Member since
06-10-2015
87
Posts
5
Kudos Received
5
Solutions
My Accepted Solutions
Title | Views | Posted |
---|---|---|
1919 | 04-05-2019 08:46 AM | |
9929 | 01-11-2019 10:51 AM | |
2937 | 10-22-2018 02:58 PM | |
3920 | 04-08-2018 11:14 AM | |
21002 | 06-20-2017 07:30 AM |
04-05-2019
08:46 AM
1 Kudo
Hi Esteban, Our recommendation is to place [username] pools under a parent pool, such as root.users.[username]. This allows you to control overall usage of [username] queues relative to other pools under the root. This way, if you have 3 root level pools: root.production root.adhoc root.users ...you can define appropriate weights at amonst these 3 pools. If you configured root.[username], each user pool will be added with a default share of 1. So, for example, if your initial configuration was: Weight Pool 10 root.production 10 root.adhoc ... root.[username] placement rule In the beginning, root.production and root.adhoc will each have 50% of cluster resources. When the first user runs a job, their subpool is created with a default weight of 1. Weight Pool 10 root.production 10 root.adhoc 1 root.user1 Now imagine that 50 users run a job and 50 new pools are created at the root level with weight of 1. All of the sudden you have weighted resources heavily to the user pools: Weight Pool 10 root.production 10 root.adhoc 50 root.[username] generated pools (with 50 users) So in summary, you may prefer to do something that would limit all users, no matter how many, to a fixed ratio of cluster resources: Weight Pool 10 root.production 10 root.adhoc 10 root.users -> root.users.[username] placement rule Thanks, Nick
... View more
01-25-2019
08:45 AM
1 Kudo
Hi Maziyar, The information I had about user "hue" being used by CM to access YARN API is correct for kerberized clusters, but in your case we know that the cluster is not kerberized and we see "dr.who" is used by CM. Consequently, I think that adding "dr.who" to the aclAdminsterApps property is the only solution for now. I am creating an internal improvement request for Cloudera Manager (CM) to also use the use "hue" if ACLs are turned on in a non-kerberized cluster. That way the behavior will be consistent and will provide some level of restriction on who can administer queues in a non-kerberized environment. EDIT: Internal Improvement JIRA created for CM - look for this change in a future release of CDH (no guarantees, but I hope we implement this change) Nick
... View more
01-21-2019
11:15 AM
Hi Maziyar, I'm digging in to this again. I clearly see messages in the RM log showing "dr.who" is the user accessing the YARN API. I'm researching further so I hopefully can provide the correct answer! Nick
... View more
01-18-2019
08:27 AM
Hi Maziyar, I've found that CM uses the "hue" user to interact with the YARN API, so try changing the root level ACL to be "aclAdministerApps=maziyar,admin,hue", refresh the Dynamic Resource Pool (DRP) configuration, and test if it still resolves the issue for you. This will be much more restricted than using "dr.who" but allow the CM Web UI to function properly. Nick
... View more
01-17-2019
07:52 AM
1 Kudo
Maziyar, I was discussing this issue internally and adding "dr.who" to the adminACL has the side effect of allowing all users to have access, so we don't want that. I know we're on the right track here, we just need to get the correct user or group added to the adminACL for CM. I'm researching and will update as soon as I have the answer! Nick
... View more
01-11-2019
10:51 AM
1 Kudo
Hi Maziyar and Li, You are definitely on the right track here. I see that the top-level root queue has "aclAdministerApps=maziyar,admin", which limits YARN API access to some of the time metrics for the application. If you're not one of these users when you make the API call you won't get correct value returned for: startedTime finishedTime elapsedTime logAggregationStatus amHostHttpAddress usedResources allocatedMB allocatedVCores runningContainers Although you will get some basic application info, so you'll see the application, but metrics will be wrong, just like you report. So, the question is which user is the CM service using to interact with the YARN API. I did some testing and reproduced your issue by limiting the aclAdministerApps property to "yarn". I then found that when I add "dr.who" to aclAdministerApps at the root level, it starts working properly. So, try modifying your root level ACLs to be "aclAdministerApps=maziyar,admin,dr.who", refresh the Dynamic Resource Pool (DRP) configuration, and see if it resolves the issue for you. Nick
... View more
10-22-2018
02:58 PM
The console output is not stored anywhere besides in the CDSW Web UI itself. If the user is executing YARN applications (Spark/Pyspark) then you would have the logs from any YARN containers stored as they normally would be and you could access them via the JobHistory Server Web UI. Any Spark application run in CDSW will be in `--deploy-mode client` which means that the Spark Driver output is in the Web UI only - you have to manually copy it out of there and save in a file for future reference. Nick
... View more
04-08-2018
11:14 AM
Hi Bhavesh, I see that upstream Solr has added this capability via JIRA SOLR-4392. This feature does not exist in the current CDH5.x but will almost certainly be available with CDH6 when that is released. https://issues.apache.org/jira/browse/SOLR-4392 Nick
... View more
02-23-2018
08:59 AM
...and here is a useful blog article: https://blog.cloudera.com/blog/2016/10/how-to-secure-apache-solr-collections-and-access-them-programmatically/
... View more
02-23-2018
08:56 AM
Hi Rick, Did you find this info in Cloudera Search documentation - does this help? https://www.cloudera.com/documentation/enterprise/latest/topics/search_using_kerberos.html Nick
... View more