vpruthi/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
doc-exports/docs/mrs/component-operation-guide/mrs_01_0857.html
Yang, Tong 6182f91ba8 MRS component operation guide_normal 2.0.38.SP20 version 
Reviewed-by: Hasko, Vladimir <vladimir.hasko@t-systems.com>
Co-authored-by: Yang, Tong <yangtong2@huawei.com>
Co-committed-by: Yang, Tong <yangtong2@huawei.com>
2022-12-09 14:55:21 +00:00

78 lines
8.2 KiB
HTML
Raw Blame History

<a name="mrs_01_0857"></a><a name="mrs_01_0857"></a>
<h1 class="topictitle1">Configuring Strict Permission Control for Yarn</h1>
<div id="body1590130746687"><div class="section" id="mrs_01_0857__s120de37b27bb429981d1b0b2979b03f4"><h4 class="sectiontitle">Scenario</h4><p id="mrs_01_0857__ac2eb8636e4494acf9ccae66862f33c66">In the multi-tenant scenario in security mode, a cluster can be used by multiple users, and tasks of multiple users can be submitted and executed. Users are invisible to each other. A permission control mechanism is required to prevent task information of users from being obtained by other users.</p>
<p id="mrs_01_0857__a29c16dd031b94c4ba60191096ff46945">For example, if user B logs in to the system and views the application list when the application submitted by user A is running, user B should not be able to view the application information of user A.</p>
</div>
<div class="section" id="mrs_01_0857__sd945f0df09ef45d8800446aa4ce49fd1"><h4 class="sectiontitle">Configuration Description</h4><ul id="mrs_01_0857__ul1981810544138"><li id="mrs_01_0857__li14180184431618">Viewing Yarn configuration parameters<p id="mrs_01_0857__p116375378544"><a name="mrs_01_0857__li14180184431618"></a><a name="li14180184431618"></a>Go to the <strong id="mrs_01_0857__b032125111268">All Configurations</strong> page of Yarn and enter a parameter name list in <a href="#mrs_01_0857__table34313276373">Table 1</a> in the search box by referring to <a href="mrs_01_2125.html">Modifying Cluster Service Configuration Parameters</a>.</p>
<div class="tablenoborder"><a name="mrs_01_0857__table34313276373"></a><a name="table34313276373"></a><table cellpadding="4" cellspacing="0" summary="" id="mrs_01_0857__table34313276373" frame="border" border="1" rules="all"><caption><b>Table 1 </b>Parameter description</caption><thead align="left"><tr id="mrs_01_0857__row94241727163717"><th align="left" class="cellrowborder" valign="top" width="33.67%" id="mcps1.3.2.2.1.2.2.4.1.1"><p id="mrs_01_0857__p164238278371">Parameter</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="47.96%" id="mcps1.3.2.2.1.2.2.4.1.2"><p id="mrs_01_0857__p2423132733715">Description</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="18.37%" id="mcps1.3.2.2.1.2.2.4.1.3"><p id="mrs_01_0857__p11423162716376">Default Value</p>
</th>
</tr>
</thead>
<tbody><tr id="mrs_01_0857__row2042552773711"><td class="cellrowborder" valign="top" width="33.67%" headers="mcps1.3.2.2.1.2.2.4.1.1 "><p id="mrs_01_0857__p194251827113712">yarn.acl.enable</p>
</td>
<td class="cellrowborder" valign="top" width="47.96%" headers="mcps1.3.2.2.1.2.2.4.1.2 "><p id="mrs_01_0857__p1942519279371">Whether to enable Yarn permission control</p>
</td>
<td class="cellrowborder" valign="top" width="18.37%" headers="mcps1.3.2.2.1.2.2.4.1.3 "><p id="mrs_01_0857__p16425727183716">true</p>
</td>
</tr>
<tr id="mrs_01_0857__row8431827203719"><td class="cellrowborder" valign="top" width="33.67%" headers="mcps1.3.2.2.1.2.2.4.1.1 "><p id="mrs_01_0857__p1243122773710">yarn.webapp.filter-entity-list-by-user</p>
</td>
<td class="cellrowborder" valign="top" width="47.96%" headers="mcps1.3.2.2.1.2.2.4.1.2 "><p id="mrs_01_0857__p5431132713372">Whether to enable the strict view function. After this function is enabled, a login user can view only the content that the user has the permission to view. To enable this function, set <strong id="mrs_01_0857__b103325315641330">yarn.acl.enable</strong> to <strong id="mrs_01_0857__b151002093541330">true</strong>.</p>
<div class="note" id="mrs_01_0857__note1843120275374"><span class="notetitle"> NOTE: </span><div class="notebody"><p id="mrs_01_0857__p943115276374">This parameter applies to clusters of MRS 3.<em id="mrs_01_0857__i20714155863015">x</em> or later.</p>
</div></div>
</td>
<td class="cellrowborder" valign="top" width="18.37%" headers="mcps1.3.2.2.1.2.2.4.1.3 "><p id="mrs_01_0857__p104312027143718">true</p>
</td>
</tr>
</tbody>
</table>
</div>
</li></ul>
<ul id="mrs_01_0857__ul29754223162357"><li id="mrs_01_0857__li134491336102019">Viewing MapReduce configuration parameters<div class="p" id="mrs_01_0857__p11832107112117"><a name="mrs_01_0857__li134491336102019"></a><a name="li134491336102019"></a>Go to the <strong id="mrs_01_0857__b631515513116">All Configurations</strong> page of MapReduce and enter a parameter name in <a href="#mrs_01_0857__table183214752115">Table 2</a> in the search box by referring to <a href="mrs_01_2125.html">Modifying Cluster Service Configuration Parameters</a>.
