vpruthi/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
doc-exports/docs/mrs/component-operation-guide/mrs_01_1963.html
Yang, Tong 6182f91ba8 MRS component operation guide_normal 2.0.38.SP20 version 
Reviewed-by: Hasko, Vladimir <vladimir.hasko@t-systems.com>
Co-authored-by: Yang, Tong <yangtong2@huawei.com>
Co-committed-by: Yang, Tong <yangtong2@huawei.com>
2022-12-09 14:55:21 +00:00

96 lines
13 KiB
HTML
Raw Blame History

<a name="mrs_01_1963"></a><a name="mrs_01_1963"></a>
<h1 class="topictitle1">Configuring Spark2x Web UI ACLs</h1>
<div id="body1595920207452"><div class="section" id="mrs_01_1963__s32fa4227f818472ca1401bf81446d589"><h4 class="sectiontitle">Scenario</h4><p id="mrs_01_1963__a52bfa25a34044a83a7700004394414a7">Users need to implement security protection for Spark2x web UI when some data on the UI cannot be viewed by other users. Once a user attempts to log in to the UI, Spark2x can check the view ACL of the user to determine whether to allow the user to access the UI.</p>
<p id="mrs_01_1963__a6f3bfa05fb6a444ba47204649d94d501">Spark2x has two types of web UI. One is for running tasks. You can access the web UI using the application link on the native Yarn page or the REST APIs. The other one is for ended tasks. You can access the web UI using the Spark2x JobHistory service or the REST APIs.</p>
<div class="note" id="mrs_01_1963__note34102059125212"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="mrs_01_1963__p124111459185212">This section applies only to clusters in security mode (with Kerberos authentication enabled).</p>
</div></div>
<ul id="mrs_01_1963__u104d58c2b2614dea8d6d4b620383b7e0"><li id="mrs_01_1963__laaed71f688644e3b883a871b3972397e">Configuring the ACL of the web UI for running tasks<p id="mrs_01_1963__a7460669eda284852966222f78c20ee2a"><a name="mrs_01_1963__laaed71f688644e3b883a871b3972397e"></a><a name="laaed71f688644e3b883a871b3972397e"></a>For a running task, you can set the following parameters on the server:</p>
<ul id="mrs_01_1963__u19846c76b0df49c3aab80b7635a6aa31"><li id="mrs_01_1963__l70a0df91bee34a41aec12951a4813736"><span class="parmname" id="mrs_01_1963__pecbacc0a3a264de7ad3979997c3b8f45"><b>spark.admin.acls</b></span>: specifies the web UI administrator list.</li><li id="mrs_01_1963__l400c3dcf62534106aee79da297faa552"><strong id="mrs_01_1963__b26008417915723">spark.admin.acls.groups</strong>: specifies the administrator group list.</li><li id="mrs_01_1963__lc25e9647adc1458d93de2a8cd57a20fe"><strong id="mrs_01_1963__b27371634171513">spark.ui.view.acls</strong>: specifies the Yarn page visitor list.</li><li id="mrs_01_1963__lf6521e8bc89c4e478521cdf6d0e6815e"><strong id="mrs_01_1963__b157916117115723">spark.modify.acls.groups</strong>: specifies the Yarn page visitor group list.</li><li id="mrs_01_1963__lf9c2b619b09349be9019cbc2f55af3ab"><span class="parmname" id="mrs_01_1963__p627e215c69a44bb2a7f51ede9395c48a"><b>spark.modify.acls</b></span>: specifies the web UI modifier list.</li><li id="mrs_01_1963__l6f7ca240a39a478fa099db15f2130294"><strong id="mrs_01_1963__b15411642315723">spark.ui.view.acls.groups</strong>: specifies the web UI modifier group list.</li></ul>
</li></ul>
