[
https://issues.apache.org/jira/browse/HADOOP-3698?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12627338#action_12627338
]
Owen O'Malley commented on HADOOP-3698:
---------------------------------------
The JobClient should use UserGroupInformation.login(conf) rather than
UnixUserGroupInformation.login(conf).
I think we should have an exception class to catch for login failures. So we
either need to add LoginException to submitJob in JobClient or we should create
a new IOException that is for login failures and put it into
org.apache.hadoop.security. I'd lean toward changing the signature of
run/submitJob.
I'd suggest handling mapred.acls.enabled inside of the QueueManager instead of
the JobTracker. The same for giving the user access to their own jobs. That
should be done in QueueManager, so that all of the rules & exceptions for
allowing actions are contained inside the one class.
The JobTracker should use the standard method for getting the queue of the job
instead of using the attribute name "queue.name".
Why does the TaskScheduler need the QueueManager? That seems really unexpected.
> Implement access control for submitting jobs to queues in the JobTracker
> ------------------------------------------------------------------------
>
> Key: HADOOP-3698
> URL: https://issues.apache.org/jira/browse/HADOOP-3698
> Project: Hadoop Core
> Issue Type: New Feature
> Components: mapred
> Reporter: Hemanth Yamijala
> Assignee: Hemanth Yamijala
> Fix For: 0.19.0
>
> Attachments: HADOOP-3698.patch, HADOOP-3698.patch
>
>
> HADOOP-3445 implements multiple queues in the JobTracker as part of the new
> resource manager for Hadoop (HADOOP-3421). There needs to be a mechanism to
> control who can submit jobs to a specified queue. This JIRA is for tracking
> the requirements, approach and implementation for the same.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
