[jira] [Comment Edited] (YARN-6069) CORS support in timeline v2
[
https://issues.apache.org/jira/browse/YARN-6069?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15874915#comment-15874915
]
Varun Saxena edited comment on YARN-6069 at 2/20/17 6:48 PM:
-
Thanks [~rohithsharma] for the patch. Core changes look fine to me. Few
comments on the .md file
# "See also
\[HttpAuthentication\](../../hadoop-project-dist/hadoop-common/HttpAuthentication.html)"
jumps to the page. We can directly jump to CORS section in the page by
mentioning
{{../../hadoop-project-dist/hadoop-common/HttpAuthentication.html#CORS]}
# Maybe modify the documentation to something like under?
{code}
To enable cross-origin support (CORS) for the Timeline Service v.2, please set
the following configuration parameters:
In core-site.xml, add
org.apache.hadoop.security.HttpCrossOriginFilterInitializer to
hadoop.http.filter.initializers.
In yarn-site.xml, set yarn.timeline-service.http-cross-origin.enabled to true.
For other configurations used for cross-origin support, refer to
[HttpAuthentication](../../hadoop-project-dist/hadoop-common/HttpAuthentication.html#CORS).
Please note that for timeline service, configuration property,
yarn.timeline-service.http-cross-origin.enabled, if set to true, overrides
configuration property hadoop.http.cross-origin.enabled. Both
yarn.timeline-service.http-cross-origin.enabled and
hadoop.http.cross-origin.enabled must be set to false to disable cross-origin
support.
{code}
Also yarn.timeline-service.http-cross-origin.enabled is not present in
yarn-default.xml from before. Should it be there?
was (Author: varun_saxena):
Thanks [~rohithsharma] for the patch. Core changes look fine to me. Few
comments on the .md file
# "See also
\[HttpAuthentication\](../../hadoop-project-dist/hadoop-common/HttpAuthentication.html)"
jumps to the page. We can directly jump to CORS section in the page by
mentioning
{{../../hadoop-project-dist/hadoop-common/HttpAuthentication.html#CORS]}
# Maybe modify the documentation to something like under?
{code}
To enable cross-origin support (CORS) for the Timeline Service v.2, please set
the following configuration parameters:
In core-site.xml, add
org.apache.hadoop.security.HttpCrossOriginFilterInitializer to
hadoop.http.filter.initializers.
In yarn-site.xml, set yarn.timeline-service.http-cross-origin.enabled to true.
For other configurations used for cross-origin support, refer to
[HttpAuthentication](../../hadoop-project-dist/hadoop-common/HttpAuthentication.html#CORS).
Please note that for timeline service, configuration property,
hadoop.http.cross-origin.enabled is not used.
{code}
Also yarn.timeline-service.http-cross-origin.enabled is not present in
yarn-default.xml from before. Should it be there?
> CORS support in timeline v2
> ---
>
> Key: YARN-6069
> URL: https://issues.apache.org/jira/browse/YARN-6069
> Project: Hadoop YARN
> Issue Type: Sub-task
> Components: timelinereader
>Reporter: Sreenath Somarajapuram
>Assignee: Rohith Sharma K S
> Attachments: YARN-6069-YARN-5355.0001.patch,
> YARN-6069-YARN-5355.0002.patch, YARN-6069-YARN-5355.0003.patch
>
>
> By default the browser prevents accessing resources from multiple domains. In
> most cases the UIs would be loaded form a domain different from that of
> timeline server. Hence without CORS support, it would be difficult for the
> UIs to load data from timeline v2.
