[jira] [Commented] (YARN-3895) Support ACLs in ATSv2

Tue, 23 Jan 2018 08:55:20 -0800 

    [ 
https://issues.apache.org/jira/browse/YARN-3895?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16336059#comment-16336059
 ] 

Rohith Sharma K S commented on YARN-3895:
-----------------------------------------

bq. If desired this could be changed from a read-time lookup to a write-time 
lookup
I vaguely remember that decision made for improving write performance is not to 
do additional look up to backend from collectors. 

bq. The collector could then cache these ACL IDs so very few writes would 
require a lookup.
This is one of the option we were discussing but currently fault tolerance for 
collectors are not there. IAC, NM restart will loose cached ACLs. To recover 
this, collectors need to read from back end which complexity increase from 
collectors. Currently collectors are write only module. May be only ACLs 
details can be stored in LocalFS and recovered. However, if NM node is lost new 
AM will be launched and new set of ACLs are written from AM. 

bq. what's the plan to update ACLs after the application completed?
We discussed this bit  and thought to introduce new REST end point in 
TimelineReader for update ACLs for completed applications. This could be 
performed only by TimelineReader admin. As far as Acls story is concerned we 
kept this as low priority.

bq. Isn't this essentially sending the ACLs on most posts? If we need to avoid 
HBase double lookups on reads then the ACL has to be in the entity row data, 
correct?
Its true that most of the time new entities like vertex, vertex-attempts are 
published. Keeping ACLs in row key in existing hbase tables such as 
entity_table or sub__application_table increases complexities of building row 
key at  write and read time. Currently these tables  has combination of 5-7 
keys. I would be lenient for double look up at read time than keeping ACLs 
details in row key. 





> Support ACLs in ATSv2
> ---------------------
>
>                 Key: YARN-3895
>                 URL: https://issues.apache.org/jira/browse/YARN-3895
>             Project: Hadoop YARN
>          Issue Type: Sub-task
>          Components: timelineserver
>    Affects Versions: YARN-2928
>            Reporter: Varun Saxena
>            Assignee: Varun Saxena
>            Priority: Major
>              Labels: YARN-5355
>
> This JIRA is to keep track of authorization support design discussions for 
> both readers and collectors. 



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org

Reply via email to