Support Questions

Find answers, ask questions, and share your expertise
Announcements
Celebrating as our community reaches 100,000 members! Thank you!

How to assigned capacity scheduler queue based on AD group.

avatar
Guru

HI,

I have a requirement where we have to assign our CS queues based on ad groups.

For example our ad users are using cluster and running jobs under defined queue but I want that is there any way to configure their AD group with queue so that each member of that queue will go only to a specific queue.

1 ACCEPTED SOLUTION

avatar
Master Mentor
@Saurabh Kumar[root@phdns02 scripts]# id neeraj

uid=29800018(neeraj) gid=29800018(neeraj) groups=29800018(neeraj),29800017(hdpadmin)

[root@phdns02 scripts]#

See this

View solution in original post

17 REPLIES 17

avatar
Guru

@Neeraj Sabharwal: Thanks a lot for your testing.

I see you have tested it for a unix user(neeraj) who is part of a unix group(hdpadmin).Which is working fine for me.

But my requirement is we have some users where they don't connect to server,they directly use some tools (like Aqua Data Studio or SQL client or Teradata client) and we validate them by login to our cluster by their LDAP(active directory) with jdbc string or though beeline.

And when they submit their job then they have to set property mapred.job.queue.name and run their jobs.

So my point is can we configure CS view for ldap or AD groups as well ?

I tried it for groups but getting below error. But when I tried for user specific then it is working(as expected)

g:adhdpadm:batch

ERROR : Failed to execute tez graph.

org.apache.tez.dag.api.TezException: org.apache.hadoop.yarn.exceptions.YarnException: Failed to submit application_1455533826426_0025 to YARN : Failed to submit application application_1455533826426_0025 submitted by user saurkuma reason: No groups found for user saurkuma

u:saurkuma:batch: working

avatar
Master Mentor

@Saurabh Kumar Give me output of id saurkuma

avatar
Master Mentor

@Saurabh Kumar

You are incorrect. User neeraj and group hdpadmin is not in UNIX. It's in AD

Look at my comments carefully 🙂

Output of /etc/group and /etc/passwd

avatar
Guru

@Neeraj Sabharwal: It might be that same user neeraj is also part of Unix and AD. So thats why it is working. But in my case we have do not have same user in unix group.

please find the below output.

[s0998dnz@*********001 ~]$ id saurkuma

id: saurkuma: No such user

avatar
Master Mentor

@Saurabh Kumar

No , neeraj and group is in AD

You can see the output

Also, you need to look into syncing up your server with ad

Use nslcd or sssd

avatar
Master Mentor

@Saurabh Kumar following up on this.

user neeraj and group hdpadmin is in LDAP

they dont exists in /etc/passwd and /etc/group

2250-screen-shot-2016-02-19-at-70559-am.png

2251-screen-shot-2016-02-19-at-70443-am.png

avatar
Guru

@Neeraj Sabharwal: Today I noticed that it is not working as I don't have sssd running and it is not configured also. And I feel it is mandatory for group mapping with hdfs.

I tried to configure sssd with ldap but did not get success, so I need your hep to configure sssd, do you have any doc or instruction to do that ?