You are viewing a plain text version of this content. The canonical link for it is here.
Posted to mapreduce-issues@hadoop.apache.org by "Thomas Graves (Created) (JIRA)" <ji...@apache.org> on 2011/10/12 20:03:12 UTC
[jira] [Created] (MAPREDUCE-3175) Yarn httpservers not created with
access Control lists
Yarn httpservers not created with access Control lists
------------------------------------------------------
Key: MAPREDUCE-3175
URL: https://issues.apache.org/jira/browse/MAPREDUCE-3175
Project: Hadoop Map/Reduce
Issue Type: Bug
Components: mrv2
Affects Versions: 0.23.0
Reporter: Thomas Graves
Priority: Blocker
RM, NM, job history, and application master httpservers are not created with access Control lists. I believe this means that anyone can access any of the standard servlets that check to see if the user has administrator access - like /jmx, /stacks, etc and ops has no way to restrict access to these things.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (MAPREDUCE-3175) Yarn httpservers not created
with access Control lists
Posted by "Arun C Murthy (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/MAPREDUCE-3175?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13136621#comment-13136621 ]
Arun C Murthy commented on MAPREDUCE-3175:
------------------------------------------
+1 lgtm.
I'll commit once Mr. Jenkins waves it through.
> Yarn httpservers not created with access Control lists
> ------------------------------------------------------
>
> Key: MAPREDUCE-3175
> URL: https://issues.apache.org/jira/browse/MAPREDUCE-3175
> Project: Hadoop Map/Reduce
> Issue Type: Sub-task
> Components: mrv2
> Affects Versions: 0.23.0
> Reporter: Thomas Graves
> Assignee: Jonathan Eagles
> Priority: Blocker
> Attachments: MAPREDUCE-3175.patch, MAPREDUCE-3175.patch, MAPREDUCE-3175.patch, MAPREDUCE-3175.patch
>
>
> RM, NM, job history, and application master httpservers are not created with access Control lists. I believe this means that anyone can access any of the standard servlets that check to see if the user has administrator access - like /jmx, /stacks, etc and ops has no way to restrict access to these things.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (MAPREDUCE-3175) Yarn httpservers not created
with access Control lists
Posted by "Hudson (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/MAPREDUCE-3175?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13137130#comment-13137130 ]
Hudson commented on MAPREDUCE-3175:
-----------------------------------
Integrated in Hadoop-Hdfs-trunk #845 (See [https://builds.apache.org/job/Hadoop-Hdfs-trunk/845/])
MAPREDUCE-3175. Add authorization to admin web-pages such as /stacks, /jmx etc. Contributed by Jonathan Eagles.
acmurthy : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1189619
Files :
* /hadoop/common/trunk/hadoop-mapreduce-project/CHANGES.txt
* /hadoop/common/trunk/hadoop-mapreduce-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/security/AdminACLsManager.java
* /hadoop/common/trunk/hadoop-mapreduce-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/WebApps.java
* /hadoop/common/trunk/hadoop-mapreduce-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/java/org/apache/hadoop/yarn/server/security/ApplicationACLsManager.java
> Yarn httpservers not created with access Control lists
> ------------------------------------------------------
>
> Key: MAPREDUCE-3175
> URL: https://issues.apache.org/jira/browse/MAPREDUCE-3175
> Project: Hadoop Map/Reduce
> Issue Type: Sub-task
> Components: mrv2
> Affects Versions: 0.23.0
> Reporter: Thomas Graves
> Assignee: Jonathan Eagles
> Priority: Blocker
> Attachments: MAPREDUCE-3175.patch, MAPREDUCE-3175.patch, MAPREDUCE-3175.patch, MAPREDUCE-3175.patch, MAPREDUCE-3175.patch
>
>
> RM, NM, job history, and application master httpservers are not created with access Control lists. I believe this means that anyone can access any of the standard servlets that check to see if the user has administrator access - like /jmx, /stacks, etc and ops has no way to restrict access to these things.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (MAPREDUCE-3175) Yarn httpservers not created
with access Control lists
Posted by "Jonathan Eagles (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/MAPREDUCE-3175?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13135467#comment-13135467 ]
Jonathan Eagles commented on MAPREDUCE-3175:
--------------------------------------------
Will file another bug to address ease of use for non-MR apps.
> Yarn httpservers not created with access Control lists
> ------------------------------------------------------
>
> Key: MAPREDUCE-3175
> URL: https://issues.apache.org/jira/browse/MAPREDUCE-3175
> Project: Hadoop Map/Reduce
> Issue Type: Sub-task
> Components: mrv2
> Affects Versions: 0.23.0
> Reporter: Thomas Graves
> Assignee: Jonathan Eagles
> Priority: Blocker
> Attachments: MAPREDUCE-3175.patch, MAPREDUCE-3175.patch, MAPREDUCE-3175.patch
>
>
> RM, NM, job history, and application master httpservers are not created with access Control lists. I believe this means that anyone can access any of the standard servlets that check to see if the user has administrator access - like /jmx, /stacks, etc and ops has no way to restrict access to these things.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (MAPREDUCE-3175) Yarn httpservers not created
with access Control lists
Posted by "Hudson (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/MAPREDUCE-3175?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13136817#comment-13136817 ]
Hudson commented on MAPREDUCE-3175:
-----------------------------------
Integrated in Hadoop-Hdfs-trunk-Commit #1241 (See [https://builds.apache.org/job/Hadoop-Hdfs-trunk-Commit/1241/])
MAPREDUCE-3175. Add authorization to admin web-pages such as /stacks, /jmx etc. Contributed by Jonathan Eagles.
acmurthy : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1189619
Files :
* /hadoop/common/trunk/hadoop-mapreduce-project/CHANGES.txt
* /hadoop/common/trunk/hadoop-mapreduce-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/security/AdminACLsManager.java
* /hadoop/common/trunk/hadoop-mapreduce-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/WebApps.java
* /hadoop/common/trunk/hadoop-mapreduce-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/java/org/apache/hadoop/yarn/server/security/ApplicationACLsManager.java
> Yarn httpservers not created with access Control lists
> ------------------------------------------------------
>
> Key: MAPREDUCE-3175
> URL: https://issues.apache.org/jira/browse/MAPREDUCE-3175
> Project: Hadoop Map/Reduce
> Issue Type: Sub-task
> Components: mrv2
> Affects Versions: 0.23.0
> Reporter: Thomas Graves
> Assignee: Jonathan Eagles
> Priority: Blocker
> Attachments: MAPREDUCE-3175.patch, MAPREDUCE-3175.patch, MAPREDUCE-3175.patch, MAPREDUCE-3175.patch, MAPREDUCE-3175.patch
>
>
> RM, NM, job history, and application master httpservers are not created with access Control lists. I believe this means that anyone can access any of the standard servlets that check to see if the user has administrator access - like /jmx, /stacks, etc and ops has no way to restrict access to these things.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (MAPREDUCE-3175) Yarn httpservers not created
with access Control lists
Posted by "Hudson (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/MAPREDUCE-3175?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13137103#comment-13137103 ]
Hudson commented on MAPREDUCE-3175:
-----------------------------------
Integrated in Hadoop-Mapreduce-0.23-Build #64 (See [https://builds.apache.org/job/Hadoop-Mapreduce-0.23-Build/64/])
Merge -c 1189619 from trunk to branch-0.23 to fix MAPREDUCE-3175.
acmurthy : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1189628
Files :
* /hadoop/common/branches/branch-0.23/hadoop-mapreduce-project/CHANGES.txt
* /hadoop/common/branches/branch-0.23/hadoop-mapreduce-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/security/AdminACLsManager.java
* /hadoop/common/branches/branch-0.23/hadoop-mapreduce-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/WebApps.java
* /hadoop/common/branches/branch-0.23/hadoop-mapreduce-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/java/org/apache/hadoop/yarn/server/security/ApplicationACLsManager.java
> Yarn httpservers not created with access Control lists
> ------------------------------------------------------
>
> Key: MAPREDUCE-3175
> URL: https://issues.apache.org/jira/browse/MAPREDUCE-3175
> Project: Hadoop Map/Reduce
> Issue Type: Sub-task
> Components: mrv2
> Affects Versions: 0.23.0
> Reporter: Thomas Graves
> Assignee: Jonathan Eagles
> Priority: Blocker
> Attachments: MAPREDUCE-3175.patch, MAPREDUCE-3175.patch, MAPREDUCE-3175.patch, MAPREDUCE-3175.patch, MAPREDUCE-3175.patch
>
>
> RM, NM, job history, and application master httpservers are not created with access Control lists. I believe this means that anyone can access any of the standard servlets that check to see if the user has administrator access - like /jmx, /stacks, etc and ops has no way to restrict access to these things.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (MAPREDUCE-3175) Yarn httpservers not created
with access Control lists
Posted by "Jonathan Eagles (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/MAPREDUCE-3175?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13135488#comment-13135488 ]
Jonathan Eagles commented on MAPREDUCE-3175:
--------------------------------------------
Patch needs HADOOP-7764 to compile. Will post test results from my box.
