Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

How to not allow users to access YARN resources? Like launching spark jobs..

Highlighted

How to not allow users to access YARN resources? Like launching spark jobs..

Explorer

I tried to blacklist users by putting them in banned users( YARN Configuration->Banned Users List) list but it didn't work. 

 

How can I do this in a kerberos enabled cluster?

 

By this, I mean the banning the users from accessing HDFS directories, running spark jobs etc.

5 REPLIES 5

Re: How to not allow users to access YARN resources? Like launching spark jobs..

Super Collaborator

For YARN you can setup ACL's on the queues. It is a allow the user/group on the list, not block the user/group on the list.

For HDFS you also have ACL's which is completely separate and works just like any other file system.

 

Wilfred

Re: How to not allow users to access YARN resources? Like launching spark jobs..

Explorer

Hi Wilfred,

 

Can you let me know how I can setup ACL's on the queues for YARN?

 

Thanks.

Re: How to not allow users to access YARN resources? Like launching spark jobs..

Super Collaborator

It depends on the scheduler you are using. It is here for the Fair Scheduler and here for the Capacity Scheduler. Check for the ACL descriptions on the page.

Both acls have the same format "user,... group,..." (space between user and group list which are separated by commas).

 

Wilfred

 

Re: How to not allow users to access YARN resources? Like launching spark jobs..

Explorer

Thanks for your reply.

 

My intention here is to not allow any users to run spark jobs for example. Since spark runs on Yarn, my assumption was giving only few users access will help secure my cluster and prevent everyone from submitting spark jobs.

 

But even though I set the ACL's , any user is able to submit spark jobs.

 

Any help on how to solve?

 

Thanks, your help is much appreciated.

Re: How to not allow users to access YARN resources? Like launching spark jobs..

Super Collaborator

Make sure you have an ACL set on the root queue also. ACL's are checked up the tree. If you have access to the parent queue you have access to anything below that. You can not have a * (star) anywhere in the tree.

Also check the admin ACL.

 

Wilfred