Re: spark ui security

2016-01-07 Thread Ted Yu 
According to https://spark.apache.org/docs/latest/security.html#web-ui ,
web UI is covered.

FYI

On Thu, Jan 7, 2016 at 6:35 AM, Kostiantyn Kudriavtsev <
kudryavtsev.konstan...@gmail.com> wrote:

> hi community,
>
> do I understand correctly that spark.ui.filters property sets up filters
> only for jobui interface? is it any way to protect spark web ui in the same
> *way?*
>

Re: spark ui security

2016-01-07 Thread Kostiantyn Kudriavtsev 
can I do it without kerberos and hadoop?
ideally using filters as for job UI

On Jan 7, 2016, at 1:22 PM, Prem Sure  wrote:

> you can refer more on https://searchcode.com/codesearch/view/97658783/
> https://github.com/apache/spark/blob/master/core/src/main/scala/org/apache/spark/SecurityManager.scala
> 
> spark.authenticate = true
> spark.ui.acls.enable = true
> spark.ui.view.acls = user1,user2
> spark.ui.filters = 
> org.apache.hadoop.security.authentication.server.AuthenticationFilter
> spark.org.apache.hadoop.security.authentication.server.AuthenticationFilter.params="type=kerberos,kerberos.principal=HTTP/mybox@MYDOMAIN,kerberos.keytab=/some/keytab"
> 
> 
> 
> 
> On Thu, Jan 7, 2016 at 10:35 AM, Kostiantyn Kudriavtsev 
>  wrote:
> I’m afraid I missed where this property must be specified? I added it to 
> spark-xxx.conf which is basically configurable per job, so I assume to 
> protect WebUI the different place must be used, isn’t it?
> 
> On Jan 7, 2016, at 10:28 AM, Ted Yu  wrote:
> 
>> According to https://spark.apache.org/docs/latest/security.html#web-ui , web 
>> UI is covered.
>> 
>> FYI
>> 
>> On Thu, Jan 7, 2016 at 6:35 AM, Kostiantyn Kudriavtsev 
>>  wrote:
>> hi community,
>> 
>> do I understand correctly that spark.ui.filters property sets up filters 
>> only for jobui interface? is it any way to protect spark web ui in the same 
>> way?
>> 
> 
>

Re: spark ui security

2016-01-07 Thread Ted Yu 
Without kerberos you don't have true security.

Cheers

On Thu, Jan 7, 2016 at 1:56 PM, Kostiantyn Kudriavtsev <
kudryavtsev.konstan...@gmail.com> wrote:

> can I do it without kerberos and hadoop?
> ideally using filters as for job UI
>
> On Jan 7, 2016, at 1:22 PM, Prem Sure  wrote:
>
> you can refer more on https://searchcode.com/codesearch/view/97658783/
>
> https://github.com/apache/spark/blob/master/core/src/main/scala/org/apache/spark/SecurityManager.scala
>
> spark.authenticate = true
> spark.ui.acls.enable = true
> spark.ui.view.acls = user1,user2
> spark.ui.filters =
> org.apache.hadoop.security.authentication.server.AuthenticationFilter
>
> spark.org.apache.hadoop.security.authentication.server.AuthenticationFilter.params="type=kerberos,kerberos.principal=HTTP/mybox@MYDOMAIN
> ,kerberos.keytab=/some/keytab"
>
>
>
>
> On Thu, Jan 7, 2016 at 10:35 AM, Kostiantyn Kudriavtsev <
> kudryavtsev.konstan...@gmail.com> wrote:
>
>> I’m afraid I missed where this property must be specified? I added it to
>> spark-xxx.conf which is basically configurable per job, so I assume to
>> protect WebUI the different place must be used, isn’t it?
>>
>> On Jan 7, 2016, at 10:28 AM, Ted Yu  wrote:
>>
>> According to https://spark.apache.org/docs/latest/security.html#web-ui ,
>> web UI is covered.
>>
>> FYI
>>
>> On Thu, Jan 7, 2016 at 6:35 AM, Kostiantyn Kudriavtsev <
>> kudryavtsev.konstan...@gmail.com> wrote:
>>
>>> hi community,
>>>
>>> do I understand correctly that spark.ui.filters property sets up
>>> filters only for jobui interface? is it any way to protect spark web ui in
>>> the same *way?*
>>>
>>
>>
>>
>
>

Re: spark ui security

2016-01-07 Thread Kostiantyn Kudriavtsev 
I know, but I need only to hide/protect web ui at least with servlet/filter api 

On Jan 7, 2016, at 4:59 PM, Ted Yu  wrote:

> Without kerberos you don't have true security.
> 
> Cheers
> 
> On Thu, Jan 7, 2016 at 1:56 PM, Kostiantyn Kudriavtsev 
>  wrote:
> can I do it without kerberos and hadoop?
> ideally using filters as for job UI
> 
> On Jan 7, 2016, at 1:22 PM, Prem Sure  wrote:
> 
>> you can refer more on https://searchcode.com/codesearch/view/97658783/
>> https://github.com/apache/spark/blob/master/core/src/main/scala/org/apache/spark/SecurityManager.scala
>> 
>> spark.authenticate = true
>> spark.ui.acls.enable = true
>> spark.ui.view.acls = user1,user2
>> spark.ui.filters = 
>> org.apache.hadoop.security.authentication.server.AuthenticationFilter
>> spark.org.apache.hadoop.security.authentication.server.AuthenticationFilter.params="type=kerberos,kerberos.principal=HTTP/mybox@MYDOMAIN,kerberos.keytab=/some/keytab"
>> 
>> 
>> 
>> 
>> On Thu, Jan 7, 2016 at 10:35 AM, Kostiantyn Kudriavtsev 
>>  wrote:
>> I’m afraid I missed where this property must be specified? I added it to 
>> spark-xxx.conf which is basically configurable per job, so I assume to 
>> protect WebUI the different place must be used, isn’t it?
>> 
>> On Jan 7, 2016, at 10:28 AM, Ted Yu  wrote:
>> 
>>> According to https://spark.apache.org/docs/latest/security.html#web-ui , 
>>> web UI is covered.
>>> 
>>> FYI
>>> 
>>> On Thu, Jan 7, 2016 at 6:35 AM, Kostiantyn Kudriavtsev 
>>>  wrote:
>>> hi community,
>>> 
>>> do I understand correctly that spark.ui.filters property sets up filters 
>>> only for jobui interface? is it any way to protect spark web ui in the same 
>>> way?
>>> 
>> 
>> 
> 
>