<ul id="mrs_01_1963__ue0cbc3ebbbac41639abc173e604f90f8"><li id="mrs_01_1963__le58bac23ab3b43f68ac1c79d3fa5af20">Configuring the ACL of the web UI for ended tasks<p id="mrs_01_1963__abe7caa6997724720ae355cd98950835a"><a name="mrs_01_1963__le58bac23ab3b43f68ac1c79d3fa5af20"></a><a name="le58bac23ab3b43f68ac1c79d3fa5af20"></a>For ended tasks, use client parameter <strong id="mrs_01_1963__b16444112451620">spark.history.ui.acls.enable</strong> to enable or disable the ACL access permission.</p>
<p id="mrs_01_1963__a3cb8c67acaa840cc8288284ddaedb927">If ACL control is enabled, configure client parameters <strong id="mrs_01_1963__b21499116615723">spark.admin.acls</strong> and <strong id="mrs_01_1963__b132683532215723">spark.admin.acls.groups</strong> to specify the web UI administrator list and administrator group list. Use client parameters <strong id="mrs_01_1963__b112272948215723">spark.ui.view.acls</strong> and <strong id="mrs_01_1963__b77079913115723">spark.modify.acls.groups</strong> to specify the visitor list and visitor group list that view web UI task details. Use client parameters <strong id="mrs_01_1963__b63129495415723">spark.modify.acls</strong> and <strong id="mrs_01_1963__b117275829015723">spark.ui.view.acls.groups</strong> to specify the visitor list and group list that modify web UI task details.</p>
</li></ul>
</div>
<div class="section" id="mrs_01_1963__s7774b9f57bd54f17ae3c46a93eeb694b"><h4 class="sectiontitle">Configuration</h4><p id="mrs_01_1963__a75333a8db72b4600adde33ea06d571e5">Log in to FusionInsight Manager, choose <strong id="mrs_01_1963__b5847359178">Cluster &gt; <em id="mrs_01_1963__i147833519178">Name of the desired cluster</em> &gt; Services &gt; Spark2x &gt; Configurations</strong>, click <strong id="mrs_01_1963__b118510354173">All Configurations</strong>, search for <strong id="mrs_01_1963__b9861335101718">acl</strong>, and modify the following parameters on the JobHistory, JDBCServer, SparkResource, and Spark pages.</p>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="mrs_01_1963__t18af5fbd3aeb4bda8d13de81ed31f812" frame="border" border="1" rules="all"><caption><b>Table 1 </b>Parameter description</caption><thead align="left"><tr id="mrs_01_1963__r74395b638f4442e3aab246ff89b4f414"><th align="left" class="cellrowborder" valign="top" width="27.30726927307269%" id="mcps1.3.2.3.2.4.1.1"><p id="mrs_01_1963__a1f516e63d9e642069c06eb1b4f809563"><strong id="mrs_01_1963__a744ab93a07754850a5f6c727a33e62e1">Parameter</strong></p>
</th>
<th align="left" class="cellrowborder" valign="top" width="49.54504549545046%" id="mcps1.3.2.3.2.4.1.2"><p id="mrs_01_1963__af9566f38e89e419f83b61605b532f7ad"><strong id="mrs_01_1963__a6645dddca1604ff3a7c65c302142e2da">Description</strong></p>
</th>
<th align="left" class="cellrowborder" valign="top" width="23.147685231476853%" id="mcps1.3.2.3.2.4.1.3"><p id="mrs_01_1963__ac817ca09e627493cb99f5b57d2943bd6"><strong id="mrs_01_1963__adff60dc7bdc24a8aaa6c1b5c6630331e">Default Value</strong></p>
</th>
</tr>
</thead>
<tbody><tr id="mrs_01_1963__rd52556c4569841b3a5e5a2ebdfcb3b56"><td class="cellrowborder" valign="top" width="27.30726927307269%" headers="mcps1.3.2.3.2.4.1.1 "><p id="mrs_01_1963__a8730576580684096ade68e478ed89676">spark.history.ui.acls.enable</p>
</td>
<td class="cellrowborder" valign="top" width="49.54504549545046%" headers="mcps1.3.2.3.2.4.1.2 "><p id="mrs_01_1963__en-us_topic_0085589585_p588669114532">Indicates whether JobHistory supports the permission verification of a single task.</p>
