[jira] [Reopened] (YUNIKORN-2940) ph Pod is in a pending state for a long time

Wed, 23 Oct 2024 19:52:07 -0700 


     [ 
https://issues.apache.org/jira/browse/YUNIKORN-2940?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Xiaobao Wu reopened YUNIKORN-2940:
----------------------------------

> ph Pod is in a pending state for a long time
> --------------------------------------------
>
>                 Key: YUNIKORN-2940
>                 URL: https://issues.apache.org/jira/browse/YUNIKORN-2940
>             Project: Apache YuniKorn
>          Issue Type: Bug
>          Components: core - scheduler
>            Reporter: Xiaobao Wu
>            Priority: Minor
>
> I have the following queue configuration :
> {code:java}
>   queues.yaml: |
>     partitions:
>     - name: default
>       queues:
>       - name: root
>         parent: true
>         submitacl: '*'
>         queues:
>         - name: spark-test
>           resources:
>             guaranteed:
>               memory: 1Gi
>               vcore: "1"
>             max:
>               memory: 40Gi
>               vcore: "10"
>           submitacl: 'master'
>       placementrules:
>       - name: tag
>         create: true
>         value: namespace {code}
> I found that when I set the *root* submitacl to ' * ', the *root.spark-test* 
> submitacl seems to be invalid and seems to allow any user to submit. After I 
> looked at the code, I found a strange logical check of queue permissions :
> {code:java}
> func (sq *Queue) CheckSubmitAccess(user security.UserGroup) bool {
>     if common.IsRecoveryQueue(sq.QueuePath) {
>        // recovery queue can never pass ACL checks
>        return false
>     }
>     sq.RLock()
>     allow := sq.submitACL.CheckAccess(user) || sq.adminACL.CheckAccess(user)
>     sq.RUnlock()
>     if !allow && sq.parent != nil {
>        allow = sq.parent.CheckSubmitAccess(user)
>     }
>     return allow
> } {code}
> It can be seen that if the current subqueue does not allow the user to submit 
> jobs to this subqueue, it will recursively check its parent queue. I think 
> this is unreasonable, why the priority of the user rights of the parent queue 
> is higher than that of the child queue, which will cause some user rights 
> management problems.
>  



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to