Hi,
In the coming airflow 1.8, a feature of Impersonation will be added to allow a task using another user name. ##################################### Impersonation¶<https://airflow.apache.org/security.html?highlight=impersonation#impersonation> Airflow has the ability to impersonate a unix user while running task instances based on the task’s run_as_user parameter, which takes a user’s name. NOTE For impersonations to work, Airflow must be run with sudo as subtasks are run with sudo -u and permissions of files are changed. Furthermore, the unix user needs to exist on the worker. Here is what a simple sudoers file entry could look like to achieve this, assuming as airflow is running as the airflow user. Note that this means that the airflow user must be trusted and treated the same way as the root user. ... #################################### >From the above doc, it seems the new user must be on the sudoers file entry of >the root user. However, due to some internal policy , we are not allowed to add a user to the sudoers file. Hence, I wonder whether airflow could add an option to use ssh , instead of sudo, to work with the Impersonation feature, ie. the "run_as_user" parameter ? Any suggestions ? Thanks. Michael ________________________________ From: Maxime Beauchemin <[email protected]> Sent: Monday, March 6, 2017 5:15 PM To: [email protected] Cc: Michael Gong Subject: Re: Airflow running different with different user id ? Hi, I just rebuilt + pushed the docs manually, and updated the wiki page as to how to do it. https://cwiki.apache.org/confluence/display/AIRFLOW/Building+and+deploying+the+docs We may want to automate this in the future though I hit a few bumps when trying to do that in the past. Here's the doc entry: https://airflow.apache.org/security.html?highlight=impersonation#impersonation Max On Mon, Mar 6, 2017 at 6:37 AM, Michael Gong <[email protected]<mailto:[email protected]>> wrote: Hi, Dan, The only doc mentioning "run_as" was in the airflow.operators.HiveOperator. Is this what you mean "run_as"? If not, can you provide more information about it? We are very interested to know more . Thanks. Michael Sent from my PP•KING™ smartphone On Mar 3, 2017 3:57 PM, Michael Gong <[email protected]<mailto:[email protected]>> wrote: Hi, Dan, Thanks for the encouraging news. Maybe you could direct me to the documentation about "run_as" so I could see whether it is for my purpose. I guess it will be passed as an argument for the DAG object , right ? Thanks again. Michael ________________________________ From: Dan Davydov <[email protected]<mailto:[email protected]>.INVALID> Sent: Friday, March 3, 2017 8:44 PM To: [email protected]<mailto:[email protected]> Subject: Re: Airflow running different with different user id ? Within a couple of weeks. On Fri, Mar 3, 2017 at 12:34 PM, Michael Gong <[email protected]<mailto:[email protected]>> wrote: > When approximately will it be released? > > Sent from my PP•KING™ smartphone > > On Mar 3, 2017 1:42 PM, Dan Davydov > <[email protected]<mailto:[email protected]>.INVALID> > wrote: > Yes it is starting on 1.8.0 which will be released soon, you can look in > the documentation/grep for "run_as". > > On Mar 3, 2017 8:50 AM, "Michael Gong" > <[email protected]<mailto:[email protected]>> wrote: > > > Hi, > > > > > > Suppose I have 1 airflow instance running 2 different DAGs, is it > possible > > to specify the 2 DAGs running under 2 different ids ? > > > > > > Any advises are welcomed. > > > > > > Thanks. > > > > Michael > > > > > > > > > > >
