[
https://issues.apache.org/jira/browse/MAPREDUCE-2858?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13087803#comment-13087803
]
Luke Lu commented on MAPREDUCE-2858:
------------------------------------
bq. Why are we even trying to support web UIs on user code?
Because we want to be able to run different versions of mapreduce UI per user
on the same grid/cluster/cloud, just like we want to be able to use different
versions of mapreduce runtime per user. This allow more rapid UI innovation in
the space of analytics and visualization. Having to set up trusted servers for
each version/user is clearly not scalable.
History server is a special case, because it serves multiple users for a
particular history data version/format, which can evolve independently/slower
than per app UI.
IMO, the current MR history server is the ideal candidate for data and UI
separation/refactor, i.e., make all history data available via web services in
json format and a default UI. We can then allow per user UI to pull data from
it to do more analytics and visualization etc.
In any case, per user/version web UI is a major step forward, just like per
user/version mapreduce runtime in MRv2.
As I've already documented internally (soon externally), there are novel but
straightforward ways to implement/integrate/deploy these webapps securely.
> MRv2 WebApp Security
> --------------------
>
> Key: MAPREDUCE-2858
> URL: https://issues.apache.org/jira/browse/MAPREDUCE-2858
> Project: Hadoop Map/Reduce
> Issue Type: Improvement
> Components: mrv2
> Affects Versions: 0.23.0
> Reporter: Luke Lu
> Assignee: Luke Lu
> Fix For: 0.23.0
>
>
> In MRv2, while the system servers (ResourceManager (RM), NodeManager (NM) and
> NameNode (NN)) run as "trusted"
> system users, the application masters (AM) run as users who submit the
> application. While this offers great flexibility
> to run multiple version of mapreduce frameworks (including their UI) on the
> same Hadoop cluster, it has significant
> implication for the security of webapps (Please do not discuss company
> specific vulnerabilities here).
> Requirements:
> # Secure authentication for AM (for app/job level ACLs).
> # Webapp security should be optional via site configuration.
> # Support existing pluggable single sign on mechanisms.
> # Should not require per app/user configuration for deployment.
> # Should not require special site-wide DNS configuration for deployment.
> This the top jira for webapp security. A design doc/notes of threat-modeling
> and counter measures will be posted on the wiki.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
