari and Dmytro Sen.
>
>
> Bugs: AMBARI-11983
> https://issues.apache.org/jira/browse/AMBARI-11983
>
>
> Repository: ambari
>
>
> Description
> -------
>
> In capacity-scheduler.xml, the followings are set by default and it is too open for secure cluster:
> {noformat}
> <property>
> <name>yarn.scheduler.capacity.root.acl_administer_queue</name>
> <value>*</value>
> </property>
> <property>
> <name>yarn.scheduler.capacity.root.default.acl_administer_jobs</name>
> <value>*</value>
> </property>
> <property>
> <name>yarn.scheduler.capacity.root.default.acl_submit_applications</name>
> <value>*</value>
> </property>
> {noformat}
>
>
> Diffs
> -----
>
> ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/kerberos.json PRE-CREATION
>
> Diff: https://reviews.apache.org/r/35575/diff/
>
>
> Testing
> -------
>
> mvn clean test
>
>
> Thanks,
>
> Vitalyi Brodetskyi
>
>