> YARN-2277 must provide more info on the implementation.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
-
To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org
[jira] [Comment Edited] (YARN-6069) CORS support in timeline v2
[ https://issues.apache.org/jira/browse/YARN-6069?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15870044#comment-15870044 ] Varun Saxena edited comment on YARN-6069 at 2/16/17 2:35 PM: - bq. I think folks are forgetting one important thing that this JIRA is only for TimelineReader v.2 server which uses GET operation only. It is not necessarily required to worry about any custom configurations that controls other HTTP operations. Sorry didn't get you. Other than allowed methods configuration as this is only GET, which CORS related configuration is not relevant here. Also any idea what purpose max age serves. We do not make any check in the filter based on it. was (Author: varun_saxena): bq. I think folks are forgetting one important thing that this JIRA is only for TimelineReader v.2 server which uses GET operation only. It is not necessarily required to worry about any custom configurations that controls other HTTP operations. Sorry didn't get you. Other than allowed methods configuration, which CORS related configuration is not relevant here. Also any idea what purpose max age serves. We do not make any check in the filter based on it. > CORS support in timeline v2 > --- > > Key: YARN-6069 > URL: https://issues.apache.org/jira/browse/YARN-6069 > Project: Hadoop YARN > Issue Type: Sub-task > Components: timelinereader >Reporter: Sreenath Somarajapuram >Assignee: Rohith Sharma K S > Attachments: YARN-6069-YARN-5355.0001.patch, > YARN-6069-YARN-5355.0002.patch > > > By default the browser prevents accessing resources from multiple domains. In > most cases the UIs would be loaded form a domain different from that of > timeline server. Hence without CORS support, it would be difficult for the > UIs to load data from timeline v2. > YARN-2277 must provide more info on the implementation. -- This message was sent by Atlassian JIRA (v6.3.15#6346) - To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org
[jira] [Comment Edited] (YARN-6069) CORS support in timeline v2
[ https://issues.apache.org/jira/browse/YARN-6069?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15869957#comment-15869957 ] Varun Saxena edited comment on YARN-6069 at 2/16/17 1:54 PM: - Probably it did not come out clearly in my previous comment. I was alluding to the same thing. That a user may look at timeline service related CORS configurations and assume they are to be used for ATSv2 but till we document clearly what the behavior is or configurations are, it should be fine. That is why I said I am fine with either of the 2 approaches. was (Author: varun_saxena): Probably it did not come out clearly in my previous comment. I was alluding to the same thing. That a user may look at timeline service related CORS configurations and assume they are to be used for ATSv2 but till we document clearly what the behavior is, it should be fine. That is why I said I am fine with either of the 2 approaches. > CORS support in timeline v2 > --- > > Key: YARN-6069 > URL: https://issues.apache.org/jira/browse/YARN-6069 > Project: Hadoop YARN > Issue Type: Sub-task > Components: timelinereader >Reporter: Sreenath Somarajapuram >Assignee: Rohith Sharma K S > Attachments: YARN-6069-YARN-5355.0001.patch, > YARN-6069-YARN-5355.0002.patch > > > By default the browser prevents accessing resources from multiple domains. In > most cases the UIs would be loaded form a domain different from that of > timeline server. Hence without CORS support, it would be difficult for the > UIs to load data from timeline v2. > YARN-2277 must provide more info on the implementation. -- This message was sent by Atlassian JIRA (v6.3.15#6346) - To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org
[jira] [Comment Edited] (YARN-6069) CORS support in timeline v2
[ https://issues.apache.org/jira/browse/YARN-6069?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15869865#comment-15869865 ] Varun Saxena edited comment on YARN-6069 at 2/16/17 12:56 PM: -- Now coming to the patch, the thing we have to consider is that we already have yarn timeline-service related CORS configurations. So if somebody looks at it, they may think this has to be used for ATSv2 too. Please note that we reuse most of the existing ATSv1 configurations for ATSv2 too (wherever possible). However, for NM and RM we do not use RM/NM specific configurations. As ATSv2 is a new system, so we can decide what to use and clearly document it. So we can reuse either old timeline service configurations(as we did in 1st patch) or reuse existing http CORS configurations (as in 2nd patch). The advantage of first is that if we are using same config file for multiple modules; and if we want to enable/disable CORS for ATS or use different set of allowed headers, irrespective of what is configured for other modules, we can do it. This however is not a use case for us as we use distinct set of config files for each module. Also it is somewhat unlikely somebody would enable CORS filter for one module and not for other. So I am fine with either. I am -0 on what has been done in 2nd patch. Therefore, we can go with the majority opinion here. If majority wants to go with approach in 2nd patch, I would suggest to have a link to HTTP Authentication page's CORS section in timeline service HTML page's CORS section telling user to refer to other CORS related configurations there, in addition to the config for enabling and disabling it, already mentioned in md file in the patch. was (Author: varun_saxena): Now coming to the patch, the thing we have to