[jira] [Updated] (YARN-1853) Allow containers to be ran under real user even in insecure mode
[ https://issues.apache.org/jira/browse/YARN-1853?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Allen Wittenauer updated YARN-1853: --- Assignee: Andrey Stepachev > Allow containers to be ran under real user even in insecure mode > > > Key: YARN-1853 > URL: https://issues.apache.org/jira/browse/YARN-1853 > Project: Hadoop YARN > Issue Type: Improvement > Components: nodemanager, resourcemanager >Affects Versions: 2.3.0 >Reporter: Andrey Stepachev >Assignee: Andrey Stepachev > Attachments: YARN-1853-trunk.patch, YARN-1853.patch > > > Currently unsecure cluster runs all containers under one user (typically > nobody). That is not appropriate, because yarn applications doesn't play well > with hdfs having enabled permissions. Yarn applications try to write data (as > expected) into /user/nobody regardless of user, who launched application. > Another sideeffect is that it is not possible to configure cgroups for > particular users. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (YARN-1853) Allow containers to be ran under real user even in insecure mode
[ https://issues.apache.org/jira/browse/YARN-1853?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Andrey Stepachev updated YARN-1853: --- Attachment: YARN-1853-trunk.patch > Allow containers to be ran under real user even in insecure mode > > > Key: YARN-1853 > URL: https://issues.apache.org/jira/browse/YARN-1853 > Project: Hadoop YARN > Issue Type: Improvement > Components: nodemanager, resourcemanager >Affects Versions: 2.3.0 >Reporter: Andrey Stepachev > Attachments: YARN-1853-trunk.patch, YARN-1853.patch > > > Currently unsecure cluster runs all containers under one user (typically > nobody). That is not appropriate, because yarn applications doesn't play well > with hdfs having enabled permissions. Yarn applications try to write data (as > expected) into /user/nobody regardless of user, who launched application. > Another sideeffect is that it is not possible to configure cgroups for > particular users. -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Updated] (YARN-1853) Allow containers to be ran under real user even in insecure mode
[ https://issues.apache.org/jira/browse/YARN-1853?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Andrey Stepachev updated YARN-1853: --- Attachment: (was: YARN-1853-trunk.patch) > Allow containers to be ran under real user even in insecure mode > > > Key: YARN-1853 > URL: https://issues.apache.org/jira/browse/YARN-1853 > Project: Hadoop YARN > Issue Type: Improvement > Components: nodemanager, resourcemanager >Affects Versions: 2.3.0 >Reporter: Andrey Stepachev > Attachments: YARN-1853-trunk.patch, YARN-1853.patch > > > Currently unsecure cluster runs all containers under one user (typically > nobody). That is not appropriate, because yarn applications doesn't play well > with hdfs having enabled permissions. Yarn applications try to write data (as > expected) into /user/nobody regardless of user, who launched application. > Another sideeffect is that it is not possible to configure cgroups for > particular users. -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Updated] (YARN-1853) Allow containers to be ran under real user even in insecure mode
[ https://issues.apache.org/jira/browse/YARN-1853?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Andrey Stepachev updated YARN-1853: --- Attachment: YARN-1853-trunk.patch patch ported to trunk. > Allow containers to be ran under real user even in insecure mode > > > Key: YARN-1853 > URL: https://issues.apache.org/jira/browse/YARN-1853 > Project: Hadoop YARN > Issue Type: Improvement > Components: nodemanager, resourcemanager >Affects Versions: 2.3.0 >Reporter: Andrey Stepachev > Attachments: YARN-1853-trunk.patch, YARN-1853.patch > > > Currently unsecure cluster runs all containers under one user (typically > nobody). That is not appropriate, because yarn applications doesn't play well > with hdfs having enabled permissions. Yarn applications try to write data (as > expected) into /user/nobody regardless of user, who launched application. > Another sideeffect is that it is not possible to configure cgroups for > particular users. -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Updated] (YARN-1853) Allow containers to be ran under real user even in insecure mode
[ https://issues.apache.org/jira/browse/YARN-1853?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Andrey Stepachev updated YARN-1853: --- Attachment: (was: YARN-1853.patch) > Allow containers to be ran under real user even in insecure mode > > > Key: YARN-1853 > URL: https://issues.apache.org/jira/browse/YARN-1853 > Project: Hadoop YARN > Issue Type: Improvement > Components: nodemanager, resourcemanager >Affects Versions: 2.3.0 >Reporter: Andrey Stepachev > Attachments: YARN-1853.patch > > > Currently unsecure cluster runs all containers under one user (typically > nobody). That is not appropriate, because yarn applications doesn't play well > with hdfs having enabled permissions. Yarn applications try to write data (as > expected) into /user/nobody regardless of user, who launched application. > Another sideeffect is that it is not possible to configure cgroups for > particular users. -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Updated] (YARN-1853) Allow containers to be ran under real user even in insecure mode