</td>
<td class="cellrowborder" valign="top" width="23.147685231476853%" headers="mcps1.3.2.3.2.4.1.3 "><p id="mrs_01_1963__a127d9457c2354fe4a7bec8540121af54">true</p>
</td>
</tr>
<tr id="mrs_01_1963__rf534b3c540af486495ea96f84d00a611"><td class="cellrowborder" valign="top" width="27.30726927307269%" headers="mcps1.3.2.3.2.4.1.1 "><p id="mrs_01_1963__a212f39c527724100ad10bcb2b85d841a">spark.acls.enable</p>
</td>
<td class="cellrowborder" valign="top" width="49.54504549545046%" headers="mcps1.3.2.3.2.4.1.2 "><p id="mrs_01_1963__afb41ff2ed61c4b55aeb09c23e09aafc6">Indicates whether to enable Spark permission management.</p>
<p id="mrs_01_1963__a20ef86b2bd394275b8cf9a4ba1804313">If this function is enabled, the system checks whether the user has the permission to access and modify task information.</p>
</td>
<td class="cellrowborder" valign="top" width="23.147685231476853%" headers="mcps1.3.2.3.2.4.1.3 "><p id="mrs_01_1963__a037c12ec9a8e4344b2f9402486b8d871">true</p>
</td>
</tr>
<tr id="mrs_01_1963__rf06831f12ff947a7840fb31bb28dbcc3"><td class="cellrowborder" valign="top" width="27.30726927307269%" headers="mcps1.3.2.3.2.4.1.1 "><p id="mrs_01_1963__a5bf8f7530faa4490a7b3f4d759d37b1d">spark.admin.acls</p>
</td>
<td class="cellrowborder" valign="top" width="49.54504549545046%" headers="mcps1.3.2.3.2.4.1.2 "><p id="mrs_01_1963__a8bfecb91e36f4722a805b045ecd1155d">Indicates the list of Spark administrators. All members in the list have the rights to manage all Spark tasks. You can configure multiple administrators and separate them from each other using commas (,).</p>
</td>
<td class="cellrowborder" valign="top" width="23.147685231476853%" headers="mcps1.3.2.3.2.4.1.3 "><p id="mrs_01_1963__ab14565a2d9c94dc3b3af18784bb309a1">admin</p>
</td>
</tr>
<tr id="mrs_01_1963__re2e73b4fe63e4eb886315e35ba1d6217"><td class="cellrowborder" valign="top" width="27.30726927307269%" headers="mcps1.3.2.3.2.4.1.1 "><p id="mrs_01_1963__a760d852580b74a43a942d8e7016d7792">spark.admin.acls.groups</p>
</td>
<td class="cellrowborder" valign="top" width="49.54504549545046%" headers="mcps1.3.2.3.2.4.1.2 "><p id="mrs_01_1963__aba15ad741b3141ada19d665f8696c8d1">Indicates the list of Spark administrator groups. All groups in the list have the permission to manage all Spark tasks. You can configure multiple administrator groups and separate them from each other using commas (,).</p>
</td>
<td class="cellrowborder" valign="top" width="23.147685231476853%" headers="mcps1.3.2.3.2.4.1.3 "><p id="mrs_01_1963__a3d3cd2933fca4963a41eacb672bf72f6">-</p>
</td>
</tr>
<tr id="mrs_01_1963__r5b6b4faae9da4317bcee55a009f5d7f8"><td class="cellrowborder" valign="top" width="27.30726927307269%" headers="mcps1.3.2.3.2.4.1.1 "><p id="mrs_01_1963__a153010fe5dbb4545a9b1aa7cd27c3508">spark.modify.acls</p>
</td>
<td class="cellrowborder" valign="top" width="49.54504549545046%" headers="mcps1.3.2.3.2.4.1.2 "><p id="mrs_01_1963__af1159cb881d84169879eb46aae64f9f0">Indicates the list of members that have the permission to modify Spark tasks. By default, the user who starts a task has the permission to modify the task. You can configure multiple users and separate them from each other using commas (,).</p>
</td>
<td class="cellrowborder" valign="top" width="23.147685231476853%" headers="mcps1.3.2.3.2.4.1.3 "><p id="mrs_01_1963__a927eb1ee79854432b223acd1703a2bab">-</p>