consider is that we already have yarn timeline-service related CORS configurations. So if somebody looks at it, they may think this has to be used for ATSv2 too. Please note that we reuse most of the existing ATSv1 configurations for ATSv2 too (wherever possible). However, for NM and RM we do not use RM/NM specific configurations. As ATSv2 is a new system, so we can decide what to use. We can use either old timeline service configurations(as we did in 1st patch) or reuse existing http CORS configurations (as in 2nd patch). The advantage of first is that if we are using same config file for multiple modules; and if we want to enable/disable CORS for ATS or use different set of allowed headers, irrespective of what is configured for other modules, we can do it. This however is not a use case for us as we use distinct set of config files for each module. Also it is somewhat unlikely somebody would enable CORS filter for one module and not for other. So I am fine with either. I am -0 on what has been done in 2nd patch. Therefore, we can go with the majority opinion here. If majority wants to go with approach in 2nd patch, I would suggest to have a link to HTTP Authentication page's CORS section in timeline service HTML page's CORS section telling user to refer to other CORS related configurations there, in addition to the config for enabling and disabling it, already mentioned in md file in the patch. > CORS support in timeline v2 > --- > > Key: YARN-6069 > URL: https://issues.apache.org/jira/browse/YARN-6069 > Project: Hadoop YARN > Issue Type: Sub-task > Components: timelinereader >Reporter: Sreenath Somarajapuram >Assignee: Rohith Sharma K S > Attachments: YARN-6069-YARN-5355.0001.patch, > YARN-6069-YARN-5355.0002.patch > > > By default the browser prevents accessing resources from multiple domains. In > most cases the UIs would be loaded form a domain different from that of > timeline server. Hence without CORS support, it would be difficult for the > UIs to load data from timeline v2. > YARN-2277 must provide more info on the implementation. -- This message was sent by Atlassian JIRA (v6.3.15#6346) - To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org
[jira] [Comment Edited] (YARN-6069) CORS support in timeline v2
[ https://issues.apache.org/jira/browse/YARN-6069?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15869865#comment-15869865 ] Varun Saxena edited comment on YARN-6069 at 2/16/17 12:55 PM: -- Now coming to the patch, the thing we have to consider is that we already have yarn timeline-service related CORS configurations. So if somebody looks at it, they may think this has to be used for ATSv2 too. Please note that we reuse most of the existing ATSv1 configurations for ATSv2 too (wherever possible). However, for NM and RM we do not use RM/NM specific configurations. As ATSv2 is a new system, so we can decide what to use. We can use either old timeline service configurations(as we did in 1st patch) or reuse existing http CORS configurations (as in 2nd patch). The advantage of first is that if we are using same config file for multiple modules; and if we want to enable/disable CORS for ATS or use different set of allowed headers, irrespective of what is configured for other modules, we can do it. This however is not a use case for us as we use distinct set of config files for each module. Also it is somewhat unlikely somebody would enable CORS filter for one module and not for other. So I am fine with either. I am -0 on what has been done in 2nd patch. Therefore, we can go with the majority opinion here. If majority wants to go with approach in 2nd patch, I would suggest to have a link to HTTP Authentication page's CORS section in timeline service HTML page's CORS section telling user to refer to other CORS related configurations there, in addition to the config for enabling and disabling it, already mentioned in md file in the patch. was (Author: varun_saxena): Now coming to the patch, the thing we have to consider is that we already have yarn timeline-service related CORS configurations. So if somebody looks at it, they may think this has to be used for ATSv2 too. Please note that we reuse most of the existing ATSv1 configurations for ATSv2 too (wherever possible). However, as ATSv2 is a new system, so we can decide what to use. We can use either old timeline service configurations(as we did in 1st patch) or reuse existing http CORS configurations (as in 2nd patch). The advantage of first is that if we are using same config file for multiple modules; and if we want to enable/disable CORS for ATS or use different set of allowed headers, irrespective of what is configured for other modules, we can do it. This however is not a use case for us as we use distinct set of config files for each module. So I am fine with either. I am -0 on what has been done in 2nd patch. Therefore, we can go with the majority opinion here. If majority wants to go with approach in 2nd patch, I would suggest to have a link to HTTP Authentication page's CORS section in timeline service HTML page's CORS section telling user to refer to other CORS related configurations there, in addition to the config for enabling and disabling it, already mentioned in md file in the patch. > CORS support in timeline v2 > --- > > Key: YARN-6069 > URL: https://issues.apache.org/jira/browse/YARN-6069 > Project: Hadoop YARN > Issue Type: Sub-task > Components: timelinereader >Reporter: Sreenath Somarajapuram >Assignee: Rohith Sharma K S > Attachments: YARN-6069-YARN-5355.0001.patch, > YARN-6069-YARN-5355.0002.patch > > > By default the browser prevents accessing resources from multiple domains. In > most cases the UIs would be loaded form a domain different from that of > timeline server. Hence without CORS support, it would be difficult for the > UIs to load data from timeline v2. > YARN-2277 must provide more info on the implementation. -- This message was sent by Atlassian JIRA (v6.3.15#6346) - To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org
