[
https://issues.apache.org/jira/browse/OOZIE-1232?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13642638#comment-13642638
]
Dapeng Sun commented on OOZIE-1232:
-----------------------------------
Thanks for your comments, Alejandro.
As you suggested, I separated the reading of hadoopconfs from
HadoopAccessorService to an utility class called HadoopConfLoader.
HadoopConfLoader can be used by GroupsService and HadoopAccessorService to get
hadoop configuration. Other services can also use it. I will provide the new
patch later.
Thanks for your explanation of the current hadoopconfs mechanism and it helps
me to understand the background. In the old patch it’s ensured the original
behavior wasn’t affected, and in new patch the new HadoopConfLoader surely
supports this original mechanism, trying to avoid bad affect to
HadoopAccessorService.
The old patch didn’t mean to overload the original intent of hadoopconfs, and
it used relevant hadoop configuration (not specific to a cluster as its intent)
for the GroupsService instead of oozie server itself as this JIRA’s initial
goal. I agree we should have a special hadoopconf/ for Oozie, to distinguish
this usage from the use of the hadoopconfs meant for jobs.
As said above, the change in the old patch was local to GroupsService, and it
got configuration props via oozie.service.GroupsService.hadoop.configurations,
as you suggested.
Yeah I agree this JIRA assumes there’s a hadoop-conf available in the Oozie
server. Before any job submitting or real access to Hadoop, Oozie enforces
authorization for that action based on Hadoop authentication and groups mapping
(GroupsService), which requires relevant Hadoop configurations. The assumed
hadoop-conf should be for that purpose, not the one for any cluster but of
course in practice they can be equal.
> GroupsService should be able to reference Hadoop configurations in Hadoop
> configuration folder (such as /etc/hadoop/conf)
> -------------------------------------------------------------------------------------------------------------------------
>
> Key: OOZIE-1232
> URL: https://issues.apache.org/jira/browse/OOZIE-1232
> Project: Oozie
> Issue Type: Improvement
> Components: security
> Affects Versions: trunk
> Reporter: Kai Zheng
> Assignee: Kai Zheng
> Labels: GroupsService, hadoop-conf
> Fix For: trunk
>
> Attachments: OOZIE-1232.patch
>
> Original Estimate: 168h
> Remaining Estimate: 168h
>
> Oozie GroupsService wraps Hadoop user groups mapping to get groups for user,
> which requires to reference Hadoop configurations, especially the properties
> related to groups mapping provider (such as LdapGroupsMapping).
> To avoid replication of such configurations into oozie-site.xml, mechanism is
> needed to configure the Hadoop configurations folder (often mentioned
> hadoop-conf) for the service, as HadoopAccessorService currently does.
> Such work can be done per Service, as HadoopAccessorService, but would it be
> better to avoid code changes or similar work when other Service also needs to
> do that in future.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
