[
https://issues.apache.org/jira/browse/YARN-1399?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13859148#comment-13859148
]
Karthik Kambatla commented on YARN-1399:
----------------------------------------
bq. Tags or the source/group originally proposed won't help the oozie case as
described on YARN-1390. Or to be more accurate, they make it unwieldy. Let's
say oozie uses a tag "workflow_123_566" for all apps in a workflow, any other
application from any other user SHOULD not set that tag. Or run the risk of
getting killed by oozie.
As Robert mentioned "workflow@action" is an involved string, and I don't think
a user accidentally setting that tag should be a concern. Oozie will kill an
application as the user who submitted the job. I agree Oozie will kill an app
if the same user (who submitted the workflow) submits another app with a tag
matching the action id. It doesn't sound likely, and I don't think it is really
a concern. Even if it were a concern, I don't think it is YARN's responsibility
to limit what tags can be set or not.
bq. To avoid it, we'll need to depend on oozie to not kill as a privileged user.
Oozie runs jobs as the user that submits the workflow. The same rules will
apply to killing a job. Even if Oozie somehow becomes malicious, it is YARN's
responsibility to not let it run/kill jobs as a privileged user. No?
bq. Further, I could make any other user's application-search cumbersome by
reusing his/her tags for my own applications. Seems like the tag-search should
be linked to and limited by some other entity like user - search for apps
matching a tag for a given user/queue etc.
That is definitely a thought. I am open to enforcing specifying either a
user/queue when searching for a tag. However, in principle, this could happen
with application-types as well: a user could submit a number of random YARN
applications with type MAPREDUCE. I thought the way we were restricting
exposing these (tags/types) was through ACLs on a secure cluster. Only users
with permissions to view someone else's apps should be able to view the tags.
> Allow users to annotate an application with multiple tags
> ---------------------------------------------------------
>
> Key: YARN-1399
> URL: https://issues.apache.org/jira/browse/YARN-1399
> Project: Hadoop YARN
> Issue Type: Improvement
> Reporter: Zhijie Shen
> Assignee: Zhijie Shen
>
> Nowadays, when submitting an application, users can fill the applicationType
> field to facilitate searching it later. IMHO, it's good to accept multiple
> tags to allow users to describe their applications in multiple aspects,
> including the application type. Then, searching by tags may be more efficient
> for users to reach their desired application collection. It's pretty much
> like the tag system of online photo/video/music and etc.
--
This message was sent by Atlassian JIRA
(v6.1.5#6160)