[jira] [Comment Edited] (YARN-6069) CORS support in timeline v2
[ https://issues.apache.org/jira/browse/YARN-6069?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15869865#comment-15869865 ] Varun Saxena edited comment on YARN-6069 at 2/16/17 12:54 PM: -- Now coming to the patch, the thing we have to consider is that we already have yarn timeline-service related CORS configurations. So if somebody looks at it, they may think this has to be used for ATSv2 too. Please note that we reuse most of the existing ATSv1 configurations for ATSv2 too (wherever possible). However, as ATSv2 is a new system, so we can decide what to use. We can use either old timeline service configurations(as we did in 1st patch) or reuse existing http CORS configurations (as in 2nd patch). The advantage of first is that if we are using same config file for multiple modules; and if we want to enable/disable CORS for ATS or use different set of allowed headers, irrespective of what is configured for other modules, we can do it. This however is not a use case for us as we use distinct set of config files for each module. So I am fine with either. I am -0 on what has been done in 2nd patch. Therefore, we can go with the majority opinion here. If majority wants to go with approach in 2nd patch, I would suggest to have a link to HTTP Authentication page's CORS section in timeline service HTML page's CORS section telling user to refer to other CORS related configurations there, in addition to the config for enabling and disabling it, already mentioned in md file in the patch. was (Author: varun_saxena): Now coming to the patch, the thing we have to consider is that we already have yarn timeline-service related CORS configurations. So if somebody looks at it, they may think this has to be used for ATSv2 too. Please note that we reuse most of the existing ATSv1 configurations for ATSv2 too (wherever possible). However, as ATSv2 is a new system, so we can decide what to use. We can use either old timeline service configurations(as we did in 1st patch) or reuse existing http CORS configurations (as in 2nd patch). The advantage of first is that if we are using same config file for multiple modules; and if we want to enable/disable CORS for ATS or use different set of allowed headers, irrespective of what is configured for other modules, we can do it. This however is not a use case for us as we use distinct set of config files for each module. So I am fine with either. I am -0 on what has been done in 2nd patch. Therefore, we can go with the majority opinion here. If majority wants to go with approach in 2nd patch, I would suggest to link HTTP Authentication page's CORS section in timeline service HTML page telling user to refer to other CORS related configurations in addition to enabling and disabling it. > CORS support in timeline v2 > --- > > Key: YARN-6069 > URL: https://issues.apache.org/jira/browse/YARN-6069 > Project: Hadoop YARN > Issue Type: Sub-task > Components: timelinereader >Reporter: Sreenath Somarajapuram >Assignee: Rohith Sharma K S > Attachments: YARN-6069-YARN-5355.0001.patch, > YARN-6069-YARN-5355.0002.patch > > > By default the browser prevents accessing resources from multiple domains. In > most cases the UIs would be loaded form a domain different from that of > timeline server. Hence without CORS support, it would be difficult for the > UIs to load data from timeline v2. > YARN-2277 must provide more info on the implementation. -- This message was sent by Atlassian JIRA (v6.3.15#6346) - To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org
[jira] [Comment Edited] (YARN-6069) CORS support in timeline v2
[ https://issues.apache.org/jira/browse/YARN-6069?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15869094#comment-15869094 ] Varun Saxena edited comment on YARN-6069 at 2/16/17 3:53 AM: - As of now for timeline service, we use the timeline specific configurations if they are configured and fall back to common configurations in HttpCrossOriginFilterInitializer, if not configured. Now for ATSv2 we can potentially use common configurations itself. As ATSv2 is new, we can probably define it this way. However this does not give us flexibility of switching off CORS for some modules and not for some(if same configuration is used). But I wonder why someone would be doing it i.e. switch off CORS for some and not switch it off for other. was (Author: varun_saxena): As of now for timeline service, we use the timeline specific configurations if they are configured and fall back to common configurations in HttpCrossOriginFilterInitializer, if not configured. Now for ATSv2 we can potentially use common configurations itself. As ATSv2 is new, we can probably define it this way. > CORS support in timeline v2 > --- > > Key: YARN-6069 > URL: https://issues.apache.org/jira/browse/YARN-6069 > Project: Hadoop YARN > Issue Type: Sub-task > Components: timelinereader >Reporter: Sreenath Somarajapuram >Assignee: Rohith Sharma K S > Attachments: YARN-6069-YARN-5355.0001.patch > > > By default the browser prevents accessing resources from multiple domains. In > most cases the UIs would be loaded form a domain different from that of > timeline server. Hence without CORS support, it would be difficult for the > UIs to load data from timeline v2. > YARN-2277 must provide more info on the implementation. -- This message was sent by Atlassian JIRA (v6.3.15#6346) - To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org
