[jira] [Commented] (YARN-8920) LogAggregation should be configurable to allow writing to underlying storage as appOwner or yarn user

Fri, 19 Oct 2018 13:49:08 -0700 


    [ 
https://issues.apache.org/jira/browse/YARN-8920?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16657413#comment-16657413
 ] 

Wangda Tan commented on YARN-8920:
----------------------------------

Thanks [~suma.shivaprasad],

1) Inside YarnConfiguration, 
We should add a default field inside YarnConfiguration as well as 
yarn-default.xml for the new key. 
We should avoid use \{{conf.get(key, true)}} for easier maintenance. (Instead 
you can use conf.get(key, DEFAULT_KEY_VALUE))
And also you can add necessary documentation (via description) to 
yarn-default.xml for documentation purposes.

2) LogAggregationIndexedFileController#initializeWriterForApp, 
I saw now the user is set to yarn when the config is set to false.
{\{indexedLogsMeta.setUser(ugi.getShortUserName())}}

I'm concerned about this, since the log is still belongs to the user when we 
come to view the UI, etc. But the file is read/written by YARN user's 
credentials. We should still separate the two.

> LogAggregation should be configurable to allow writing to underlying storage 
> as appOwner or yarn user
> -----------------------------------------------------------------------------------------------------
>
>                 Key: YARN-8920
>                 URL: https://issues.apache.org/jira/browse/YARN-8920
>             Project: Hadoop YARN
>          Issue Type: Improvement
>          Components: log-aggregation, yarn
>            Reporter: Suma Shivaprasad
>            Assignee: Suma Shivaprasad
>            Priority: Major
>         Attachments: YARN-8920.1.patch, YARN-8920.2.patch
>
>
> Currently NM Log Aggregation does not support writing to underlying storage 
> as "yarn" user.  This would be needed while writing storages like S3 which do 
> not support POSIX compliant ACLs and a single access key would be used for 
> writes and app owners will be allowed to read the logs with their own access 
> keys.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org

Reply via email to