[jira] Commented: (MAPREDUCE-1543) Log messages of JobACLsManager should use security logging of HADOOP-6586

Thu, 11 Mar 2010 03:28:51 -0800 

    [ 
https://issues.apache.org/jira/browse/MAPREDUCE-1543?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12844029#action_12844029
 ] 

Hemanth Yamijala commented on MAPREDUCE-1543:
---------------------------------------------

Amar,

Primarily I am thinking that having a format close to HDFS is good, because the 
HDFS audit log has been around for a while now and is probably something users 
are used to. That said, I think we may also want to keep in mind the cost of 
getting all the information to keep the two logs similar.

I had a discussion with Vinod and Ravi also about this. To me, printing UGI (in 
place of agent, which is just user name) and remote-ip would be good. However, 
opinion is not fully converging on this. Ravi and Vinod feel UGI might be too 
verbose and also getting the groups for a user could impact performance if the 
groups are not cached.

Remote IP is very useful, IMO. If something failed, having the remote IP will 
help identify the source of trouble. I am even thinking there might be cases 
where valid users due to misconfigured nodes could face failures. And logging 
the remote IP will help weed out these misconfigurations.

Given the above, one thought is to have groups and remote-ip optional, and log 
them only for failures.

Permissions equals ACLs for us. ACLs can be verbose too. Hence, it falls in the 
same category as the above two fields.

I would also suggest a key=value kind of format for this. If HDFS is also using 
the same, I think this is definitely the way to go.

> Log messages of JobACLsManager should use security logging of HADOOP-6586
> -------------------------------------------------------------------------
>
>                 Key: MAPREDUCE-1543
>                 URL: https://issues.apache.org/jira/browse/MAPREDUCE-1543
>             Project: Hadoop Map/Reduce
>          Issue Type: Bug
>          Components: security
>            Reporter: Vinod K V
>             Fix For: 0.22.0
>
>
> {{JobACLsManager}} added in MAPREDUCE-1307 logs the successes and failures 
> w.r.t job-level authorization in the corresponding Daemons' logs. The log 
> messages should instead use security logging of HADOOP-6586.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to