[
https://issues.apache.org/jira/browse/YARN-1941?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13971442#comment-13971442
]
Gordon Wang commented on YARN-1941:
-----------------------------------
Hi [~sandyr], Thank you for your reply !
For (2), we can keep the behaviour compatible even if we change the default ACL
to NOBODY_ACL. From the user's view, changing the default ACL will not need
user to update the scheduler configuration. So, it is compatible with the
previous configuration.
Here is my thinking. We can consider this in 2 situations.
A) The ACL is disabled. (yarn.acl.enable = false). In this kind of
configuration, changing the default ACL of ROOT queue will not affect users.
Because scheduler do not check any ACL at this time.
B) The ACL is enabled. (yarn.acl.enable = true). Currently, if user want to
make ACL works correctly. They have to explicitly set the ACL of root queue to
NOBODY_ACL( ). After we change the default ACL of root queue, current
configuration should work(the root queue ACL should be set as what user
wants.). But we can get benefit in new scheduler configuration. In new
configuration, user do not need to explicitly set the root queue ACL.
What's your opinion?
I create 2 subtasks to track each item. Please feel free to comment. I am
formatting the patch. Will give you a review soon.
Thanks,
> Yarn scheduler ACL improvement
> ------------------------------
>
> Key: YARN-1941
> URL: https://issues.apache.org/jira/browse/YARN-1941
> Project: Hadoop YARN
> Issue Type: Improvement
> Components: scheduler
> Affects Versions: 2.3.0
> Reporter: Gordon Wang
> Labels: scheduler
>
> Defect:
> 1. Currently, in Yarn Capacity Scheduler and Yarn Fair Scheduler, the queue
> ACL is always checked when submitting a app to scheduler, regardless of the
> property "yarn.acl.enable".
> But for killing an app, the ACL is checked when yarn.acl.enable is set.
> The behaviour is not consistent.
> 2. default ACL for root queue is EVERYBODY_ACL( * ), while default ACL for
> other queues is NODODY_ACL( ). From users' view, this is error prone and not
> easy to understand the ACL policy of Yarn scheduler. root queue should not be
> so special compared with other parent queues.
> For example, if I want to set capacity scheduler ACL, the ACL of root has to
> be set explicitly. Otherwise, everyone can submit APP to yarn scheduler.
> Because root queue ACL is EVERYBODY_ACL.
> This is hard for user to administrate yarn scheduler.
> So, I propose to improve the ACL of yarn scheduler in the following aspects.
> 1. only enable scheduler queue ACL when yarn.acl.enable is set to true.
> 2. set the default ACL of root queue as NOBODY_ACL( ). Make all the parent
> queues' ACL consistent.
>
--
This message was sent by Atlassian JIRA
(v6.2#6252)