> Yarn httpservers not created with access Control lists
> ------------------------------------------------------
>
> Key: MAPREDUCE-3175
> URL: https://issues.apache.org/jira/browse/MAPREDUCE-3175
> Project: Hadoop Map/Reduce
> Issue Type: Sub-task
> Components: mrv2
> Affects Versions: 0.23.0
> Reporter: Thomas Graves
> Assignee: Jonathan Eagles
> Priority: Blocker
> Attachments: MAPREDUCE-3175.patch, MAPREDUCE-3175.patch, MAPREDUCE-3175.patch
>
>
> RM, NM, job history, and application master httpservers are not created with access Control lists. I believe this means that anyone can access any of the standard servlets that check to see if the user has administrator access - like /jmx, /stacks, etc and ops has no way to restrict access to these things.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (MAPREDUCE-3175) Yarn httpservers not created
with access Control lists
Posted by "Hudson (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/MAPREDUCE-3175?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13137060#comment-13137060 ]
Hudson commented on MAPREDUCE-3175:
-----------------------------------
Integrated in Hadoop-Mapreduce-trunk #873 (See [https://builds.apache.org/job/Hadoop-Mapreduce-trunk/873/])
MAPREDUCE-3175. Add authorization to admin web-pages such as /stacks, /jmx etc. Contributed by Jonathan Eagles.
acmurthy : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1189619
Files :
* /hadoop/common/trunk/hadoop-mapreduce-project/CHANGES.txt
* /hadoop/common/trunk/hadoop-mapreduce-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/security/AdminACLsManager.java
* /hadoop/common/trunk/hadoop-mapreduce-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/WebApps.java
* /hadoop/common/trunk/hadoop-mapreduce-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/java/org/apache/hadoop/yarn/server/security/ApplicationACLsManager.java
> Yarn httpservers not created with access Control lists
> ------------------------------------------------------
>
> Key: MAPREDUCE-3175
> URL: https://issues.apache.org/jira/browse/MAPREDUCE-3175
> Project: Hadoop Map/Reduce
> Issue Type: Sub-task
> Components: mrv2
> Affects Versions: 0.23.0
> Reporter: Thomas Graves
> Assignee: Jonathan Eagles
> Priority: Blocker
> Attachments: MAPREDUCE-3175.patch, MAPREDUCE-3175.patch, MAPREDUCE-3175.patch, MAPREDUCE-3175.patch, MAPREDUCE-3175.patch
>
>
> RM, NM, job history, and application master httpservers are not created with access Control lists. I believe this means that anyone can access any of the standard servlets that check to see if the user has administrator access - like /jmx, /stacks, etc and ops has no way to restrict access to these things.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (MAPREDUCE-3175) Yarn httpservers not created with
access Control lists
Posted by "Jonathan Eagles (Updated) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/MAPREDUCE-3175?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jonathan Eagles updated MAPREDUCE-3175:
---------------------------------------
Status: Patch Available (was: Open)
> Yarn httpservers not created with access Control lists
> ------------------------------------------------------
>
> Key: MAPREDUCE-3175
> URL: https://issues.apache.org/jira/browse/MAPREDUCE-3175
> Project: Hadoop Map/Reduce
> Issue Type: Sub-task
> Components: mrv2
> Affects Versions: 0.23.0
> Reporter: Thomas Graves
> Assignee: Jonathan Eagles
> Priority: Blocker
> Attachments: MAPREDUCE-3175.patch, MAPREDUCE-3175.patch, MAPREDUCE-3175.patch, MAPREDUCE-3175.patch
>
>
> RM, NM, job history, and application master httpservers are not created with access Control lists. I believe this means that anyone can access any of the standard servlets that check to see if the user has administrator access - like /jmx, /stacks, etc and ops has no way to restrict access to these things.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (MAPREDUCE-3175) Yarn httpservers not created with
access Control lists
Posted by "Jonathan Eagles (Updated) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/MAPREDUCE-3175?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jonathan Eagles updated MAPREDUCE-3175:
---------------------------------------
Attachment: MAPREDUCE-3175.patch
> Yarn httpservers not created with access Control lists
> ------------------------------------------------------
>
> Key: MAPREDUCE-3175
> URL: https://issues.apache.org/jira/browse/MAPREDUCE-3175
> Project: Hadoop Map/Reduce
> Issue Type: Sub-task
> Components: mrv2
> Affects Versions: 0.23.0
> Reporter: Thomas Graves
> Assignee: Jonathan Eagles
> Priority: Blocker
> Attachments: MAPREDUCE-3175.patch, MAPREDUCE-3175.patch
>
>
> RM, NM, job history, and application master httpservers are not created with access Control lists. I believe this means that anyone can access any of the standard servlets that check to see if the user has administrator access - like /jmx, /stacks, etc and ops has no way to restrict access to these things.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (MAPREDUCE-3175) Yarn httpservers not created
with access Control lists
Posted by "Hudson (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/MAPREDUCE-3175?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13136824#comment-13136824 ]
Hudson commented on MAPREDUCE-3175:
-----------------------------------
Integrated in Hadoop-Hdfs-0.23-Commit #71 (See [https://builds.apache.org/job/Hadoop-Hdfs-0.23-Commit/71/])
Merge -c 1189619 from trunk to branch-0.23 to fix MAPREDUCE-3175.
acmurthy : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1189628
Files :
* /hadoop/common/branches/branch-0.23/hadoop-mapreduce-project/CHANGES.txt
* /hadoop/common/branches/branch-0.23/hadoop-mapreduce-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/security/AdminACLsManager.java
* /hadoop/common/branches/branch-0.23/hadoop-mapreduce-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/WebApps.java
* /hadoop/common/branches/branch-0.23/hadoop-mapreduce-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/java/org/apache/hadoop/yarn/server/security/ApplicationACLsManager.java
> Yarn httpservers not created with access Control lists
> ------------------------------------------------------
>
> Key: MAPREDUCE-3175
> URL: https://issues.apache.org/jira/browse/MAPREDUCE-3175
> Project: Hadoop Map/Reduce
> Issue Type: Sub-task
> Components: mrv2
> Affects Versions: 0.23.0
> Reporter: Thomas Graves
> Assignee: Jonathan Eagles
> Priority: Blocker
> Attachments: MAPREDUCE-3175.patch, MAPREDUCE-3175.patch, MAPREDUCE-3175.patch, MAPREDUCE-3175.patch, MAPREDUCE-3175.patch
>
>
> RM, NM, job history, and application master httpservers are not created with access Control lists. I believe this means that anyone can access any of the standard servlets that check to see if the user has administrator access - like /jmx, /stacks, etc and ops has no way to restrict access to these things.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (MAPREDUCE-3175) Yarn httpservers not created
with access Control lists
Posted by "Jonathan Eagles (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/MAPREDUCE-3175?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13136779#comment-13136779 ]
Jonathan Eagles commented on MAPREDUCE-3175:
--------------------------------------------
Here are the results of test-patch from my box.
-1 overall.
+1 @author. The patch does not contain any @author tags.
-1 tests included. The patch doesn't appear to include any new or modified tests.
Please justify why no new tests are needed for this patch.
Also please list what manual steps were performed to verify this patch.
+1 javadoc. The javadoc tool did not generate any warning messages.
+1 javac. The applied patch does not increase the total number of javac compiler warnings.
-1 findbugs. The patch appears to introduce 170 new Findbugs (version 1.3.9) warnings.
+1 release audit. The applied patch does not increase the total number of release audit warnings.
+1 core tests. The patch passed unit tests in .
+1 contrib tests. The patch passed contrib unit tests.
> Yarn httpservers not created with access Control lists
> ------------------------------------------------------
>
> Key: MAPREDUCE-3175
> URL: https://issues.apache.org/jira/browse/MAPREDUCE-3175
> Project: Hadoop Map/Reduce
> Issue Type: Sub-task
> Components: mrv2
> Affects Versions: 0.23.0
> Reporter: Thomas Graves
> Assignee: Jonathan Eagles
> Priority: Blocker
> Attachments: MAPREDUCE-3175.patch, MAPREDUCE-3175.patch, MAPREDUCE-3175.patch, MAPREDUCE-3175.patch, MAPREDUCE-3175.patch
>
>
> RM, NM, job history, and application master httpservers are not created with access Control lists. I believe this means that anyone can access any of the standard servlets that check to see if the user has administrator access - like /jmx, /stacks, etc and ops has no way to restrict access to these things.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (MAPREDUCE-3175) Yarn httpservers not created
with access Control lists
Posted by "Jonathan Eagles (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/MAPREDUCE-3175?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13136755#comment-13136755 ]
Jonathan Eagles commented on MAPREDUCE-3175:
--------------------------------------------
Updating patch for javadoc warnings
> Yarn httpservers not created with access Control lists
> ------------------------------------------------------
>
> Key: MAPREDUCE-3175
> URL: https://issues.apache.org/jira/browse/MAPREDUCE-3175
> Project: Hadoop Map/Reduce
> Issue Type: Sub-task
> Components: mrv2
> Affects Versions: 0.23.0
> Reporter: Thomas Graves
> Assignee: Jonathan Eagles
> Priority: Blocker
> Attachments: MAPREDUCE-3175.patch, MAPREDUCE-3175.patch, MAPREDUCE-3175.patch, MAPREDUCE-3175.patch, MAPREDUCE-3175.patch
>
>
> RM, NM, job history, and application master httpservers are not created with access Control lists. I believe this means that anyone can access any of the standard servlets that check to see if the user has administrator access - like /jmx, /stacks, etc and ops has no way to restrict access to these things.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (MAPREDUCE-3175) Yarn httpservers not created
with access Control lists
Posted by "Arun C Murthy (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/MAPREDUCE-3175?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13136733#comment-13136733 ]
Arun C Murthy commented on MAPREDUCE-3175:
------------------------------------------
Jonathan, can u run 'mvn test' and test-patch and post results?
