[jira] [Updated] (IMPALA-8418) Restrict user from setting resource limits to high values at session level

["Bikramjeet Vig (JIRA)" <ji...@apache.org>]

     [ https://issues.apache.org/jira/browse/IMPALA-8418?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Bikramjeet Vig updated IMPALA-8418:
-----------------------------------
    Description: 
A user/client can set a very high value for any of the resource limits (eg. MEM_LIMIT, THREAD_RESERVATION_AGGREGATE_LIMIT, etc) which can potentially make the cluster unstable and affect other queries.
 Possible solution to this problem can include restricting a user to override resource limits. However any solution would need to be scope, taking into account things like:
 - capping limits at the service level and/or the resource pool level
 - Effects of dynamically changing resource pools configs
 - Some implementation of safety valves - to cover cases like if we want to run a query with a value outside the range, e.g. some special query that needs tuning
 - Authorisation - who is allowed to change and/or override limit

Some form of this has been implemented in IMPALA-7349 where you can set min/max limits on mem_limit and using the clamp-mem-limit-query-option config, you can toggle whether these limits can be overridden by the user

  was:
A user/client can set a very high value for any of the resource limits (eg. MEM_LIMIT, THREAD_RESERVATION_AGGREGATE_LIMIT, etc) which can potentially make the cluster unstable and affect other queries.
Possible solution to this problem can include restricting a user to override resource limits. However any solution would need to be scope, taking into account things like:
- capping limits at the service level and/or the resource pool level
- Effects of dynamically changing resource pools configs
- Some implementation of safety valves - to cover cases like if we want to run a query with a value outside the range, e.g. some special query that needs tuning 
- Authorisation - who is allowed to change and/or override limit


> Restrict user from setting resource limits to high values at session level
> --------------------------------------------------------------------------
>
>                 Key: IMPALA-8418
>                 URL: https://issues.apache.org/jira/browse/IMPALA-8418
>             Project: IMPALA
>          Issue Type: Bug
>            Reporter: Bikramjeet Vig
>            Priority: Major
>
> A user/client can set a very high value for any of the resource limits (eg. MEM_LIMIT, THREAD_RESERVATION_AGGREGATE_LIMIT, etc) which can potentially make the cluster unstable and affect other queries.
>  Possible solution to this problem can include restricting a user to override resource limits. However any solution would need to be scope, taking into account things like:
>  - capping limits at the service level and/or the resource pool level
>  - Effects of dynamically changing resource pools configs
>  - Some implementation of safety valves - to cover cases like if we want to run a query with a value outside the range, e.g. some special query that needs tuning
>  - Authorisation - who is allowed to change and/or override limit
> Some form of this has been implemented in IMPALA-7349 where you can set min/max limits on mem_limit and using the clamp-mem-limit-query-option config, you can toggle whether these limits can be overridden by the user



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-all-unsubscribe@impala.apache.org
For additional commands, e-mail: issues-all-help@impala.apache.org