[
https://issues.apache.org/jira/browse/YARN-6791?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
daemon updated YARN-6791:
-------------------------
Description:
The yarn application acl control is not so perfect which could let us pretty
confused sometimes.
!screenshot-1.png!
The yarn acl is disabled default, but when we enable it.
You will find the others who neither is yarn admin nor queue admin can not
view the application detail.
It will show something as blow in YARN RM web ui:
!screenshot-2.png!
So when we enable those configs, you will find it is very inconvenient to view
the application status
when use RM web ui.
There are two ways to solve the problem:
1. To make the web ui more perfect, and can allow user to login as any uses he
want.
Besides, it should provide a perfect verification mechanism.
2. Add a config in YarnConfiguration, which can allow some uses view any
applications he want.
But he has not modify permissions.
In this way, the user can view all applications but can not kill other users
applications.
Of the above two solutions, I will choose the second solution.
It is low cost but is more useful.
I will work on this, and upload the patch later.
was:
The yarn application acl control is not so perfect which could let us pretty
confused sometimes.
!screenshot-1.png!
The yarn acl is disabled default, but when we enable it.
You will find the others who neither is yarn admin nor queue admin, he will
not view the status
of the application. It will show something as blow in YARN RM web ui:
!screenshot-2.png!
So when we enable those configs, you will find it is very inconvenient to view
the application status
for uses.
There are two ways to solve the problem:
1. To make the web ui more perfect, and can allow user to login as any uses he
want.
Besides, it should provide a perfect verification mechanism.
2. Add a config in YarnConfiguration, which can allow some uses view any
applications he want.
But he has not modify permissions.
In this way, the user can view all applications but can not kill other users
applications.
Of the above two solutions, I will choose the second solution.
It is low cost but is more useful.
I will work on this, and upload the patch later.
> Add a new acl control to make YARN acl control perfect
> ------------------------------------------------------
>
> Key: YARN-6791
> URL: https://issues.apache.org/jira/browse/YARN-6791
> Project: Hadoop YARN
> Issue Type: Improvement
> Components: yarn
> Affects Versions: 2.7.2
> Reporter: daemon
> Assignee: daemon
> Fix For: 2.7.2
>
> Attachments: screenshot-1.png, screenshot-2.png
>
>
> The yarn application acl control is not so perfect which could let us pretty
> confused sometimes.
> !screenshot-1.png!
> The yarn acl is disabled default, but when we enable it.
> You will find the others who neither is yarn admin nor queue admin can not
> view the application detail.
> It will show something as blow in YARN RM web ui:
> !screenshot-2.png!
> So when we enable those configs, you will find it is very inconvenient to
> view the application status
> when use RM web ui.
> There are two ways to solve the problem:
> 1. To make the web ui more perfect, and can allow user to login as any uses
> he want.
> Besides, it should provide a perfect verification mechanism.
> 2. Add a config in YarnConfiguration, which can allow some uses view any
> applications he want.
> But he has not modify permissions.
> In this way, the user can view all applications but can not kill other users
> applications.
> Of the above two solutions, I will choose the second solution.
> It is low cost but is more useful.
> I will work on this, and upload the patch later.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org