> Yarn httpservers not created with access Control lists
> ------------------------------------------------------
>
> Key: MAPREDUCE-3175
> URL: https://issues.apache.org/jira/browse/MAPREDUCE-3175
> Project: Hadoop Map/Reduce
> Issue Type: Sub-task
> Components: mrv2
> Affects Versions: 0.23.0
> Reporter: Thomas Graves
> Assignee: Jonathan Eagles
> Priority: Blocker
> Attachments: MAPREDUCE-3175.patch, MAPREDUCE-3175.patch, MAPREDUCE-3175.patch, MAPREDUCE-3175.patch
>
>
> RM, NM, job history, and application master httpservers are not created with access Control lists. I believe this means that anyone can access any of the standard servlets that check to see if the user has administrator access - like /jmx, /stacks, etc and ops has no way to restrict access to these things.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (MAPREDUCE-3175) Yarn httpservers not created with
access Control lists
Posted by "Vinod Kumar Vavilapalli (Updated) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/MAPREDUCE-3175?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Vinod Kumar Vavilapalli updated MAPREDUCE-3175:
-----------------------------------------------
Issue Type: Sub-task (was: Bug)
Parent: MAPREDUCE-3101
> Yarn httpservers not created with access Control lists
> ------------------------------------------------------
>
> Key: MAPREDUCE-3175
> URL: https://issues.apache.org/jira/browse/MAPREDUCE-3175
> Project: Hadoop Map/Reduce
> Issue Type: Sub-task
> Components: mrv2
> Affects Versions: 0.23.0
> Reporter: Thomas Graves
> Priority: Blocker
>
> RM, NM, job history, and application master httpservers are not created with access Control lists. I believe this means that anyone can access any of the standard servlets that check to see if the user has administrator access - like /jmx, /stacks, etc and ops has no way to restrict access to these things.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Assigned] (MAPREDUCE-3175) Yarn httpservers not created
with access Control lists
Posted by "Jonathan Eagles (Assigned) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/MAPREDUCE-3175?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jonathan Eagles reassigned MAPREDUCE-3175:
------------------------------------------
Assignee: Jonathan Eagles
> Yarn httpservers not created with access Control lists
> ------------------------------------------------------
>
> Key: MAPREDUCE-3175
> URL: https://issues.apache.org/jira/browse/MAPREDUCE-3175
> Project: Hadoop Map/Reduce
> Issue Type: Sub-task
> Components: mrv2
> Affects Versions: 0.23.0
> Reporter: Thomas Graves
> Assignee: Jonathan Eagles
> Priority: Blocker
>
> RM, NM, job history, and application master httpservers are not created with access Control lists. I believe this means that anyone can access any of the standard servlets that check to see if the user has administrator access - like /jmx, /stacks, etc and ops has no way to restrict access to these things.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (MAPREDUCE-3175) Yarn httpservers not created
with access Control lists
Posted by "Hudson (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/MAPREDUCE-3175?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13137038#comment-13137038 ]
Hudson commented on MAPREDUCE-3175:
-----------------------------------
Integrated in Hadoop-Hdfs-0.23-Build #52 (See [https://builds.apache.org/job/Hadoop-Hdfs-0.23-Build/52/])
Merge -c 1189619 from trunk to branch-0.23 to fix MAPREDUCE-3175.
acmurthy : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1189628
Files :
* /hadoop/common/branches/branch-0.23/hadoop-mapreduce-project/CHANGES.txt
* /hadoop/common/branches/branch-0.23/hadoop-mapreduce-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/security/AdminACLsManager.java
* /hadoop/common/branches/branch-0.23/hadoop-mapreduce-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/WebApps.java
* /hadoop/common/branches/branch-0.23/hadoop-mapreduce-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/java/org/apache/hadoop/yarn/server/security/ApplicationACLsManager.java
> Yarn httpservers not created with access Control lists
> ------------------------------------------------------
>
> Key: MAPREDUCE-3175
> URL: https://issues.apache.org/jira/browse/MAPREDUCE-3175
> Project: Hadoop Map/Reduce
> Issue Type: Sub-task
> Components: mrv2
> Affects Versions: 0.23.0
> Reporter: Thomas Graves
> Assignee: Jonathan Eagles
> Priority: Blocker
> Attachments: MAPREDUCE-3175.patch, MAPREDUCE-3175.patch, MAPREDUCE-3175.patch, MAPREDUCE-3175.patch, MAPREDUCE-3175.patch
>
>
> RM, NM, job history, and application master httpservers are not created with access Control lists. I believe this means that anyone can access any of the standard servlets that check to see if the user has administrator access - like /jmx, /stacks, etc and ops has no way to restrict access to these things.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (MAPREDUCE-3175) Yarn httpservers not created with
access Control lists
Posted by "Jonathan Eagles (Updated) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/MAPREDUCE-3175?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jonathan Eagles updated MAPREDUCE-3175:
---------------------------------------
Attachment: MAPREDUCE-3175.patch
> Yarn httpservers not created with access Control lists
> ------------------------------------------------------
>
> Key: MAPREDUCE-3175
> URL: https://issues.apache.org/jira/browse/MAPREDUCE-3175
> Project: Hadoop Map/Reduce
> Issue Type: Sub-task
> Components: mrv2
> Affects Versions: 0.23.0
> Reporter: Thomas Graves
> Assignee: Jonathan Eagles
> Priority: Blocker
> Attachments: MAPREDUCE-3175.patch
>
>
> RM, NM, job history, and application master httpservers are not created with access Control lists. I believe this means that anyone can access any of the standard servlets that check to see if the user has administrator access - like /jmx, /stacks, etc and ops has no way to restrict access to these things.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (MAPREDUCE-3175) Yarn httpservers not created
with access Control lists
Posted by "Jonathan Eagles (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/MAPREDUCE-3175?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13135626#comment-13135626 ]
Jonathan Eagles commented on MAPREDUCE-3175:
--------------------------------------------
javadoc warnings are the same as last build.
findbugs seems to be getting confused
> Yarn httpservers not created with access Control lists
> ------------------------------------------------------
>
> Key: MAPREDUCE-3175
> URL: https://issues.apache.org/jira/browse/MAPREDUCE-3175
> Project: Hadoop Map/Reduce
> Issue Type: Sub-task
> Components: mrv2
> Affects Versions: 0.23.0
> Reporter: Thomas Graves
> Assignee: Jonathan Eagles
> Priority: Blocker
> Attachments: MAPREDUCE-3175.patch, MAPREDUCE-3175.patch, MAPREDUCE-3175.patch
>
>
> RM, NM, job history, and application master httpservers are not created with access Control lists. I believe this means that anyone can access any of the standard servlets that check to see if the user has administrator access - like /jmx, /stacks, etc and ops has no way to restrict access to these things.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (MAPREDUCE-3175) Yarn httpservers not created
with access Control lists
Posted by "Jonathan Eagles (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/MAPREDUCE-3175?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13136676#comment-13136676 ]
Jonathan Eagles commented on MAPREDUCE-3175:
--------------------------------------------
1153 fails in the same way, yet 1154 works.
Seems to be related to which build machine it is run on.
Hadoop3 and Hadoop4 just came online today and that is where the failures are happening.
https://builds.apache.org/view/G-L/view/Hadoop/job/PreCommit-MAPREDUCE-Build/buildTimeTrend
https://builds.apache.org/computer/hadoop4/builds
https://builds.apache.org/computer/hadoop3/builds
> Yarn httpservers not created with access Control lists
> ------------------------------------------------------
>
> Key: MAPREDUCE-3175
> URL: https://issues.apache.org/jira/browse/MAPREDUCE-3175
> Project: Hadoop Map/Reduce
> Issue Type: Sub-task
> Components: mrv2
> Affects Versions: 0.23.0
> Reporter: Thomas Graves
> Assignee: Jonathan Eagles
> Priority: Blocker
> Attachments: MAPREDUCE-3175.patch, MAPREDUCE-3175.patch, MAPREDUCE-3175.patch, MAPREDUCE-3175.patch
>
>
> RM, NM, job history, and application master httpservers are not created with access Control lists. I believe this means that anyone can access any of the standard servlets that check to see if the user has administrator access - like /jmx, /stacks, etc and ops has no way to restrict access to these things.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (MAPREDUCE-3175) Yarn httpservers not created
with access Control lists
Posted by "Hudson (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/MAPREDUCE-3175?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13136812#comment-13136812 ]
Hudson commented on MAPREDUCE-3175:
-----------------------------------
Integrated in Hadoop-Common-trunk-Commit #1164 (See [https://builds.apache.org/job/Hadoop-Common-trunk-Commit/1164/])
MAPREDUCE-3175. Add authorization to admin web-pages such as /stacks, /jmx etc. Contributed by Jonathan Eagles.
acmurthy : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1189619
Files :
* /hadoop/common/trunk/hadoop-mapreduce-project/CHANGES.txt
* /hadoop/common/trunk/hadoop-mapreduce-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/security/AdminACLsManager.java
* /hadoop/common/trunk/hadoop-mapreduce-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/WebApps.java
* /hadoop/common/trunk/hadoop-mapreduce-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/java/org/apache/hadoop/yarn/server/security/ApplicationACLsManager.java
> Yarn httpservers not created with access Control lists
> ------------------------------------------------------
>
> Key: MAPREDUCE-3175
> URL: https://issues.apache.org/jira/browse/MAPREDUCE-3175
> Project: Hadoop Map/Reduce
> Issue Type: Sub-task
> Components: mrv2
> Affects Versions: 0.23.0
> Reporter: Thomas Graves
> Assignee: Jonathan Eagles
> Priority: Blocker
> Attachments: MAPREDUCE-3175.patch, MAPREDUCE-3175.patch, MAPREDUCE-3175.patch, MAPREDUCE-3175.patch, MAPREDUCE-3175.patch
>
>
> RM, NM, job history, and application master httpservers are not created with access Control lists. I believe this means that anyone can access any of the standard servlets that check to see if the user has administrator access - like /jmx, /stacks, etc and ops has no way to restrict access to these things.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (MAPREDUCE-3175) Yarn httpservers not created
with access Control lists
Posted by "Jonathan Eagles (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/MAPREDUCE-3175?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13133177#comment-13133177 ]
Jonathan Eagles commented on MAPREDUCE-3175:
--------------------------------------------
Uploaded a starter patch to get some initial feed back on the design. This patch certainly limits access to admin only on authorization enabled cluster to /stack /metrics /logs /logLevel /conf and /jmx
* Verify overall design is correct
* Looking for a solution to not have to modify HttpServer
* What to do with JobACL in job history. Merge with ApplicationACLsManager?