<div class="tablenoborder"><a name="mrs_01_0857__table183214752115"></a><a name="table183214752115"></a><table cellpadding="4" cellspacing="0" summary="" id="mrs_01_0857__table183214752115" frame="border" border="1" rules="all"><caption><b>Table 2 </b>Parameter description</caption><thead align="left"><tr id="mrs_01_0857__row168311270215"><th align="left" class="cellrowborder" valign="top" width="33.67%" id="mcps1.3.2.3.1.1.4.2.4.1.1"><p id="mrs_01_0857__p98316762110">Parameter</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="47.96%" id="mcps1.3.2.3.1.1.4.2.4.1.2"><p id="mrs_01_0857__p083118732112">Description</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="18.37%" id="mcps1.3.2.3.1.1.4.2.4.1.3"><p id="mrs_01_0857__p148311871218">Default Value</p>
</th>
</tr>
</thead>
<tbody><tr id="mrs_01_0857__row15832473214"><td class="cellrowborder" valign="top" width="33.67%" headers="mcps1.3.2.3.1.1.4.2.4.1.1 "><p id="mrs_01_0857__p0831207122110">mapreduce.cluster.acls.enabled</p>
</td>
<td class="cellrowborder" valign="top" width="47.96%" headers="mcps1.3.2.3.1.1.4.2.4.1.2 "><p id="mrs_01_0857__p14832187122111">Whether to enable permission control of MapReduce JobHistoryServer This parameter is a client parameter and takes effect after permission control is enabled on the JobHistoryServer server.</p>
</td>
<td class="cellrowborder" valign="top" width="18.37%" headers="mcps1.3.2.3.1.1.4.2.4.1.3 "><p id="mrs_01_0857__p108326732114">true</p>
</td>
</tr>
<tr id="mrs_01_0857__row583212742115"><td class="cellrowborder" valign="top" width="33.67%" headers="mcps1.3.2.3.1.1.4.2.4.1.1 "><p id="mrs_01_0857__p1983217718219">yarn.webapp.filter-entity-list-by-user</p>
</td>
<td class="cellrowborder" valign="top" width="47.96%" headers="mcps1.3.2.3.1.1.4.2.4.1.2 "><p id="mrs_01_0857__p12874125155417">Whether to enable the strict view of MapReduce JobHistoryServer. After the strict view is enabled, a login user can view only the content that the user has the permission to view. This parameter is a server parameter of JobHistoryServer. It indicates that permission control is enabled for JHS. However, whether to control a specific application is determined by the client parameter <strong id="mrs_01_0857__b18236484236">mapreduce.cluster.acls.enabled</strong>.</p>
<div class="note" id="mrs_01_0857__note15832479214"><span class="notetitle"> NOTE: </span><div class="notebody"><p id="mrs_01_0857__p3832476218">This parameter applies to clusters of MRS 3.<em id="mrs_01_0857__i7446338133314">x</em> or later.</p>
</div></div>
</td>
<td class="cellrowborder" valign="top" width="18.37%" headers="mcps1.3.2.3.1.1.4.2.4.1.3 "><p id="mrs_01_0857__p1983218712116">true</p>
</td>
</tr>
</tbody>
</table>
</div>
<div class="notice" id="mrs_01_0857__note88325718216"><span class="noticetitle"><img src="public_sys-resources/notice_3.0-en-us.png"> </span><div class="noticebody"><p id="mrs_01_0857__p1183213714216">The preceding configurations affect the RESTful API and Shell command results. After the preceding configurations are enabled, the return results of RESTful API calls and shell commands contain only the information that the user has the permission to view.</p>
<p id="mrs_01_0857__p348839105219">If <strong id="mrs_01_0857__b11642184813315">yarn.acl.enable</strong> or <strong id="mrs_01_0857__b14596123360">mapreduce.cluster.acls.enabled</strong> is set to <strong id="mrs_01_0857__b1256151410366">false</strong>, the Yarn or MapReduce permission verification function is disabled. In this case, any user can submit tasks and view task information on Yarn or MapReduce, which poses security risks. Exercise caution when performing this operation.</p>
</div></div>
</div>
</li></ul>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="mrs_01_0851.html">Using Yarn</a></div>
</div>
</div>
View Git Blame Copy Permalink