[jira] [Updated] (YARN-1966) Capacity Scheduler acl_submit_applications in Leaf Queue finally considers root queue default always

Sunil G (JIRA) Mon, 21 Apr 2014 04:44:00 -0700

     [ 
https://issues.apache.org/jira/browse/YARN-1966?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Sunil G updated YARN-1966:
--------------------------

    Attachment: Yarn-1966.1.patch

Here issue is happening because while submitting an application, hasAccess() 
check will always reach ParentQueue::hasAccess(). 
In this case, finally parent will come as "root" and it will pass this check. 
(* is default for acl_submit_applications and acl_administer_queue in root 
queue)

So to ensure only one specified user to submit job in a leaf queue, below 
configurations are mandatory in "root"
  root.acl_submit_applications 
  root.acl_administer_queue

To submit a job, acl_administer_queue check has no relevance. But we are forced 
to configure this also, if we want to achieve what is mentioned in the problem 
statement of this issue. 
Also if each leaf queue wants to have its own set of users, all users finally 
are to be mentioned in root. This is not good.

So it is better to skip hasAccess() check if parent Queue is "root" as below
if(rootQueue){
   return false;
}

> Capacity Scheduler acl_submit_applications in Leaf Queue finally considers 
> root queue default always
> ----------------------------------------------------------------------------------------------------
>
>                 Key: YARN-1966
>                 URL: https://issues.apache.org/jira/browse/YARN-1966
>             Project: Hadoop YARN
>          Issue Type: Bug
>          Components: resourcemanager
>    Affects Versions: 2.4.0
>            Reporter: Sunil G
>         Attachments: Yarn-1966.1.patch
>
>
> Given with below configurations,
> <property>
>   <name>yarn.scheduler.capacity.root.queues</name>
>   <value>fast,medium</value>
> </property>
> <property>
>   <name>yarn.scheduler.capacity.root.fast.acl_submit_applications</name>
>   <value>hadoop</value>
> </property>
> <property>
>   <name>yarn.scheduler.capacity.root.slow.acl_submit_applications</name>
>   <value>hadoop</value>
> </property>
> In this case, the expectation is like "hadoop" user can only submit job to 
> "fast" or "slow" queue.
> But now any user can submit job to these queues.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

[jira] [Updated] (YARN-1966) Capacity Scheduler acl_submit_applications in Leaf Queue finally considers root queue default always

Reply via email to