* ApplicationACLsManager seems to ignore CommonConfigurationKeys.HADOOP_SECURITY_AUTHORIZATION
> Yarn httpservers not created with access Control lists
> ------------------------------------------------------
>
> Key: MAPREDUCE-3175
> URL: https://issues.apache.org/jira/browse/MAPREDUCE-3175
> Project: Hadoop Map/Reduce
> Issue Type: Sub-task
> Components: mrv2
> Affects Versions: 0.23.0
> Reporter: Thomas Graves
> Assignee: Jonathan Eagles
> Priority: Blocker
> Attachments: MAPREDUCE-3175.patch
>
>
> RM, NM, job history, and application master httpservers are not created with access Control lists. I believe this means that anyone can access any of the standard servlets that check to see if the user has administrator access - like /jmx, /stacks, etc and ops has no way to restrict access to these things.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (MAPREDUCE-3175) Yarn httpservers not created
with access Control lists
Posted by "Hudson (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/MAPREDUCE-3175?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13136821#comment-13136821 ]
Hudson commented on MAPREDUCE-3175:
-----------------------------------
Integrated in Hadoop-Common-0.23-Commit #70 (See [https://builds.apache.org/job/Hadoop-Common-0.23-Commit/70/])
Merge -c 1189619 from trunk to branch-0.23 to fix MAPREDUCE-3175.
acmurthy : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1189628
Files :
* /hadoop/common/branches/branch-0.23/hadoop-mapreduce-project/CHANGES.txt
* /hadoop/common/branches/branch-0.23/hadoop-mapreduce-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/security/AdminACLsManager.java
* /hadoop/common/branches/branch-0.23/hadoop-mapreduce-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/WebApps.java
* /hadoop/common/branches/branch-0.23/hadoop-mapreduce-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/java/org/apache/hadoop/yarn/server/security/ApplicationACLsManager.java
> Yarn httpservers not created with access Control lists
> ------------------------------------------------------
>
> Key: MAPREDUCE-3175
> URL: https://issues.apache.org/jira/browse/MAPREDUCE-3175
> Project: Hadoop Map/Reduce
> Issue Type: Sub-task
> Components: mrv2
> Affects Versions: 0.23.0
> Reporter: Thomas Graves
> Assignee: Jonathan Eagles
> Priority: Blocker
> Attachments: MAPREDUCE-3175.patch, MAPREDUCE-3175.patch, MAPREDUCE-3175.patch, MAPREDUCE-3175.patch, MAPREDUCE-3175.patch
>
>
> RM, NM, job history, and application master httpservers are not created with access Control lists. I believe this means that anyone can access any of the standard servlets that check to see if the user has administrator access - like /jmx, /stacks, etc and ops has no way to restrict access to these things.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (MAPREDUCE-3175) Yarn httpservers not created with
access Control lists
Posted by "Arun C Murthy (Updated) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/MAPREDUCE-3175?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Arun C Murthy updated MAPREDUCE-3175:
-------------------------------------
Resolution: Fixed
Status: Resolved (was: Patch Available)
I just committed this. Thanks Jonathan!
> Yarn httpservers not created with access Control lists
> ------------------------------------------------------
>
> Key: MAPREDUCE-3175
> URL: https://issues.apache.org/jira/browse/MAPREDUCE-3175
> Project: Hadoop Map/Reduce
> Issue Type: Sub-task
> Components: mrv2
> Affects Versions: 0.23.0
> Reporter: Thomas Graves
> Assignee: Jonathan Eagles
> Priority: Blocker
> Attachments: MAPREDUCE-3175.patch, MAPREDUCE-3175.patch, MAPREDUCE-3175.patch, MAPREDUCE-3175.patch, MAPREDUCE-3175.patch
>
>
> RM, NM, job history, and application master httpservers are not created with access Control lists. I believe this means that anyone can access any of the standard servlets that check to see if the user has administrator access - like /jmx, /stacks, etc and ops has no way to restrict access to these things.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (MAPREDUCE-3175) Yarn httpservers not created
with access Control lists
Posted by "Hadoop QA (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/MAPREDUCE-3175?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13135485#comment-13135485 ]
Hadoop QA commented on MAPREDUCE-3175:
--------------------------------------
-1 overall. Here are the results of testing the latest attachment
http://issues.apache.org/jira/secure/attachment/12500529/MAPREDUCE-3175.patch
against trunk revision .
+1 @author. The patch does not contain any @author tags.
+1 tests included. The patch appears to include 6 new or modified tests.
+1 javadoc. The javadoc tool did not generate any warning messages.
-1 javac. The patch appears to cause tar ant target to fail.
-1 findbugs. The patch appears to cause Findbugs (version 1.3.9) to fail.
+1 release audit. The applied patch does not increase the total number of release audit warnings.
-1 core tests. The patch failed the unit tests build
+1 contrib tests. The patch passed contrib unit tests.
Test results: https://builds.apache.org/job/PreCommit-MAPREDUCE-Build/1141//testReport/
Console output: https://builds.apache.org/job/PreCommit-MAPREDUCE-Build/1141//console
This message is automatically generated.
> Yarn httpservers not created with access Control lists
> ------------------------------------------------------
>
> Key: MAPREDUCE-3175
> URL: https://issues.apache.org/jira/browse/MAPREDUCE-3175
> Project: Hadoop Map/Reduce
> Issue Type: Sub-task
> Components: mrv2
> Affects Versions: 0.23.0
> Reporter: Thomas Graves
> Assignee: Jonathan Eagles
> Priority: Blocker
> Attachments: MAPREDUCE-3175.patch, MAPREDUCE-3175.patch, MAPREDUCE-3175.patch
>
>
> RM, NM, job history, and application master httpservers are not created with access Control lists. I believe this means that anyone can access any of the standard servlets that check to see if the user has administrator access - like /jmx, /stacks, etc and ops has no way to restrict access to these things.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (MAPREDUCE-3175) Yarn httpservers not created
with access Control lists
Posted by "Jonathan Eagles (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/MAPREDUCE-3175?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13136783#comment-13136783 ]
Jonathan Eagles commented on MAPREDUCE-3175:
--------------------------------------------
mvn test results
[INFO] Reactor Summary:
[INFO]
[INFO] hadoop-yarn-api ................................... SUCCESS [12.548s]
[INFO] hadoop-yarn-common ................................ SUCCESS [7.853s]
[INFO] hadoop-yarn-server-common ......................... SUCCESS [8.864s]
[INFO] hadoop-yarn-server-nodemanager .................... SUCCESS [42.338s]
[INFO] hadoop-yarn-server-web-proxy ...................... SUCCESS [0.644s]
[INFO] hadoop-yarn-server-resourcemanager ................ SUCCESS [1:01.114s]
[INFO] hadoop-yarn-server-tests .......................... SUCCESS [6.909s]
[INFO] hadoop-yarn-server ................................ SUCCESS [0.002s]
[INFO] hadoop-yarn-applications-distributedshell ......... SUCCESS [14.614s]
[INFO] hadoop-yarn-applications .......................... SUCCESS [0.002s]
[INFO] hadoop-yarn-site .................................. SUCCESS [0.340s]
[INFO] hadoop-yarn ....................................... SUCCESS [0.001s]
[INFO] hadoop-mapreduce-client-core ...................... SUCCESS [3.118s]
[INFO] hadoop-mapreduce-client-common .................... SUCCESS [8.019s]
[INFO] hadoop-mapreduce-client-shuffle ................... SUCCESS [1.422s]
[INFO] hadoop-mapreduce-client-app ....................... SUCCESS [1:06.022s]
[INFO] hadoop-mapreduce-client-hs ........................ SUCCESS [9.579s]
[INFO] hadoop-mapreduce-client-jobclient ................. SUCCESS [35.721s]
[INFO] hadoop-mapreduce-client ........................... SUCCESS [0.001s]
[INFO] hadoop-mapreduce .................................. SUCCESS [0.001s]
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 4:39.762s
[INFO] Finished at: Thu Oct 27 00:13:29 CDT 2011
[INFO] Final Memory: 56M/238M
[INFO] ------------------------------------------------------------------------
> Yarn httpservers not created with access Control lists
> ------------------------------------------------------
>
> Key: MAPREDUCE-3175
> URL: https://issues.apache.org/jira/browse/MAPREDUCE-3175
> Project: Hadoop Map/Reduce
> Issue Type: Sub-task
> Components: mrv2
> Affects Versions: 0.23.0
> Reporter: Thomas Graves
> Assignee: Jonathan Eagles
> Priority: Blocker
> Attachments: MAPREDUCE-3175.patch, MAPREDUCE-3175.patch, MAPREDUCE-3175.patch, MAPREDUCE-3175.patch, MAPREDUCE-3175.patch
>
>
> RM, NM, job history, and application master httpservers are not created with access Control lists. I believe this means that anyone can access any of the standard servlets that check to see if the user has administrator access - like /jmx, /stacks, etc and ops has no way to restrict access to these things.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (MAPREDUCE-3175) Yarn httpservers not created with
access Control lists
Posted by "Jonathan Eagles (Updated) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/MAPREDUCE-3175?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jonathan Eagles updated MAPREDUCE-3175:
---------------------------------------
Status: Open (was: Patch Available)
> Yarn httpservers not created with access Control lists
> ------------------------------------------------------
>
> Key: MAPREDUCE-3175
> URL: https://issues.apache.org/jira/browse/MAPREDUCE-3175
> Project: Hadoop Map/Reduce
> Issue Type: Sub-task
> Components: mrv2
> Affects Versions: 0.23.0
> Reporter: Thomas Graves
> Assignee: Jonathan Eagles
> Priority: Blocker
> Attachments: MAPREDUCE-3175.patch, MAPREDUCE-3175.patch, MAPREDUCE-3175.patch, MAPREDUCE-3175.patch
>
>
> RM, NM, job history, and application master httpservers are not created with access Control lists. I believe this means that anyone can access any of the standard servlets that check to see if the user has administrator access - like /jmx, /stacks, etc and ops has no way to restrict access to these things.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (MAPREDUCE-3175) Yarn httpservers not created
with access Control lists
Posted by "Mahadev konar (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/MAPREDUCE-3175?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13136624#comment-13136624 ]
Mahadev konar commented on MAPREDUCE-3175:
------------------------------------------
Jenkins is crashing on this patch.
