You are viewing a plain text version of this content. The canonical link for it is here.

Posted to yarn-issues@hadoop.apache.org by "Rajendranath Rengan (JIRA)" <ji...@apache.org> on 2016/06/06 18:29:21 UTC

[jira] [Created] (YARN-5201) Apache Ranger Yarn policies are not used

Rajendranath Rengan created YARN-5201:
-----------------------------------------

             Summary: Apache Ranger Yarn policies are not used
                 Key: YARN-5201
                 URL: https://issues.apache.org/jira/browse/YARN-5201
             Project: Hadoop YARN
          Issue Type: Bug
            Reporter: Rajendranath Rengan


Hi,

I have setup Apache Ranger in hadoop cluster and defined yarn policies to allow certain user to certain queue. 
Idea is to have user 'x' submit spark job only to queue 'x' and not to queue 'y'. when submitting spark job queue is mentioned as one of the arguments
But user 'x' is able to submit spark job to queue 'y'

Ranger audit logs shows the policy used is HDFS policy 
Yarn policy is not used at all.

I have enabled ranger plugin for YARN and defined yarn policy

Yarn ACL is also set to true

capacity scheduler setting as below:
yarn.scheduler.capacity.queue-mappings=u:user1:user1,u:user2:userr2
yarn.scheduler.capacity.root.acl_submit_applications=yarn,spark,hdfs
yarn.scheduler.capacity.root.customer1.acl_administer_jobs=user1
yarn.scheduler.capacity.root.customer1.acl_submit_applications=user1
yarn.scheduler.capacity.root.customer1.capacity=50
yarn.scheduler.capacity.root.customer1.maximum-capacity=100
yarn.scheduler.capacity.root.customer1.state=RUNNING
yarn.scheduler.capacity.root.customer1.user-limit-factor=1
yarn.scheduler.capacity.root.customer2.acl_administer_jobs=user2
yarn.scheduler.capacity.root.customer2.acl_submit_applications=user2
yarn.scheduler.capacity.root.customer2.capacity=50
yarn.scheduler.capacity.root.customer2.maximum-capacity=100
yarn.scheduler.capacity.root.customer2.state=RUNNING
yarn.scheduler.capacity.root.customer2.user-limit-factor=1
yarn.scheduler.capacity.root.queues=user1,user2

Thanks 
Rengan




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: yarn-issues-help@hadoop.apache.org