[ 
https://issues.apache.org/jira/browse/YARN-796?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14129024#comment-14129024
 ] 

Craig Welch commented on YARN-796:
----------------------------------

So, I'm adding code to check whether a user should be able to modify labels (is 
an admin) and I think that we should be checking the UserGroup information but 
not executing the operation using "doAs".  This is because, ultimately, the 
process is writing data into hdfs and for permissions reasons I think it should 
always be written as the same user - the user yarn runs as - if we do the doAs 
there will be a mishmash of users there, and to have the directory be secure 
there would need to be a group with rights which contains all the admin users, 
which is extra overhead (otherwise, it has to be world writable, which tends to 
compromise the security model...)  I think the same is true if we use other 
datastores down the line for holding the label info - really, our interest in 
the user it to verify access, but we don't really need or want to perform 
actions on their behalf (like you would when launching a job, etc), this is not 
one of those cases.  So, I propose enforcing the check but executing whatever 
changes as the user the process is running under (the resourcemanager/yarn 
user, basically, just dropping the doAs).  This means that entry points will 
need to do the verification, but that's not really an issue, the already have 
to be aware to gather the info regarding who the user is / are aware of the 
need for doAs, now, etc.  It means that the user will need to be careful if 
executing a tool which directly modifies the data in hdfs to do that as an 
appropriate user, but they already have to do that, it's not a new issue which 
is being created with this approach (it doesn't really make that any better or 
worse, imho).  Thoughts?

> Allow for (admin) labels on nodes and resource-requests
> -------------------------------------------------------
>
>                 Key: YARN-796
>                 URL: https://issues.apache.org/jira/browse/YARN-796
>             Project: Hadoop YARN
>          Issue Type: Sub-task
>    Affects Versions: 2.4.1
>            Reporter: Arun C Murthy
>            Assignee: Wangda Tan
>         Attachments: LabelBasedScheduling.pdf, 
> Node-labels-Requirements-Design-doc-V1.pdf, 
> Node-labels-Requirements-Design-doc-V2.pdf, YARN-796-Diagram.pdf, 
> YARN-796.node-label.consolidate.1.patch, YARN-796.node-label.demo.patch.1, 
> YARN-796.patch, YARN-796.patch4
>
>
> It will be useful for admins to specify labels for nodes. Examples of labels 
> are OS, processor architecture etc.
> We should expose these labels and allow applications to specify labels on 
> resource-requests.
> Obviously we need to support admin operations on adding/removing node labels.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to