[
https://issues.apache.org/jira/browse/YARN-4997?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15454117#comment-15454117
]
Tao Jie commented on YARN-4997:
-------------------------------
Thank you for your comments, [~kasha].
{quote}
Noticed there is QueueACL is mapreduce code as well that can be dropped
altogether? e.g. mapred QueueManager, many parts (all of?) QueueACL etc. Can we
file a follow-up JIRA to drop all of that?
{quote}
I am not sure if such code in mapred.QueueMananger still works today. I prefer
to clean up those mapreduce code in another JIRA.
{quote}
onReload: Is there a need to lock the scheduler when setting permissions? Would
it be okay to limit the synchronized block to whatever was synchronized before?
{quote}
Have disscussed with [~templedf], synchronized block added here is to avoid
findbugs warning. Actually I will be glad to remove redundant lock here.
{quote}
In setQueueAcls, we seem to initially set to default permissions and then
"overwrite" it with final permissions. Is the first one necessary? I quickly
looked at implementation of ConfiguredAuthorizationProvider, setPermission's
semantics appear to be somewhere between append and overwrite. If it is append,
may be we should change that name to addPermission?
{quote}
I also feel a little confused about semantics of {{setPermission}}. However
this abstract method is introduced by YARN-3100, and I'm not sure
{{setPermission}} has implemented in Ranger or Sentry. I prefer to keep
{{setPermission}} here as CapacityScheduler does to keep compatibility. Maybe
we could refactor it in another JIRA, (maybe could separate {{setPermission}}
to {{setPermission}}, {{addPermission}}, {{removePermission}},
{{clearPermission}}). Does it make sense?
And I will update this patch soon.
> Update fair scheduler to use pluggable auth provider
> ----------------------------------------------------
>
> Key: YARN-4997
> URL: https://issues.apache.org/jira/browse/YARN-4997
> Project: Hadoop YARN
> Issue Type: Improvement
> Components: fairscheduler
> Affects Versions: 2.8.0
> Reporter: Daniel Templeton
> Assignee: Tao Jie
> Attachments: YARN-4997-001.patch, YARN-4997-002.patch,
> YARN-4997-003.patch, YARN-4997-004.patch, YARN-4997-005.patch,
> YARN-4997-006.patch, YARN-4997-007.patch
>
>
> Now that YARN-3100 has made the authorization pluggable, it should be
> supported by the fair scheduler. YARN-3100 only updated the capacity
> scheduler.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org
