You are viewing a plain text version of this content. The canonical link for it is here.

Posted to yarn-issues@hadoop.apache.org by "Gordon Wang (JIRA)" <ji...@apache.org> on 2014/04/15 10:53:21 UTC

[jira] [Commented] (YARN-1941) Yarn scheduler ACL improvement

    [ https://issues.apache.org/jira/browse/YARN-1941?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13969349#comment-13969349 ] 

Gordon Wang commented on YARN-1941:
-----------------------------------

Checking scheduler queue ACL when submitting a APP to scheduler may derive from hadoop 1 in which there is no properties to enable ACL. But in yarn, since there is already a property to enable yarn acl. we should change the behaviour of the scheduler.

Your comments are very welcome. I think I can format a patch later. If I can get any comments from community, I will change my patch according to your opinion. 

Thanks in advance.

> Yarn scheduler ACL improvement
> ------------------------------
>
>                 Key: YARN-1941
>                 URL: https://issues.apache.org/jira/browse/YARN-1941
>             Project: Hadoop YARN
>          Issue Type: Improvement
>          Components: scheduler
>    Affects Versions: 2.3.0
>            Reporter: Gordon Wang
>              Labels: scheduler
>
> Defect:
> 1. Currently, in Yarn Capacity Scheduler and Yarn Fair Scheduler, the queue ACL is always checked when submitting a app to scheduler, regardless of the property "yarn.acl.enable".
> But for killing an app, the ACL is checked when yarn.acl.enable is set.
> The behaviour is not consistent.
> 2. default ACL for root queue is EVERYBODY_ACL(*), while default ACL for other queues is NODODY_ACL( ). From users' view, this is error prone and not easy to understand the ACL policy of Yarn scheduler. root queue should not be so special compared with other parent queues.
> For example, if I want to set capacity scheduler ACL, the ACL of root has to be set explicitly. Otherwise, everyone can submit APP to yarn scheduler. Because root queue ACL is EVERYBODY_ACL.
> This is hard for user to administrate yarn scheduler.
> So, I propose to improve the ACL of yarn scheduler in the following aspects.
> 1. only enable scheduler queue ACL when yarn.acl.enable is set to true.
> 2. set the default ACL of root queue as NOBODY_ACL( ). Make all the parent queues' ACL consistent.
>  



--
This message was sent by Atlassian JIRA
(v6.2#6252)