</td>
</tr>
<tr id="mrs_01_1963__ra8de0c8bb93a44bcb3543d9aae2fe546"><td class="cellrowborder" valign="top" width="27.30726927307269%" headers="mcps1.3.2.3.2.4.1.1 "><p id="mrs_01_1963__a99d5508e5c1a44f6bd006caae03be124">spark.modify.acls.groups</p>
</td>
<td class="cellrowborder" valign="top" width="49.54504549545046%" headers="mcps1.3.2.3.2.4.1.2 "><p id="mrs_01_1963__a98c4d9a027d9493b808253f143713a91">Indicates the list of groups that have the permission to modify Spark tasks. You can configure multiple groups and separate them from each other using commas (,).</p>
</td>
<td class="cellrowborder" valign="top" width="23.147685231476853%" headers="mcps1.3.2.3.2.4.1.3 "><p id="mrs_01_1963__a666d9bab186a4302a9448fd849310dc7">-</p>
</td>
</tr>
<tr id="mrs_01_1963__rd5b976446214423ab0b2279db4a4537b"><td class="cellrowborder" valign="top" width="27.30726927307269%" headers="mcps1.3.2.3.2.4.1.1 "><p id="mrs_01_1963__a6dabef1c1c26409d9e8dc8d21f763772">spark.ui.view.acls</p>
</td>
<td class="cellrowborder" valign="top" width="49.54504549545046%" headers="mcps1.3.2.3.2.4.1.2 "><p id="mrs_01_1963__a8d4e9cdfac1c4e1a978c51a2542cf5ba">Indicates the list of members that have the permission to access Spark tasks. By default, the user who starts a task has the permission to modify the task. You can configure multiple users and separate them from each other using commas (,).</p>
</td>
<td class="cellrowborder" valign="top" width="23.147685231476853%" headers="mcps1.3.2.3.2.4.1.3 "><p id="mrs_01_1963__a6114f61af34247e89b0b11801d703fb4">-</p>
</td>
</tr>
<tr id="mrs_01_1963__rcda06bf50c6d4c12b4204b5be734e782"><td class="cellrowborder" valign="top" width="27.30726927307269%" headers="mcps1.3.2.3.2.4.1.1 "><p id="mrs_01_1963__a5b2429f2781244e9b4b6eaa5dd8970f0"></p>
<p id="mrs_01_1963__a9a67ab81c9c348d182a3e58425954e87">spark.ui.view.acls.groups</p>
</td>
<td class="cellrowborder" valign="top" width="49.54504549545046%" headers="mcps1.3.2.3.2.4.1.2 "><p id="mrs_01_1963__a3c92aa8f4f7343b3ad64981446c96e62">Indicates the list of groups that have the permission to access Spark tasks. You can configure multiple groups and separate them from each other using commas (,).</p>
</td>
<td class="cellrowborder" valign="top" width="23.147685231476853%" headers="mcps1.3.2.3.2.4.1.3 "><p id="mrs_01_1963__a9c389ad5ae27430aad0a2040c3de1e63">-</p>
</td>
</tr>
</tbody>
</table>
</div>
<div class="note" id="mrs_01_1963__n0ba3da7a98444611a4487f5db4536ccb"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="mrs_01_1963__a29465266dfa7492fb8d224a77585af9a">If you use a client to submit tasks, you must download the client again after modifying the <strong id="mrs_01_1963__b43048138015723">spark.admin.acls</strong>, <strong id="mrs_01_1963__b83946295815723">spark.admin.acls.groups</strong>, <strong id="mrs_01_1963__b192331993215723">spark.modify.acls</strong>, <strong id="mrs_01_1963__b144680351515723">spark.modify.acls.groups</strong>, <strong id="mrs_01_1963__b19651651915723">spark.ui.view.acls</strong>, and <strong id="mrs_01_1963__b189197612715723">spark.ui.view.acls.groups</strong> parameters. </p>
</div></div>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="mrs_01_1941.html">Scenario-Specific Configuration</a></div>
</div>
</div>
View Git Blame Copy Permalink