[
https://issues.apache.org/jira/browse/MAPREDUCE-1543?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12845894#action_12845894
]
Hemanth Yamijala commented on MAPREDUCE-1543:
---------------------------------------------
bq. HDFS uses ugi. As we discussed, we would be logging the usernames in
MapReduce. I think agent can act as a common word for ugi or username.
I prefer userid. Ok with ip, if it maintains parity with HDFS.
bq. [tabs] inline with HDFS.
+1
bq. I would rather prefer having one word representation for permissions for
audit logs.
I think the toString of ACLs should be maintained and cannot be changed, it is
a constraint. Further, while permissions is one example, I think there may be
other values with spaces. Since we are using tabs as delimiters, maybe this is
less of an issue now.
bq. Reason seems confusing.
Can you confirm if we are changing this to AdditionalInfo, I think that's more
general.
bq. I would rather prefer Enums and have JobTracker.Operations and
JobInProgress.Operations. Note we already have QueueManager.QueueOperations.
Umm, but we'll still need to treat these as 'Object' parameters and do a
toString on them to get a log, right ? I see that as no different from passing
a string.
bq. Two logs for submitJob because they are 2 authorization checks involved.
My concern is that in a success case, there are multiple lines indicating that
job submission succeeded - one for the queue and one in submitJob itself. But
possibly this is OK.
bq. If audit logs are important then what is the point of making some of them
WARN, ERROR or FATAL? Shouldn't all the audit logs be INFO logs?
This was inline with the other audit patch and hence my suggestion. Failure
logs are more important than Success logs. Hence to optimize for e.g. we can
turn off success logs by configuring log level. I would prefer this be done.
> Log messages of JobACLsManager should use security logging of HADOOP-6586
> -------------------------------------------------------------------------
>
> Key: MAPREDUCE-1543
> URL: https://issues.apache.org/jira/browse/MAPREDUCE-1543
> Project: Hadoop Map/Reduce
> Issue Type: Bug
> Components: security
> Reporter: Vinod K V
> Assignee: Amar Kamat
> Fix For: 0.22.0
>
> Attachments: mapreduce-1543-y20s.patch
>
>
> {{JobACLsManager}} added in MAPREDUCE-1307 logs the successes and failures
> w.r.t job-level authorization in the corresponding Daemons' logs. The log
> messages should instead use security logging of HADOOP-6586.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
