[jira] [Commented] (TEZ-671) Support View/Modify ACLs for DAGs
[
https://issues.apache.org/jira/browse/TEZ-671?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14101978#comment-14101978
]
Johannes Zillmann commented on TEZ-671:
---
Hey guys, i think that broke compilation with hadoop-2.2!
Groups#parseStaticMapping() uses now StringUtils.getStringCollection(str,
delim) which has been introduced as part of
[HADOOP-10142|https://issues.apache.org/jira/browse/HADOOP-10142] in hadoop-2.3.
Getting:
{code}
2014-08-19 09:29:07,325 INFO [main] org.apache.tez.dag.app.DAGAppMaster:
Created DAGAppMaster for application appattempt_140849532_0001_01
2014-08-19 09:29:07,798 WARN [main] org.apache.hadoop.util.NativeCodeLoader:
Unable to load native-hadoop library for your platform... using builtin-java
classes where applicable
2014-08-19 09:29:08,046 FATAL [main] org.apache.tez.dag.app.DAGAppMaster: Error
starting DAGAppMaster
java.lang.NoSuchMethodError:
org.apache.hadoop.util.StringUtils.getStringCollection(Ljava/lang/String;Ljava/lang/String;)Ljava/util/Collection;
at
org.apache.tez.common.security.Groups.parseStaticMapping(Groups.java:102)
at org.apache.tez.common.security.Groups.init(Groups.java:78)
at
org.apache.tez.dag.app.DAGAppMaster.serviceInit(DAGAppMaster.java:313)
at
org.apache.hadoop.service.AbstractService.init(AbstractService.java:163)
at org.apache.tez.dag.app.DAGAppMaster$5.run(DAGAppMaster.java:1914)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Subject.java:394)
at
org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1491)
at
org.apache.tez.dag.app.DAGAppMaster.initAndStartAppMaster(DAGAppMaster.java:1911)
at org.apache.tez.dag.app.DAGAppMaster.main(DAGAppMaster.java:1727)
2014-08-19 09:29:08,051 INFO [Thread-2] org.apache.tez.dag.app.DAGAppMaster:
DAGAppMasterShutdownHook invoked
{code}
Support View/Modify ACLs for DAGs
-
Key: TEZ-671
URL: https://issues.apache.org/jira/browse/TEZ-671
Project: Apache Tez
Issue Type: Sub-task
Reporter: Siddharth Seth
Assignee: Hitesh Shah
Fix For: 0.5.0
Attachments: TEZ-671.2.patch, TEZ-671.3.patch, TEZ-671.4.patch
--
This message was sent by Atlassian JIRA
(v6.2#6252)
[jira] [Commented] (TEZ-671) Support View/Modify ACLs for DAGs
[
https://issues.apache.org/jira/browse/TEZ-671?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14096721#comment-14096721
]
Siddharth Seth commented on TEZ-671:
Mostly looks good.
- Why is the configuration==null check required in ACLManager ?
{code}
+} else {
+ aclsEnabled = true;
+}
{code}
TEZ_DAG_VIEW_ACLS, TEZ_DAG_MODIFY_ACLS are private. Do we want users setting
these via tez-site.xml ? If not, ideally, these could be sent via their own
proto field, and then just sent into the ACLManager/Parser as strings. This is
OK, but we should mark them private.
DAGAccessControls. I'm guessing this is designed to be used as
DAG.setAccessControls(new
DAGAccessCOntrols().setUsersWithViewAcls(conf.getStrings(conf_property_name) ?
Would be helpful to have some defaults like - ALLLOW_ALL, ALLOW_NONE. Also, a
constructor which just accepts the standard MR ACLs may be useful, since we
support that format for the AM ACLs in any case.
