Reply
Explorer
Posts: 62
Registered: ‎01-22-2014

ACLs not working in Capacity Scheduler in CDH5(YARN)

 

ACLs is not wroking in Capacity Scheduler in CDH-5. Please see the below config. Only user1 and user2 should be able to queue2 and queue1 but all users are able to access all queues.

 

 

Let me know if there is a solution

 

<?xml version="1.0"?>
<configuration>
  <property>
    <name>yarn.scheduler.capacity.root.queues</name>
    <value>batch,default</value>
  </property>
  <property>
    <name>yarn.scheduler.capacity.root.batch.queues</name>
    <value>queue1,queue2</value>
  </property>
  <property>
    <name>yarn.scheduler.capacity.root.batch.capacity</name>
    <value>80</value>
  </property>
  <property>
    <name>yarn.scheduler.capacity.root.default.capacity</name>
    <value>20</value>
  </property>
  <property>
    <name>yarn.scheduler.capacity.root.batch.queue1.capacity</name>
    <value>70</value>
  </property>
  <property>
    <name>yarn.scheduler.capacity.root.batch.queue2.capacity</name>
    <value>30</value>
  </property>
  <property>
    <name>yarn.scheduler.capacity.root.batch.queue1.acl_submit_applications</name>
    <value>user1</value>
  </property>
  <property>
    <name>yarn.scheduler.capacity.root.batch.queue2.acl_submit_applications</name>
    <value>user2</value>
  </property>
  <property>
    <name>yarn.scheduler.capacity.root.batch.queue1.acl_administer_queue</name>
    <value>*</value>
  </property>
  <property>
    <name>yarn.scheduler.capacity.root.batch.queue2.acl_administer_queue</name>
    <value>*</value>
  </property>
  <property>
    <name>yarn.scheduler.capacity.maximum-applications</name>
    <value>20000</value>
  </property> 
</configuration>

 

Highlighted
Posts: 1,770
Kudos: 389
Solutions: 285
Registered: ‎07-31-2013

Re: ACLs not working in Capacity Scheduler in CDH5(YARN)

You're granting everyone (*) administrative access to the queues, which overrides the submit-applications ACL and invalidates it.
Announcements