- Subscribe to RSS Feed
- Mark Question as New
- Mark Question as Read
- Float this Question for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Is there any way to disable "kill application" button to Resource Manager's Web UI ?
- Labels:
-
Cloudera Manager
Created ‎02-02-2016 07:37 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Friends,
Is there any way to disable "kill application" button to Resource Manager's Web UI ?
Thanks in advance.
Created ‎02-21-2016 11:30 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@Ancil McBarnett @Benjamin Leonhardi @Jonas Straub: I have successfully disabled "kill Application" button by adding below property to yarn-site.xml.
yarn.resourcemanager.webapp.ui-actions.enabled= false.
For more detailed steps you can refer to below link .
Created ‎02-02-2016 08:06 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Good question. I don't think there is a way to disable the "kill application" button.
Perhaps if a user is granted read only permission to the Dashboard in Ambari -> Manage Ambari, he might be unable to do so, but I also see that even a read only user can access the RM UI. So the only way is to not give that user any permission to the dashboard or to the RM UI via Knox secured by Ranger.
Perhaps someone else has a better answer.
Created ‎02-02-2016 09:52 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I think there are different options.
You can enable HTTP authentication using SPNEGO and kerberos for the web uis
https://hadoop.apache.org/docs/current/hadoop-project-dist/hadoop-common/HttpAuthentication.html
( Problem is that Spnego is a bit finicky since the computers running the web browser need to be in the kerberos realm )
And you can disable administration of queues for specific users and groups. I.e. only allow a specific subgroup of users to kill applications.
Is your cluster kerberized?
Created ‎02-02-2016 11:16 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Regarding spnego authentication, also see this http://docs.hortonworks.com/HDPDocuments/Ambari-2.1.2.1/bk_Ambari_Security_Guide/content/ch_enable_s...
Created ‎02-03-2016 05:56 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Benjamin,
Thanks for your reply. And no we do not have kerbaros in our cluster. We are just using knox and ranger.
Created ‎02-03-2016 10:11 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
In that case you cannot use SPNEGO. But you might be able to stop users from administering queues. (killing applications ). I have seen these settings not working on a non-kerberized cluster but it might have been a bug.
Created ‎02-21-2016 11:30 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@Ancil McBarnett @Benjamin Leonhardi @Jonas Straub: I have successfully disabled "kill Application" button by adding below property to yarn-site.xml.
yarn.resourcemanager.webapp.ui-actions.enabled= false.
For more detailed steps you can refer to below link .
Created ‎02-21-2016 11:31 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
That is cool, I didn't find it in the original JIRA patch weird.
Created ‎02-21-2016 11:30 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@Ancil McBarnett @Benjamin Leonhardi @Jonas Straub: I have successfully disabled "kill Application" button by adding below property to yarn-site.xml.
yarn.resourcemanager.webapp.ui-actions.enabled= false.
For more detailed steps you can refer to below link .