Support View/Modify ACLs for DAGs
-
Key: TEZ-671
URL: https://issues.apache.org/jira/browse/TEZ-671
Project: Apache Tez
Issue Type: Sub-task
Reporter: Siddharth Seth
Assignee: Hitesh Shah
Attachments: TEZ-671.2.patch, TEZ-671.3.patch
--
This message was sent by Atlassian JIRA
(v6.2#6252)
[jira] [Commented] (TEZ-671) Support View/Modify ACLs for DAGs
[ https://issues.apache.org/jira/browse/TEZ-671?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14097616#comment-14097616 ] ASF GitHub Bot commented on TEZ-671: Github user hiteshs closed the pull request at: https://github.com/apache/tez/pull/2 Support View/Modify ACLs for DAGs - Key: TEZ-671 URL: https://issues.apache.org/jira/browse/TEZ-671 Project: Apache Tez Issue Type: Sub-task Reporter: Siddharth Seth Assignee: Hitesh Shah Attachments: TEZ-671.2.patch, TEZ-671.3.patch, TEZ-671.4.patch -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Commented] (TEZ-671) Support View/Modify ACLs for DAGs
[ https://issues.apache.org/jira/browse/TEZ-671?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14097617#comment-14097617 ] ASF GitHub Bot commented on TEZ-671: Github user hiteshs commented on the pull request: https://github.com/apache/tez/pull/2#issuecomment-52241445 Closing this out and using std patch on apache jira instead. Support View/Modify ACLs for DAGs - Key: TEZ-671 URL: https://issues.apache.org/jira/browse/TEZ-671 Project: Apache Tez Issue Type: Sub-task Reporter: Siddharth Seth Assignee: Hitesh Shah Attachments: TEZ-671.2.patch, TEZ-671.3.patch, TEZ-671.4.patch -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Commented] (TEZ-671) Support View/Modify ACLs for DAGs
[ https://issues.apache.org/jira/browse/TEZ-671?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14096328#comment-14096328 ] Hitesh Shah commented on TEZ-671: - API introductions involved. [~bikassaha] [~sseth] please review. Support View/Modify ACLs for DAGs - Key: TEZ-671 URL: https://issues.apache.org/jira/browse/TEZ-671 Project: Apache Tez Issue Type: Sub-task Reporter: Siddharth Seth Assignee: Hitesh Shah Attachments: TEZ-671.2.patch, TEZ-671.3.patch -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Commented] (TEZ-671) Support View/Modify ACLs for DAGs
[ https://issues.apache.org/jira/browse/TEZ-671?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14091373#comment-14091373 ] Hitesh Shah commented on TEZ-671: - bq. getACLManager should make use of getDAG - instead of replicating it - being addressed. bq, Oleg had a comment about getting the ugi being repeated everywhere - already addressed. bq. Are any changes required on the creation of the ApplicationSubmissionContext to set the AM ACLs for YARN - being addressed. bq. How to DAGs supply ACLs. Do we need a method on the DAG API for this. In, which case, the DAG specific config parameters are likely not required. - I was under the assumption that we had support for a separate additional dag conf as a pass through for dag specific params. This seems no longer the case so I guess a new API is needed. bq. Anything needed in terms of ATS, or will that be a separate patch. - follow-up once timeline acls supports comes into hadoop. Post 2.6 i guess. bq. Ideally, when using the SimpleHistoryLoggingService - we could use HDFS ACLs to give access specific AM logs, but this would be a follow up. - Will file a follow-up for this too. bq. In terms of Group, AclManager etc - Groups was the only one I would have liked to reuse. It still has features being added and is marked private so I ended up creating a copy. - As for AclManager and all the other common functionality, given our need for 2 level checks, I think a separate impl might be better for us. Support View/Modify ACLs for DAGs - Key: TEZ-671 URL: https://issues.apache.org/jira/browse/TEZ-671 Project: Apache Tez Issue Type: Sub-task Reporter: Siddharth Seth Assignee: Hitesh Shah Attachments: TEZ-671.2.patch -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Commented] (TEZ-671) Support View/Modify ACLs for DAGs
[ https://issues.apache.org/jira/browse/TEZ-671?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14091385#comment-14091385 ] Hitesh Shah commented on TEZ-671: - File HADOOP-10951 for Groups in hadoop to be made public. Support View/Modify ACLs for DAGs - Key: TEZ-671 URL: https://issues.apache.org/jira/browse/TEZ-671 Project: Apache Tez Issue Type: Sub-task Reporter: Siddharth Seth Assignee: Hitesh Shah Attachments: TEZ-671.2.patch -- This message was sent by Atlassian JIRA (v6.2#6252)
