[ https://issues.apache.org/jira/browse/YARN-3895?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16336059#comment-16336059 ]
Rohith Sharma K S commented on YARN-3895: ----------------------------------------- bq. If desired this could be changed from a read-time lookup to a write-time lookup I vaguely remember that decision made for improving write performance is not to do additional look up to backend from collectors. bq. The collector could then cache these ACL IDs so very few writes would require a lookup. This is one of the option we were discussing but currently fault tolerance for collectors are not there. IAC, NM restart will loose cached ACLs. To recover this, collectors need to read from back end which complexity increase from collectors. Currently collectors are write only module. May be only ACLs details can be stored in LocalFS and recovered. However, if NM node is lost new AM will be launched and new set of ACLs are written from AM. bq. what's the plan to update ACLs after the application completed? We discussed this bit and thought to introduce new REST end point in TimelineReader for update ACLs for completed applications. This could be performed only by TimelineReader admin. As far as Acls story is concerned we kept this as low priority. bq. Isn't this essentially sending the ACLs on most posts? If we need to avoid HBase double lookups on reads then the ACL has to be in the entity row data, correct? Its true that most of the time new entities like vertex, vertex-attempts are published. Keeping ACLs in row key in existing hbase tables such as entity_table or sub__application_table increases complexities of building row key at write and read time. Currently these tables has combination of 5-7 keys. I would be lenient for double look up at read time than keeping ACLs details in row key. > Support ACLs in ATSv2 > --------------------- > > Key: YARN-3895 > URL: https://issues.apache.org/jira/browse/YARN-3895 > Project: Hadoop YARN > Issue Type: Sub-task > Components: timelineserver > Affects Versions: YARN-2928 > Reporter: Varun Saxena > Assignee: Varun Saxena > Priority: Major > Labels: YARN-5355 > > This JIRA is to keep track of authorization support design discussions for > both readers and collectors. -- This message was sent by Atlassian JIRA (v7.6.3#76005) --------------------------------------------------------------------- To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org