[jira] [Commented] (YARN-2435) Capacity scheduler should only allow Kill Application Requests from ADMINISTER_QUEUE users

Thu, 21 Aug 2014 10:36:12 -0700 

    [ 
https://issues.apache.org/jira/browse/YARN-2435?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14105649#comment-14105649
 ] 

Amir Mal commented on YARN-2435:
--------------------------------

Thank you Varun, 
You're right I missed the yarn.admin.acl setting.

After setting the  yarn.acl.enable (to true) and  yarn.admin.acl (to yarn), it 
now behaves as expected.


Maybe It's worth mentioning that in the 
[CapacityScheduler|http://hadoop.apache.org/docs/r2.4.1/hadoop-yarn/hadoop-yarn-site/CapacityScheduler.html]
 doc page

> Capacity scheduler should only allow Kill Application Requests from 
> ADMINISTER_QUEUE users
> ------------------------------------------------------------------------------------------
>
>                 Key: YARN-2435
>                 URL: https://issues.apache.org/jira/browse/YARN-2435
>             Project: Hadoop YARN
>          Issue Type: Bug
>          Components: capacityscheduler
>    Affects Versions: 2.5.0, 2.4.1
>         Environment: Red Hat Enterprise Linux Server release 6.4 (Santiago);  
> Linux 2.6.32-358.el6.x86_64 GNU/Linux; 
> $JAVA_HOME/bin/java -version
> java version "1.7.0_55"
> OpenJDK Runtime Environment (rhel-2.4.7.1.el6_5-x86_64 u55-b13)
> OpenJDK 64-Bit Server VM (build 24.51-b03, mixed mode)
>            Reporter: Amir Mal
>
> A user without ADMINISTER_QUEUE privilege can kill application from all 
> queues.
> to replicate the bug:
> 1) install cluster with {{yarn.resourcemanager.scheduler.class}} set to 
> org.apache.hadoop.yarn.server.resourcemanager.scheduler.capacity.*CapacityScheduler*
> 2) created 2 users (user1, user2) each belong to a separate group (group1, 
> group2)
> 3) set {{acl_submit_applications}} and {{acl_administer_queue}} of the 
> {{root}} and {{root.default}} queues to group1
> 4) submit job to {{default}} queue by user1
> {quote}
> [user1@htc2n3 ~]$ mapred  queue -showacls
> ...
> Queue acls for user :  user1
> Queue  Operations
> =====================
> root  ADMINISTER_QUEUE,SUBMIT_APPLICATIONS
> default  ADMINISTER_QUEUE,SUBMIT_APPLICATIONS
> [user1@htc2n3 ~]$ yarn  jar 
> /opt/apache/hadoop-2.5.0/share/hadoop/mapreduce/hadoop-mapreduce-examples-2.4.1.jar
>  pi -Dmapreduce.job.queuename=default 4 1000000000
> {quote}
> 5) kill the application by user2
> {quote}
> [user2@htc2n4 ~]$ mapred  queue -showacls
> ...
> Queue acls for user :  user2
> Queue  Operations
> =====================
> root
> default
> [user2@htc2n4 ~]$ yarn application -kill application_1408540602935_0004
> ...
> Killing application application_1408540602935_0004
> 14/08/21 14:37:54 INFO impl.YarnClientImpl: Killed application 
> application_1408540602935_0004
> {quote}



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Reply via email to