Take a look at:
https://builds.apache.org/view/G-L/view/Hadoop/job/PreCommit-MAPREDUCE-Build/1158/
{noformat}
Compiling /home/jenkins/jenkins-slave/workspace/PreCommit-MAPREDUCE-Build/trunk
/home/jenkins/tools/maven/latest/bin/mvn clean test -DskipTests > /home/jenkins/jenkins-slave/workspace/PreCommit-MAPREDUCE-Build/patchprocess/trunkCompile.txt 2>&1
Top-level trunk compilation is broken?
{noformat}
Someone needs to debug if thats a real issue or not, or try out mvn clean test to see why its failing.
> Yarn httpservers not created with access Control lists
> ------------------------------------------------------
>
> Key: MAPREDUCE-3175
> URL: https://issues.apache.org/jira/browse/MAPREDUCE-3175
> Project: Hadoop Map/Reduce
> Issue Type: Sub-task
> Components: mrv2
> Affects Versions: 0.23.0
> Reporter: Thomas Graves
> Assignee: Jonathan Eagles
> Priority: Blocker
> Attachments: MAPREDUCE-3175.patch, MAPREDUCE-3175.patch, MAPREDUCE-3175.patch, MAPREDUCE-3175.patch
>
>
> RM, NM, job history, and application master httpservers are not created with access Control lists. I believe this means that anyone can access any of the standard servlets that check to see if the user has administrator access - like /jmx, /stacks, etc and ops has no way to restrict access to these things.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (MAPREDUCE-3175) Yarn httpservers not created with
access Control lists
Posted by "Jonathan Eagles (Updated) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/MAPREDUCE-3175?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jonathan Eagles updated MAPREDUCE-3175:
---------------------------------------
Attachment: MAPREDUCE-3175.patch
> Yarn httpservers not created with access Control lists
> ------------------------------------------------------
>
> Key: MAPREDUCE-3175
> URL: https://issues.apache.org/jira/browse/MAPREDUCE-3175
> Project: Hadoop Map/Reduce
> Issue Type: Sub-task
> Components: mrv2
> Affects Versions: 0.23.0
> Reporter: Thomas Graves
> Assignee: Jonathan Eagles
> Priority: Blocker
> Attachments: MAPREDUCE-3175.patch, MAPREDUCE-3175.patch, MAPREDUCE-3175.patch, MAPREDUCE-3175.patch, MAPREDUCE-3175.patch
>
>
> RM, NM, job history, and application master httpservers are not created with access Control lists. I believe this means that anyone can access any of the standard servlets that check to see if the user has administrator access - like /jmx, /stacks, etc and ops has no way to restrict access to these things.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (MAPREDUCE-3175) Yarn httpservers not created
with access Control lists
Posted by "Jonathan Eagles (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/MAPREDUCE-3175?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13136464#comment-13136464 ]
Jonathan Eagles commented on MAPREDUCE-3175:
--------------------------------------------
Uploaded a new patch addressing Arun's feedback.
Notes:
Ported ACLsManager admin functionality to yarn-common as AminACLsManager (did not port job or queue ACL functionality at this time)
ApplicationACLsManager now uses AdminACLsManager to store its admin information
> Yarn httpservers not created with access Control lists
> ------------------------------------------------------
>
> Key: MAPREDUCE-3175
> URL: https://issues.apache.org/jira/browse/MAPREDUCE-3175
> Project: Hadoop Map/Reduce
> Issue Type: Sub-task
> Components: mrv2
> Affects Versions: 0.23.0
> Reporter: Thomas Graves
> Assignee: Jonathan Eagles
> Priority: Blocker
> Attachments: MAPREDUCE-3175.patch, MAPREDUCE-3175.patch, MAPREDUCE-3175.patch, MAPREDUCE-3175.patch
>
>
> RM, NM, job history, and application master httpservers are not created with access Control lists. I believe this means that anyone can access any of the standard servlets that check to see if the user has administrator access - like /jmx, /stacks, etc and ops has no way to restrict access to these things.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (MAPREDUCE-3175) Yarn httpservers not created
with access Control lists
Posted by "Jonathan Eagles (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/MAPREDUCE-3175?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13136670#comment-13136670 ]
Jonathan Eagles commented on MAPREDUCE-3175:
--------------------------------------------
Not a good sign.
1158 trunkCompile.txt
/home/jenkins/jenkins-slave/workspace/PreCommit-MAPREDUCE-Build/trunk/dev-support/test-patch.sh: line 260: /home/jenkins/tools/maven/latest/bin/mvn: No such file or directory
1155, 1156, 1157 (3 different JIRAs and patches) all died in the same way
[ERROR] Failed to execute goal org.codehaus.mojo:make-maven-plugin:1.0-beta-1:autoreconf (compile) on project hadoop-yarn-server-nodemanager: autoreconf command returned an exit value != 0. Aborting build; see debug output for more information. -> [Help 1]
Seems like the build is broken. Will run it on my local machine to see the results.
> Yarn httpservers not created with access Control lists
> ------------------------------------------------------
>
> Key: MAPREDUCE-3175
> URL: https://issues.apache.org/jira/browse/MAPREDUCE-3175
> Project: Hadoop Map/Reduce
> Issue Type: Sub-task
> Components: mrv2
> Affects Versions: 0.23.0
> Reporter: Thomas Graves
> Assignee: Jonathan Eagles
> Priority: Blocker
> Attachments: MAPREDUCE-3175.patch, MAPREDUCE-3175.patch, MAPREDUCE-3175.patch, MAPREDUCE-3175.patch
>
>
> RM, NM, job history, and application master httpservers are not created with access Control lists. I believe this means that anyone can access any of the standard servlets that check to see if the user has administrator access - like /jmx, /stacks, etc and ops has no way to restrict access to these things.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (MAPREDUCE-3175) Yarn httpservers not created with
access Control lists
Posted by "Jonathan Eagles (Updated) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/MAPREDUCE-3175?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jonathan Eagles updated MAPREDUCE-3175:
---------------------------------------
Status: Patch Available (was: Open)
> Yarn httpservers not created with access Control lists
> ------------------------------------------------------
>
> Key: MAPREDUCE-3175
> URL: https://issues.apache.org/jira/browse/MAPREDUCE-3175
> Project: Hadoop Map/Reduce
> Issue Type: Sub-task
> Components: mrv2
> Affects Versions: 0.23.0
> Reporter: Thomas Graves
> Assignee: Jonathan Eagles
> Priority: Blocker
> Attachments: MAPREDUCE-3175.patch, MAPREDUCE-3175.patch, MAPREDUCE-3175.patch, MAPREDUCE-3175.patch
>
>
> RM, NM, job history, and application master httpservers are not created with access Control lists. I believe this means that anyone can access any of the standard servlets that check to see if the user has administrator access - like /jmx, /stacks, etc and ops has no way to restrict access to these things.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (MAPREDUCE-3175) Yarn httpservers not created
with access Control lists
Posted by "Jonathan Eagles (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/MAPREDUCE-3175?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13136738#comment-13136738 ]
Jonathan Eagles commented on MAPREDUCE-3175:
--------------------------------------------
Will do
> Yarn httpservers not created with access Control lists
> ------------------------------------------------------
>
> Key: MAPREDUCE-3175
> URL: https://issues.apache.org/jira/browse/MAPREDUCE-3175
> Project: Hadoop Map/Reduce
> Issue Type: Sub-task
> Components: mrv2
> Affects Versions: 0.23.0
> Reporter: Thomas Graves
> Assignee: Jonathan Eagles
> Priority: Blocker
> Attachments: MAPREDUCE-3175.patch, MAPREDUCE-3175.patch, MAPREDUCE-3175.patch, MAPREDUCE-3175.patch
>
>
> RM, NM, job history, and application master httpservers are not created with access Control lists. I believe this means that anyone can access any of the standard servlets that check to see if the user has administrator access - like /jmx, /stacks, etc and ops has no way to restrict access to these things.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (MAPREDUCE-3175) Yarn httpservers not created with
access Control lists
Posted by "Jonathan Eagles (Updated) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/MAPREDUCE-3175?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jonathan Eagles updated MAPREDUCE-3175:
---------------------------------------
Attachment: MAPREDUCE-3175.patch
> Yarn httpservers not created with access Control lists
> ------------------------------------------------------
>
> Key: MAPREDUCE-3175
> URL: https://issues.apache.org/jira/browse/MAPREDUCE-3175
> Project: Hadoop Map/Reduce
> Issue Type: Sub-task
> Components: mrv2
> Affects Versions: 0.23.0
> Reporter: Thomas Graves
> Assignee: Jonathan Eagles
> Priority: Blocker
> Attachments: MAPREDUCE-3175.patch, MAPREDUCE-3175.patch, MAPREDUCE-3175.patch
>
>
> RM, NM, job history, and application master httpservers are not created with access Control lists. I believe this means that anyone can access any of the standard servlets that check to see if the user has administrator access - like /jmx, /stacks, etc and ops has no way to restrict access to these things.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (MAPREDUCE-3175) Yarn httpservers not created
with access Control lists
Posted by "Hudson (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/MAPREDUCE-3175?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13136855#comment-13136855 ]
Hudson commented on MAPREDUCE-3175:
-----------------------------------
Integrated in Hadoop-Mapreduce-0.23-Commit #67 (See [https://builds.apache.org/job/Hadoop-Mapreduce-0.23-Commit/67/])
Merge -c 1189619 from trunk to branch-0.23 to fix MAPREDUCE-3175.