[ https://issues.apache.org/jira/browse/YARN-1853?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Andrey Stepachev updated YARN-1853: --- Affects Version/s: (was: 2.2.0) 2.3.0 > Allow containers to be ran under real user even in insecure mode > > > Key: YARN-1853 > URL: https://issues.apache.org/jira/browse/YARN-1853 > Project: Hadoop YARN > Issue Type: Improvement > Components: nodemanager, resourcemanager >Affects Versions: 2.3.0 >Reporter: Andrey Stepachev > Attachments: YARN-1853.patch > > > Currently unsecure cluster runs all containers under one user (typically > nobody). That is not appropriate, because yarn applications doesn't play well > with hdfs having enabled permissions. Yarn applications try to write data (as > expected) into /user/nobody regardless of user, who launched application. > Another sideeffect is that it is not possible to configure cgroups for > particular users. -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Updated] (YARN-1853) Allow containers to be ran under real user even in insecure mode
[ https://issues.apache.org/jira/browse/YARN-1853?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Andrey Stepachev updated YARN-1853: --- Component/s: resourcemanager > Allow containers to be ran under real user even in insecure mode > > > Key: YARN-1853 > URL: https://issues.apache.org/jira/browse/YARN-1853 > Project: Hadoop YARN > Issue Type: Improvement > Components: nodemanager, resourcemanager >Affects Versions: 2.2.0 >Reporter: Andrey Stepachev > Attachments: YARN-1853.patch, YARN-1853.patch > > > Currently unsecure cluster runs all containers under one user (typically > nobody). That is not appropriate, because yarn applications doesn't play well > with hdfs having enabled permissions. Yarn applications try to write data (as > expected) into /user/nobody regardless of user, who launched application. > Another sideeffect is that it is not possible to configure cgroups for > particular users. -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Updated] (YARN-1853) Allow containers to be ran under real user even in insecure mode
[ https://issues.apache.org/jira/browse/YARN-1853?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Andrey Stepachev updated YARN-1853: --- Attachment: YARN-1853.patch Updated patch. RMAppManager should check existence of user before submitting app in insecure mode and reject if no user found. (this patch defensive, check user only in non-impersonate mode). > Allow containers to be ran under real user even in insecure mode > > > Key: YARN-1853 > URL: https://issues.apache.org/jira/browse/YARN-1853 > Project: Hadoop YARN > Issue Type: Improvement > Components: nodemanager >Affects Versions: 2.2.0 >Reporter: Andrey Stepachev > Attachments: YARN-1853.patch, YARN-1853.patch > > > Currently unsecure cluster runs all containers under one user (typically > nobody). That is not appropriate, because yarn applications doesn't play well > with hdfs having enabled permissions. Yarn applications try to write data (as > expected) into /user/nobody regardless of user, who launched application. > Another sideeffect is that it is not possible to configure cgroups for > particular users. -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Updated] (YARN-1853) Allow containers to be ran under real user even in insecure mode
[ https://issues.apache.org/jira/browse/YARN-1853?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Andrey Stepachev updated YARN-1853: --- Affects Version/s: 2.2.0 > Allow containers to be ran under real user even in insecure mode > > > Key: YARN-1853 > URL: https://issues.apache.org/jira/browse/YARN-1853 > Project: Hadoop YARN > Issue Type: Improvement > Components: nodemanager >Affects Versions: 2.2.0 >Reporter: Andrey Stepachev > Attachments: YARN-1853.patch > > > Currently unsecure cluster runs all containers under one user (typically > nobody). That is not appropriate, because yarn applications doesn't play well > with hdfs having enabled permissions. Yarn applications try to write data (as > expected) into /user/nobody regardless of user, who launched application. > Another sideeffect is that it is not possible to configure cgroups for > particular users. -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Updated] (YARN-1853) Allow containers to be ran under real user even in insecure mode
[ https://issues.apache.org/jira/browse/YARN-1853?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Andrey Stepachev updated YARN-1853: --- Attachment: YARN-1853.patch My propose it to use parameter 'yarn.nodemanager.linux-container-executor.nonsecure-mode.impersonate' (with default to true) which will control, should yarn impersonate container in insecure mode, or should run it under concrete user. > Allow containers to be ran under real user even in insecure mode > > > Key: YARN-1853 > URL: https://issues.apache.org/jira/browse/YARN-1853 > Project: Hadoop YARN > Issue Type: Improvement > Components: nodemanager >Reporter: Andrey Stepachev > Attachments: YARN-1853.patch > > > Currently unsecure cluster runs all containers under one user (typically > nobody). That is not appropriate, because yarn applications doesn't play well > with hdfs having enabled permissions. Yarn applications try to write data (as > expected) into /user/nobody regardless of user, who launched application. > Another sideeffect is that it is not possible to configure cgroups for > particular users. -- This message was sent by Atlassian JIRA (v6.2#6252)