You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@oozie.apache.org by "Rohini Palaniswamy (JIRA)" <ji...@apache.org> on 2017/10/23 23:41:00 UTC

[jira] [Commented] (OOZIE-2897) LauncherAM should support ACLs

    [ https://issues.apache.org/jira/browse/OOZIE-2897?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16216072#comment-16216072 ] 

Rohini Palaniswamy commented on OOZIE-2897:
-------------------------------------------

bq. but eventually I would hope we could drop those
  That never happens in practice as it would involve everyone fixing and retesting their workflow.xmls. Especially in this case, it will be a total waste of time for users as it is not going to make any difference. We had the same situation in mapreduce->tez transition. We support all mapreduce settings (even though there are equivalent tez settings) and have no plans of ever dropping support for the mapreduce settings.

bq. Doesn't it seem weird to have users set oozie.launcher.mapreduce.<some-property> instead of oozie.<some-property>?
  Even if we add new Oozie AM specific properties later, for consistency we should name it as oozie.launcher.<some-property> as it is still for the launcher AM.

> LauncherAM should support ACLs
> ------------------------------
>
>                 Key: OOZIE-2897
>                 URL: https://issues.apache.org/jira/browse/OOZIE-2897
>             Project: Oozie
>          Issue Type: Sub-task
>    Affects Versions: 5.0.0
>            Reporter: Peter Bacsko
>            Assignee: Peter Bacsko
>            Priority: Blocker
>
> In MapReduce, you can define ACL-related properties:
> {noformat}
> mapreduce.job.acl-view-job
> mapreduce.job.acl-modify-job
> {noformat}
> {{acl-view-job}} defines a list of users/groups who can retrieve the job statistics. {{acl-modify-job}} defines a list of users/groups who can kill a job or adjust the priority of it.
> Docs: https://hadoop.apache.org/docs/r1.2.1/mapred_tutorial.html#Job+Authorization
> In YARN, we can provide backward compatibility for these properties. Example code:
> {code}
> Map<ApplicationAccessType, String> acls = new HashMap<ApplicationAccessType, String>();
> acls.put(ApplicationAccessType.MODIFY_APP, "*");
> acls.put(ApplicationAccessType.VIEW_APP, "*");
> amContainer.setApplicationACLs(acls);
> {code}
> This has to be done before application submission. We have to do what YARNRunner.java does: https://github.com/apache/hadoop/blob/3721cfe1fbd98c5b6aa46aefdfcf62276c28c4a4/hadoop-mapreduce-project/hadoop-mapreduce-client/hadoop-mapreduce-client-jobclient/src/main/java/org/apache/hadoop/mapred/YARNRunner.java#L502-L507 
> We should also ensure the compatibility with the properties of:
> mapreduce.job.acl-view-job
> mapreduce.job.acl-modfy-job



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)