[jira] Commented: (HADOOP-3698) Implement access control for submitting jobs to queues in the JobTracker

Thu, 21 Aug 2008 10:53:12 -0700 

    [ 
https://issues.apache.org/jira/browse/HADOOP-3698?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12624436#action_12624436
 ] 

Hemanth Yamijala commented on HADOOP-3698:
------------------------------------------

I am attaching a patch for early review. It isn't complete, and is more to 
illustrate how the implementation is going to look. Please share your comments.

The patch includes:

- The QueueManager class that exposes the APIs as discussed above.
- Changes to the APIs {{submitJob}}, {{killJob}} and {{killTask}} in the 
JobTracker to verify ACLs and throw an IOException if the verification fails.
- Changes in JobClient to pass the UnixUserGroupInformation to the RPC Proxy, 
so that it gets set to the JobTracker.
- Included the default queue and ACLs for them in hadoop-default.xml. The 
format used is the same as what was discussed in HADOOP-3479. I'm calling them 
{{mapred.queue.<queue-name>.<acl-operation-name>}}. The value has the format 
"<comma-separated-user-list> <comma-separated-group-list>". Open to suggestions 
on better format for this.

Tested this patch manually for job submission, and killing of job and tasks and 
it is working fine.

Things to do:
- Remove ResourceManagerConf and migrate HADOOP-3445 scheduler methods into a 
separate class.
- Documentation, unit tests

Things to do, possibly outside this patch:
- The web UI provides a way to change job priorities and the CLI does not. For 
ACLs to work properly, this should be inverted ?



> Implement access control for submitting jobs to queues in the JobTracker
> ------------------------------------------------------------------------
>
>                 Key: HADOOP-3698
>                 URL: https://issues.apache.org/jira/browse/HADOOP-3698
>             Project: Hadoop Core
>          Issue Type: New Feature
>          Components: mapred
>            Reporter: Hemanth Yamijala
>            Assignee: Hemanth Yamijala
>             Fix For: 0.19.0
>
>         Attachments: HADOOP-3698.patch
>
>
> HADOOP-3445 implements multiple queues in the JobTracker as part of the new 
> resource manager for Hadoop (HADOOP-3421). There needs to be a mechanism to 
> control who can submit jobs to a specified queue. This JIRA is for tracking 
> the requirements, approach and implementation for the same.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to