How to restrict users who can post domains/entities to the YARN Timeline Server?
Hi, I’m using the YARN Timeline Server v1 from Hadoop 2.7.7, and I want the Timeline Server to be secure. To configure Kerberos authentication and authorization, I set the followings in yarn-site.xml: - yarn.timeline-service.http-authentication.type: kerberos - yarn.timeline-service.http-authentication.kerberos.principal - yarn.timeline-service.http-authentication.kerberos.keytab - yarn.acl.enable: true - yarn.admin.acl: (space) However, as far as I know, anyone who has a Kerberos ticket can create a new Timeline domain unless the ID of the domain already exists. After then, the one can post timeline entities to the domain. My question is, is there any way to restrict users who can post domains and entities to Timeline Server without modifying Hadoop source codes? Best regards, Junseung.
Re: How to restrict users who can post domains/entities to the YARN Timeline Server?
Hi Junseung, You are right, any one who has a valid kerberos ticket is allowed to put a domain, but the owner of domain can decide who can write and read entities into the domain. We can write a custom Filter with extra logic to restrict certain users from creating domain and add the custom FilterInitializer in hadoop.http.filter.initializers. Thanks, Prabhu Joseph On Thu, May 30, 2019 at 5:31 PM Junseung Hwang wrote: > Hi, > > I’m using the YARN Timeline Server v1 from Hadoop 2.7.7, and I want the > Timeline Server to be secure. > > To configure Kerberos authentication and authorization, I set the > followings in yarn-site.xml: > - yarn.timeline-service.http-authentication.type: kerberos > - yarn.timeline-service.http-authentication.kerberos.principal > - yarn.timeline-service.http-authentication.kerberos.keytab > - yarn.acl.enable: true > - yarn.admin.acl: (space) > > However, as far as I know, anyone who has a Kerberos ticket can create a > new Timeline domain unless the ID of the domain already exists. After then, > the one can post timeline entities to the domain. > > My question is, is there any way to restrict users who can post domains > and entities to Timeline Server without modifying Hadoop source codes? > > Best regards, > > Junseung. >
How to run Test class for HDFS?
Hi all,
I want to run a unit test by using hadoop-hdfs-2.9.2-tests.jar in
hadoop-2.9.2/share/hadoop/hdfs.
1.
It didn't work to run the followed command.
(yarn jar hadoop-2.9.2/share/hadoop/hdfs/hadoop-hdfs-2.9.2-tests.jar
TestWriteRead)
The error message said that there is no main class name.
2.
I also tried to manually compile the wordcount class and it failed.
- javac -classpath ${HADOOP_CLASSPATH} -d
'hdfs-test/TestWriteRead-cp/'
'/home/hduser/hdfs-test/TestWriteRead.java'
- jar -cvf TestRW.jar -c TestWriteRead-cp .
but it didn't work.
How Can I run hdfs-tests.jar ??
Best Regards,
Daegyu Han
-
To unsubscribe, e-mail: user-unsubscr...@hadoop.apache.org
For additional commands, e-mail: user-h...@hadoop.apache.org
Re: How to run Test class for HDFS?
Try giving the name as org.apache.hadoop.hdfs.TestWriteRead
With package name
> On 31-May-2019, at 11:16 AM, Daegyu Han wrote:
>
> Hi all,
>
> I want to run a unit test by using hadoop-hdfs-2.9.2-tests.jar in
> hadoop-2.9.2/share/hadoop/hdfs.
>
> 1.
> It didn't work to run the followed command.
> (yarn jar hadoop-2.9.2/share/hadoop/hdfs/hadoop-hdfs-2.9.2-tests.jar
> TestWriteRead)
> The error message said that there is no main class name.
>
> 2.
> I also tried to manually compile the wordcount class and it failed.
> - javac -classpath ${HADOOP_CLASSPATH} -d
> 'hdfs-test/TestWriteRead-cp/'
> '/home/hduser/hdfs-test/TestWriteRead.java'
> - jar -cvf TestRW.jar -c TestWriteRead-cp .
> but it didn't work.
>
> How Can I run hdfs-tests.jar ??
>
> Best Regards,
> Daegyu Han
>
> -
> To unsubscribe, e-mail: user-unsubscr...@hadoop.apache.org
> For additional commands, e-mail: user-h...@hadoop.apache.org
>
-
To unsubscribe, e-mail: user-unsubscr...@hadoop.apache.org
For additional commands, e-mail: user-h...@hadoop.apache.org