acmurthy : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1189628
Files :
* /hadoop/common/branches/branch-0.23/hadoop-mapreduce-project/CHANGES.txt
* /hadoop/common/branches/branch-0.23/hadoop-mapreduce-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/security/AdminACLsManager.java
* /hadoop/common/branches/branch-0.23/hadoop-mapreduce-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/WebApps.java
* /hadoop/common/branches/branch-0.23/hadoop-mapreduce-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/java/org/apache/hadoop/yarn/server/security/ApplicationACLsManager.java
> Yarn httpservers not created with access Control lists
> ------------------------------------------------------
>
> Key: MAPREDUCE-3175
> URL: https://issues.apache.org/jira/browse/MAPREDUCE-3175
> Project: Hadoop Map/Reduce
> Issue Type: Sub-task
> Components: mrv2
> Affects Versions: 0.23.0
> Reporter: Thomas Graves
> Assignee: Jonathan Eagles
> Priority: Blocker
> Attachments: MAPREDUCE-3175.patch, MAPREDUCE-3175.patch, MAPREDUCE-3175.patch, MAPREDUCE-3175.patch, MAPREDUCE-3175.patch
>
>
> RM, NM, job history, and application master httpservers are not created with access Control lists. I believe this means that anyone can access any of the standard servlets that check to see if the user has administrator access - like /jmx, /stacks, etc and ops has no way to restrict access to these things.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (MAPREDUCE-3175) Yarn httpservers not created
with access Control lists
Posted by "Hadoop QA (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/MAPREDUCE-3175?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13136506#comment-13136506 ]
Hadoop QA commented on MAPREDUCE-3175:
--------------------------------------
-1 overall. Here are the results of testing the latest attachment
http://issues.apache.org/jira/secure/attachment/12500967/MAPREDUCE-3175.patch
against trunk revision .
+1 @author. The patch does not contain any @author tags.
-1 tests included. The patch doesn't appear to include any new or modified tests.
Please justify why no new tests are needed for this patch.
Also please list what manual steps were performed to verify this patch.
-1 javadoc. The javadoc tool appears to have generated 2 warning messages.
+1 javac. The applied patch does not increase the total number of javac compiler warnings.
-1 findbugs. The patch appears to introduce 170 new Findbugs (version 1.3.9) warnings.
+1 release audit. The applied patch does not increase the total number of release audit warnings.
-1 core tests. The patch failed the unit tests build
+1 contrib tests. The patch passed contrib unit tests.
Test results: https://builds.apache.org/job/PreCommit-MAPREDUCE-Build/1155//testReport/
Findbugs warnings: https://builds.apache.org/job/PreCommit-MAPREDUCE-Build/1155//artifact/trunk/hadoop-mapreduce-project/patchprocess/newPatchFindbugsWarningshadoop-mapreduce-client-common.html
Findbugs warnings: https://builds.apache.org/job/PreCommit-MAPREDUCE-Build/1155//artifact/trunk/hadoop-mapreduce-project/patchprocess/newPatchFindbugsWarningshadoop-mapreduce-client-app.html
Findbugs warnings: https://builds.apache.org/job/PreCommit-MAPREDUCE-Build/1155//artifact/trunk/hadoop-mapreduce-project/patchprocess/newPatchFindbugsWarningshadoop-mapreduce-client-core.html
Findbugs warnings: https://builds.apache.org/job/PreCommit-MAPREDUCE-Build/1155//artifact/trunk/hadoop-mapreduce-project/patchprocess/newPatchFindbugsWarningshadoop-yarn-server-resourcemanager.html
Findbugs warnings: https://builds.apache.org/job/PreCommit-MAPREDUCE-Build/1155//artifact/trunk/hadoop-mapreduce-project/patchprocess/newPatchFindbugsWarningshadoop-yarn-server-web-proxy.html
Findbugs warnings: https://builds.apache.org/job/PreCommit-MAPREDUCE-Build/1155//artifact/trunk/hadoop-mapreduce-project/patchprocess/newPatchFindbugsWarningshadoop-yarn-server-nodemanager.html
Findbugs warnings: https://builds.apache.org/job/PreCommit-MAPREDUCE-Build/1155//artifact/trunk/hadoop-mapreduce-project/patchprocess/newPatchFindbugsWarningshadoop-yarn-common.html
Console output: https://builds.apache.org/job/PreCommit-MAPREDUCE-Build/1155//console
This message is automatically generated.
> Yarn httpservers not created with access Control lists
> ------------------------------------------------------
>
> Key: MAPREDUCE-3175
> URL: https://issues.apache.org/jira/browse/MAPREDUCE-3175
> Project: Hadoop Map/Reduce
> Issue Type: Sub-task
> Components: mrv2
> Affects Versions: 0.23.0
> Reporter: Thomas Graves
> Assignee: Jonathan Eagles
> Priority: Blocker
> Attachments: MAPREDUCE-3175.patch, MAPREDUCE-3175.patch, MAPREDUCE-3175.patch, MAPREDUCE-3175.patch
>
>
> RM, NM, job history, and application master httpservers are not created with access Control lists. I believe this means that anyone can access any of the standard servlets that check to see if the user has administrator access - like /jmx, /stacks, etc and ops has no way to restrict access to these things.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (MAPREDUCE-3175) Yarn httpservers not created with
access Control lists
Posted by "Jonathan Eagles (Updated) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/MAPREDUCE-3175?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jonathan Eagles updated MAPREDUCE-3175:
---------------------------------------
Status: Open (was: Patch Available)
> Yarn httpservers not created with access Control lists
> ------------------------------------------------------
>
> Key: MAPREDUCE-3175
> URL: https://issues.apache.org/jira/browse/MAPREDUCE-3175
> Project: Hadoop Map/Reduce
> Issue Type: Sub-task
> Components: mrv2
> Affects Versions: 0.23.0
> Reporter: Thomas Graves
> Assignee: Jonathan Eagles
> Priority: Blocker
> Attachments: MAPREDUCE-3175.patch, MAPREDUCE-3175.patch, MAPREDUCE-3175.patch, MAPREDUCE-3175.patch
>
>
> RM, NM, job history, and application master httpservers are not created with access Control lists. I believe this means that anyone can access any of the standard servlets that check to see if the user has administrator access - like /jmx, /stacks, etc and ops has no way to restrict access to these things.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (MAPREDUCE-3175) Yarn httpservers not created
with access Control lists
Posted by "Hadoop QA (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/MAPREDUCE-3175?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13136759#comment-13136759 ]
Hadoop QA commented on MAPREDUCE-3175:
--------------------------------------
-1 overall. Here are the results of testing the latest attachment
http://issues.apache.org/jira/secure/attachment/12501025/MAPREDUCE-3175.patch
against trunk revision .
+1 @author. The patch does not contain any @author tags.
-1 tests included. The patch doesn't appear to include any new or modified tests.
Please justify why no new tests are needed for this patch.
Also please list what manual steps were performed to verify this patch.
+1 javadoc. The javadoc tool did not generate any warning messages.
+1 javac. The applied patch does not increase the total number of javac compiler warnings.
-1 findbugs. The patch appears to introduce 170 new Findbugs (version 1.3.9) warnings.
+1 release audit. The applied patch does not increase the total number of release audit warnings.
-1 core tests. The patch failed the unit tests build
+1 contrib tests. The patch passed contrib unit tests.
Test results: https://builds.apache.org/job/PreCommit-MAPREDUCE-Build/1163//testReport/
Findbugs warnings: https://builds.apache.org/job/PreCommit-MAPREDUCE-Build/1163//artifact/trunk/hadoop-mapreduce-project/patchprocess/newPatchFindbugsWarningshadoop-mapreduce-client-common.html
Findbugs warnings: https://builds.apache.org/job/PreCommit-MAPREDUCE-Build/1163//artifact/trunk/hadoop-mapreduce-project/patchprocess/newPatchFindbugsWarningshadoop-mapreduce-client-app.html
Findbugs warnings: https://builds.apache.org/job/PreCommit-MAPREDUCE-Build/1163//artifact/trunk/hadoop-mapreduce-project/patchprocess/newPatchFindbugsWarningshadoop-mapreduce-client-core.html
Findbugs warnings: https://builds.apache.org/job/PreCommit-MAPREDUCE-Build/1163//artifact/trunk/hadoop-mapreduce-project/patchprocess/newPatchFindbugsWarningshadoop-yarn-server-resourcemanager.html
Findbugs warnings: https://builds.apache.org/job/PreCommit-MAPREDUCE-Build/1163//artifact/trunk/hadoop-mapreduce-project/patchprocess/newPatchFindbugsWarningshadoop-yarn-server-web-proxy.html
Findbugs warnings: https://builds.apache.org/job/PreCommit-MAPREDUCE-Build/1163//artifact/trunk/hadoop-mapreduce-project/patchprocess/newPatchFindbugsWarningshadoop-yarn-server-nodemanager.html
Findbugs warnings: https://builds.apache.org/job/PreCommit-MAPREDUCE-Build/1163//artifact/trunk/hadoop-mapreduce-project/patchprocess/newPatchFindbugsWarningshadoop-yarn-common.html
Console output: https://builds.apache.org/job/PreCommit-MAPREDUCE-Build/1163//console
This message is automatically generated.
> Yarn httpservers not created with access Control lists
> ------------------------------------------------------
>
> Key: MAPREDUCE-3175
> URL: https://issues.apache.org/jira/browse/MAPREDUCE-3175
> Project: Hadoop Map/Reduce
> Issue Type: Sub-task
> Components: mrv2
> Affects Versions: 0.23.0
> Reporter: Thomas Graves
> Assignee: Jonathan Eagles
> Priority: Blocker
> Attachments: MAPREDUCE-3175.patch, MAPREDUCE-3175.patch, MAPREDUCE-3175.patch, MAPREDUCE-3175.patch, MAPREDUCE-3175.patch
>
>
> RM, NM, job history, and application master httpservers are not created with access Control lists. I believe this means that anyone can access any of the standard servlets that check to see if the user has administrator access - like /jmx, /stacks, etc and ops has no way to restrict access to these things.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (MAPREDUCE-3175) Yarn httpservers not created
with access Control lists
Posted by "Jonathan Eagles (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/MAPREDUCE-3175?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13135463#comment-13135463 ]
Jonathan Eagles commented on MAPREDUCE-3175:
--------------------------------------------
Since this change only connected the ACLs to the HttpServer, I have added no tests since classes inheriting from WebApp are not very testable. Manual tests confirm /stack /metrics /logs /logLevel /conf and /jmx are not accessible by other users from RM, NM, HS, and AM.
> Yarn httpservers not created with access Control lists
> ------------------------------------------------------
>
> Key: MAPREDUCE-3175
> URL: https://issues.apache.org/jira/browse/MAPREDUCE-3175
> Project: Hadoop Map/Reduce
> Issue Type: Sub-task
> Components: mrv2
> Affects Versions: 0.23.0
> Reporter: Thomas Graves
> Assignee: Jonathan Eagles
> Priority: Blocker
> Attachments: MAPREDUCE-3175.patch, MAPREDUCE-3175.patch, MAPREDUCE-3175.patch
>
>
> RM, NM, job history, and application master httpservers are not created with access Control lists. I believe this means that anyone can access any of the standard servlets that check to see if the user has administrator access - like /jmx, /stacks, etc and ops has no way to restrict access to these things.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (MAPREDUCE-3175) Yarn httpservers not created
with access Control lists
Posted by "Jonathan Eagles (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/MAPREDUCE-3175?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13136816#comment-13136816 ]
Jonathan Eagles commented on MAPREDUCE-3175:
--------------------------------------------
Thanks for the review and commit, Arun!
> Yarn httpservers not created with access Control lists
> ------------------------------------------------------
>
> Key: MAPREDUCE-3175
> URL: https://issues.apache.org/jira/browse/MAPREDUCE-3175
> Project: Hadoop Map/Reduce
> Issue Type: Sub-task
> Components: mrv2
> Affects Versions: 0.23.0
> Reporter: Thomas Graves
> Assignee: Jonathan Eagles
> Priority: Blocker
> Attachments: MAPREDUCE-3175.patch, MAPREDUCE-3175.patch, MAPREDUCE-3175.patch, MAPREDUCE-3175.patch, MAPREDUCE-3175.patch
>
>
> RM, NM, job history, and application master httpservers are not created with access Control lists. I believe this means that anyone can access any of the standard servlets that check to see if the user has administrator access - like /jmx, /stacks, etc and ops has no way to restrict access to these things.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (MAPREDUCE-3175) Yarn httpservers not created with
access Control lists
Posted by "Mahadev konar (Updated) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/MAPREDUCE-3175?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Mahadev konar updated MAPREDUCE-3175:
-------------------------------------
Fix Version/s: 0.23.0
> Yarn httpservers not created with access Control lists
> ------------------------------------------------------
>
> Key: MAPREDUCE-3175
> URL: https://issues.apache.org/jira/browse/MAPREDUCE-3175
> Project: Hadoop Map/Reduce
> Issue Type: Sub-task
> Components: mrv2
> Affects Versions: 0.23.0
> Reporter: Thomas Graves
> Assignee: Jonathan Eagles
> Priority: Blocker
> Fix For: 0.23.0
>
> Attachments: MAPREDUCE-3175.patch, MAPREDUCE-3175.patch, MAPREDUCE-3175.patch, MAPREDUCE-3175.patch, MAPREDUCE-3175.patch
>
>
> RM, NM, job history, and application master httpservers are not created with access Control lists. I believe this means that anyone can access any of the standard servlets that check to see if the user has administrator access - like /jmx, /stacks, etc and ops has no way to restrict access to these things.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (MAPREDUCE-3175) Yarn httpservers not created
with access Control lists
Posted by "Jonathan Eagles (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/MAPREDUCE-3175?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13136781#comment-13136781 ]
Jonathan Eagles commented on MAPREDUCE-3175:
--------------------------------------------
170 findbugs warnings seems to be normal right now
> Yarn httpservers not created with access Control lists
> ------------------------------------------------------
>
> Key: MAPREDUCE-3175
> URL: https://issues.apache.org/jira/browse/MAPREDUCE-3175
> Project: Hadoop Map/Reduce
> Issue Type: Sub-task
> Components: mrv2
> Affects Versions: 0.23.0
> Reporter: Thomas Graves
> Assignee: Jonathan Eagles
> Priority: Blocker
> Attachments: MAPREDUCE-3175.patch, MAPREDUCE-3175.patch, MAPREDUCE-3175.patch, MAPREDUCE-3175.patch, MAPREDUCE-3175.patch
>
>
> RM, NM, job history, and application master httpservers are not created with access Control lists. I believe this means that anyone can access any of the standard servlets that check to see if the user has administrator access - like /jmx, /stacks, etc and ops has no way to restrict access to these things.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (MAPREDUCE-3175) Yarn httpservers not created
with access Control lists
Posted by "Jonathan Eagles (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/MAPREDUCE-3175?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13136539#comment-13136539 ]
Jonathan Eagles commented on MAPREDUCE-3175:
--------------------------------------------
New files added by this patch
hadoop-mapreduce-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/security/AdminACLsManager.java
> Yarn httpservers not created with access Control lists
> ------------------------------------------------------
>
> Key: MAPREDUCE-3175
> URL: https://issues.apache.org/jira/browse/MAPREDUCE-3175
> Project: Hadoop Map/Reduce
> Issue Type: Sub-task
> Components: mrv2
> Affects Versions: 0.23.0
> Reporter: Thomas Graves
> Assignee: Jonathan Eagles
> Priority: Blocker
> Attachments: MAPREDUCE-3175.patch, MAPREDUCE-3175.patch, MAPREDUCE-3175.patch, MAPREDUCE-3175.patch
>
>
> RM, NM, job history, and application master httpservers are not created with access Control lists. I believe this means that anyone can access any of the standard servlets that check to see if the user has administrator access - like /jmx, /stacks, etc and ops has no way to restrict access to these things.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (MAPREDUCE-3175) Yarn httpservers not created with
access Control lists
Posted by "Jonathan Eagles (Updated) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/MAPREDUCE-3175?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jonathan Eagles updated MAPREDUCE-3175:
---------------------------------------
Status: Patch Available (was: Open)
> Yarn httpservers not created with access Control lists
> ------------------------------------------------------
>
> Key: MAPREDUCE-3175
> URL: https://issues.apache.org/jira/browse/MAPREDUCE-3175
> Project: Hadoop Map/Reduce
> Issue Type: Sub-task
> Components: mrv2
> Affects Versions: 0.23.0
> Reporter: Thomas Graves
> Assignee: Jonathan Eagles
> Priority: Blocker
> Attachments: MAPREDUCE-3175.patch, MAPREDUCE-3175.patch, MAPREDUCE-3175.patch, MAPREDUCE-3175.patch
>
>
> RM, NM, job history, and application master httpservers are not created with access Control lists. I believe this means that anyone can access any of the standard servlets that check to see if the user has administrator access - like /jmx, /stacks, etc and ops has no way to restrict access to these things.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (MAPREDUCE-3175) Yarn httpservers not created with
access Control lists
Posted by "Jonathan Eagles (Updated) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/MAPREDUCE-3175?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jonathan Eagles updated MAPREDUCE-3175:
---------------------------------------
Status: Patch Available (was: Open)
> Yarn httpservers not created with access Control lists
> ------------------------------------------------------
>
> Key: MAPREDUCE-3175
> URL: https://issues.apache.org/jira/browse/MAPREDUCE-3175
> Project: Hadoop Map/Reduce
> Issue Type: Sub-task
> Components: mrv2
> Affects Versions: 0.23.0
> Reporter: Thomas Graves
> Assignee: Jonathan Eagles
> Priority: Blocker
> Attachments: MAPREDUCE-3175.patch, MAPREDUCE-3175.patch, MAPREDUCE-3175.patch
>
>
> RM, NM, job history, and application master httpservers are not created with access Control lists. I believe this means that anyone can access any of the standard servlets that check to see if the user has administrator access - like /jmx, /stacks, etc and ops has no way to restrict access to these things.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (MAPREDUCE-3175) Yarn httpservers not created with
access Control lists
Posted by "Arun C Murthy (Updated) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/MAPREDUCE-3175?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Arun C Murthy updated MAPREDUCE-3175:
-------------------------------------
Status: Open (was: Patch Available)
Seems ok, one nit - move ApplicationACLsManager to yarn-common rather than add module deps for yarn-server-common.
> Yarn httpservers not created with access Control lists
> ------------------------------------------------------
>
> Key: MAPREDUCE-3175
> URL: https://issues.apache.org/jira/browse/MAPREDUCE-3175
> Project: Hadoop Map/Reduce
> Issue Type: Sub-task
> Components: mrv2
> Affects Versions: 0.23.0
> Reporter: Thomas Graves
> Assignee: Jonathan Eagles
> Priority: Blocker
> Attachments: MAPREDUCE-3175.patch, MAPREDUCE-3175.patch, MAPREDUCE-3175.patch
>
>
> RM, NM, job history, and application master httpservers are not created with access Control lists. I believe this means that anyone can access any of the standard servlets that check to see if the user has administrator access - like /jmx, /stacks, etc and ops has no way to restrict access to these things.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (MAPREDUCE-3175) Yarn httpservers not created with
access Control lists
Posted by "Jonathan Eagles (Updated) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/MAPREDUCE-3175?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jonathan Eagles updated MAPREDUCE-3175:
---------------------------------------
Attachment: MAPREDUCE-3175.patch
> Yarn httpservers not created with access Control lists
> ------------------------------------------------------
>
> Key: MAPREDUCE-3175
> URL: https://issues.apache.org/jira/browse/MAPREDUCE-3175
> Project: Hadoop Map/Reduce
> Issue Type: Sub-task
> Components: mrv2
> Affects Versions: 0.23.0
> Reporter: Thomas Graves
> Assignee: Jonathan Eagles
> Priority: Blocker
> Attachments: MAPREDUCE-3175.patch, MAPREDUCE-3175.patch, MAPREDUCE-3175.patch, MAPREDUCE-3175.patch
>
>
> RM, NM, job history, and application master httpservers are not created with access Control lists. I believe this means that anyone can access any of the standard servlets that check to see if the user has administrator access - like /jmx, /stacks, etc and ops has no way to restrict access to these things.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (MAPREDUCE-3175) Yarn httpservers not created with
access Control lists
Posted by "Jonathan Eagles (Updated) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/MAPREDUCE-3175?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jonathan Eagles updated MAPREDUCE-3175:
---------------------------------------
Status: Patch Available (was: Open)
> Yarn httpservers not created with access Control lists
> ------------------------------------------------------
>
> Key: MAPREDUCE-3175
> URL: https://issues.apache.org/jira/browse/MAPREDUCE-3175
> Project: Hadoop Map/Reduce
> Issue Type: Sub-task
> Components: mrv2
> Affects Versions: 0.23.0
> Reporter: Thomas Graves
> Assignee: Jonathan Eagles
> Priority: Blocker
> Attachments: MAPREDUCE-3175.patch, MAPREDUCE-3175.patch, MAPREDUCE-3175.patch, MAPREDUCE-3175.patch, MAPREDUCE-3175.patch
>
>
> RM, NM, job history, and application master httpservers are not created with access Control lists. I believe this means that anyone can access any of the standard servlets that check to see if the user has administrator access - like /jmx, /stacks, etc and ops has no way to restrict access to these things.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (MAPREDUCE-3175) Yarn httpservers not created
with access Control lists
Posted by "Jonathan Eagles (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/MAPREDUCE-3175?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13136534#comment-13136534 ]
Jonathan Eagles commented on MAPREDUCE-3175:
--------------------------------------------
Seems like Jenkins fell over during the build. Kicking it again.
> Yarn httpservers not created with access Control lists
> ------------------------------------------------------
>
> Key: MAPREDUCE-3175
> URL: https://issues.apache.org/jira/browse/MAPREDUCE-3175
> Project: Hadoop Map/Reduce
> Issue Type: Sub-task
> Components: mrv2
> Affects Versions: 0.23.0
> Reporter: Thomas Graves
> Assignee: Jonathan Eagles
> Priority: Blocker
> Attachments: MAPREDUCE-3175.patch, MAPREDUCE-3175.patch, MAPREDUCE-3175.patch, MAPREDUCE-3175.patch
>
>
> RM, NM, job history, and application master httpservers are not created with access Control lists. I believe this means that anyone can access any of the standard servlets that check to see if the user has administrator access - like /jmx, /stacks, etc and ops has no way to restrict access to these things.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (MAPREDUCE-3175) Yarn httpservers not created
with access Control lists
Posted by "Jonathan Eagles (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/MAPREDUCE-3175?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13136752#comment-13136752 ]
Jonathan Eagles commented on MAPREDUCE-3175:
--------------------------------------------
2 warnings
[WARNING] Javadoc Warnings
[WARNING] /home/jeagles/hadoop/trunk/hadoop-mapreduce-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/security/AdminACLsManager.java:95: warning - @See is an unknown tag -- same as a known tag except for case.
[WARNING] /home/jeagles/hadoop/trunk/hadoop-mapreduce-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/security/AdminACLsManager.java:95: warning - @See is an unknown tag -- same as a known tag except for case.
> Yarn httpservers not created with access Control lists
> ------------------------------------------------------
>
> Key: MAPREDUCE-3175
> URL: https://issues.apache.org/jira/browse/MAPREDUCE-3175
> Project: Hadoop Map/Reduce
> Issue Type: Sub-task
> Components: mrv2
> Affects Versions: 0.23.0
> Reporter: Thomas Graves
> Assignee: Jonathan Eagles
> Priority: Blocker
> Attachments: MAPREDUCE-3175.patch, MAPREDUCE-3175.patch, MAPREDUCE-3175.patch, MAPREDUCE-3175.patch
>
>
> RM, NM, job history, and application master httpservers are not created with access Control lists. I believe this means that anyone can access any of the standard servlets that check to see if the user has administrator access - like /jmx, /stacks, etc and ops has no way to restrict access to these things.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (MAPREDUCE-3175) Yarn httpservers not created with
access Control lists
Posted by "Jonathan Eagles (Updated) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/MAPREDUCE-3175?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jonathan Eagles updated MAPREDUCE-3175:
---------------------------------------
Status: Open (was: Patch Available)
> Yarn httpservers not created with access Control lists
> ------------------------------------------------------
>
> Key: MAPREDUCE-3175
> URL: https://issues.apache.org/jira/browse/MAPREDUCE-3175
> Project: Hadoop Map/Reduce
> Issue Type: Sub-task
> Components: mrv2
> Affects Versions: 0.23.0
> Reporter: Thomas Graves
> Assignee: Jonathan Eagles
> Priority: Blocker
> Attachments: MAPREDUCE-3175.patch, MAPREDUCE-3175.patch, MAPREDUCE-3175.patch, MAPREDUCE-3175.patch
>
>
> RM, NM, job history, and application master httpservers are not created with access Control lists. I believe this means that anyone can access any of the standard servlets that check to see if the user has administrator access - like /jmx, /stacks, etc and ops has no way to restrict access to these things.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (MAPREDUCE-3175) Yarn httpservers not created
with access Control lists
Posted by "Hudson (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/MAPREDUCE-3175?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13136830#comment-13136830 ]
Hudson commented on MAPREDUCE-3175:
-----------------------------------
Integrated in Hadoop-Mapreduce-trunk-Commit #1180 (See [https://builds.apache.org/job/Hadoop-Mapreduce-trunk-Commit/1180/])
MAPREDUCE-3175. Add authorization to admin web-pages such as /stacks, /jmx etc. Contributed by Jonathan Eagles.
acmurthy : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1189619
Files :
* /hadoop/common/trunk/hadoop-mapreduce-project/CHANGES.txt
* /hadoop/common/trunk/hadoop-mapreduce-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/security/AdminACLsManager.java
* /hadoop/common/trunk/hadoop-mapreduce-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/WebApps.java
* /hadoop/common/trunk/hadoop-mapreduce-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/java/org/apache/hadoop/yarn/server/security/ApplicationACLsManager.java
> Yarn httpservers not created with access Control lists
> ------------------------------------------------------
>
> Key: MAPREDUCE-3175
> URL: https://issues.apache.org/jira/browse/MAPREDUCE-3175
> Project: Hadoop Map/Reduce
> Issue Type: Sub-task
> Components: mrv2
> Affects Versions: 0.23.0
> Reporter: Thomas Graves
> Assignee: Jonathan Eagles
> Priority: Blocker
> Attachments: MAPREDUCE-3175.patch, MAPREDUCE-3175.patch, MAPREDUCE-3175.patch, MAPREDUCE-3175.patch, MAPREDUCE-3175.patch
>
>
> RM, NM, job history, and application master httpservers are not created with access Control lists. I believe this means that anyone can access any of the standard servlets that check to see if the user has administrator access - like /jmx, /stacks, etc and ops has no way to restrict access to these things.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (MAPREDUCE-3175) Yarn httpservers not created
with access Control lists
Posted by "Jonathan Eagles (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/MAPREDUCE-3175?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13135616#comment-13135616 ]
Jonathan Eagles commented on MAPREDUCE-3175:
--------------------------------------------
-1 overall.
+1 @author. The patch does not contain any @author tags.
+1 tests included. The patch appears to include 6 new or modified tests.
-1 javadoc. The javadoc tool appears to have generated 8 warning messages.
+1 javac. The applied patch does not increase the total number of javac compiler warnings.
-1 findbugs. The patch appears to introduce -9 new Findbugs (version 1.3.9) warnings.
+1 release audit. The applied patch does not increase the total number of release audit warnings.
+1 core tests. The patch passed unit tests in .
+1 contrib tests. The patch passed contrib unit tests.
> Yarn httpservers not created with access Control lists
> ------------------------------------------------------
>
> Key: MAPREDUCE-3175
> URL: https://issues.apache.org/jira/browse/MAPREDUCE-3175
> Project: Hadoop Map/Reduce
> Issue Type: Sub-task
> Components: mrv2
> Affects Versions: 0.23.0
> Reporter: Thomas Graves
> Assignee: Jonathan Eagles
> Priority: Blocker
> Attachments: MAPREDUCE-3175.patch, MAPREDUCE-3175.patch, MAPREDUCE-3175.patch
>
>
> RM, NM, job history, and application master httpservers are not created with access Control lists. I believe this means that anyone can access any of the standard servlets that check to see if the user has administrator access - like /jmx, /stacks, etc and ops has no way to restrict access to these things.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira