diff options
author | Thomas Graves <tgraves@apache.org> | 2014-03-06 18:27:50 -0600 |
---|---|---|
committer | Thomas Graves <tgraves@apache.org> | 2014-03-06 18:27:50 -0600 |
commit | 7edbea41b43e0dc11a2de156be220db8b7952d01 (patch) | |
tree | 1e7156df70131660d28994795eb3df2c3fd0a819 /docs/configuration.md | |
parent | 40566e10aae4b21ffc71ea72702b8df118ac5c8e (diff) | |
download | spark-7edbea41b43e0dc11a2de156be220db8b7952d01.tar.gz spark-7edbea41b43e0dc11a2de156be220db8b7952d01.tar.bz2 spark-7edbea41b43e0dc11a2de156be220db8b7952d01.zip |
SPARK-1189: Add Security to Spark - Akka, Http, ConnectionManager, UI use servlets
resubmit pull request. was https://github.com/apache/incubator-spark/pull/332.
Author: Thomas Graves <tgraves@apache.org>
Closes #33 from tgravescs/security-branch-0.9-with-client-rebase and squashes the following commits:
dfe3918 [Thomas Graves] Fix merge conflict since startUserClass now using runAsUser
05eebed [Thomas Graves] Fix dependency lost in upmerge
d1040ec [Thomas Graves] Fix up various imports
05ff5e0 [Thomas Graves] Fix up imports after upmerging to master
ac046b3 [Thomas Graves] Merge remote-tracking branch 'upstream/master' into security-branch-0.9-with-client-rebase
13733e1 [Thomas Graves] Pass securityManager and SparkConf around where we can. Switch to use sparkConf for reading config whereever possible. Added ConnectionManagerSuite unit tests.
4a57acc [Thomas Graves] Change UI createHandler routines to createServlet since they now return servlets
2f77147 [Thomas Graves] Rework from comments
50dd9f2 [Thomas Graves] fix header in SecurityManager
ecbfb65 [Thomas Graves] Fix spacing and formatting
b514bec [Thomas Graves] Fix reference to config
ed3d1c1 [Thomas Graves] Add security.md
6f7ddf3 [Thomas Graves] Convert SaslClient and SaslServer to scala, change spark.authenticate.ui to spark.ui.acls.enable, and fix up various other things from review comments
2d9e23e [Thomas Graves] Merge remote-tracking branch 'upstream/master' into security-branch-0.9-with-client-rebase_rework
5721c5a [Thomas Graves] update AkkaUtilsSuite test for the actorSelection changes, fix typos based on comments, and remove extra lines I missed in rebase from AkkaUtils
f351763 [Thomas Graves] Add Security to Spark - Akka, Http, ConnectionManager, UI to use servlets
Diffstat (limited to 'docs/configuration.md')
-rw-r--r-- | docs/configuration.md | 51 |
1 files changed, 51 insertions, 0 deletions
diff --git a/docs/configuration.md b/docs/configuration.md index 017d509854..913c653b0d 100644 --- a/docs/configuration.md +++ b/docs/configuration.md @@ -147,6 +147,34 @@ Apart from these, the following properties are also available, and may be useful How many stages the Spark UI remembers before garbage collecting. </td> </tr> +</tr> + <td>spark.ui.filters</td> + <td>None</td> + <td> + Comma separated list of filter class names to apply to the Spark web ui. The filter should be a + standard javax servlet Filter. Parameters to each filter can also be specified by setting a + java system property of spark.<class name of filter>.params='param1=value1,param2=value2' + (e.g.-Dspark.ui.filters=com.test.filter1 -Dspark.com.test.filter1.params='param1=foo,param2=testing') + </td> +</tr> +<tr> + <td>spark.ui.acls.enable</td> + <td>false</td> + <td> + Whether spark web ui acls should are enabled. If enabled, this checks to see if the user has + access permissions to view the web ui. See <code>spark.ui.view.acls</code> for more details. + Also note this requires the user to be known, if the user comes across as null no checks + are done. Filters can be used to authenticate and set the user. + </td> +</tr> +<tr> + <td>spark.ui.view.acls</td> + <td>Empty</td> + <td> + Comma separated list of users that have view access to the spark web ui. By default only the + user that started the Spark job has view access. + </td> +</tr> <tr> <td>spark.shuffle.compress</td> <td>true</td> @@ -495,6 +523,29 @@ Apart from these, the following properties are also available, and may be useful <td> Whether to overwrite files added through SparkContext.addFile() when the target file exists and its contents do not match those of the source. </td> +<tr> + <td>spark.authenticate</td> + <td>false</td> + <td> + Whether spark authenticates its internal connections. See <code>spark.authenticate.secret</code> if not + running on Yarn. + </td> +</tr> +<tr> + <td>spark.authenticate.secret</td> + <td>None</td> + <td> + Set the secret key used for Spark to authenticate between components. This needs to be set if + not running on Yarn and authentication is enabled. + </td> +</tr> +<tr> + <td>spark.core.connection.auth.wait.timeout</td> + <td>30</td> + <td> + Number of seconds for the connection to wait for authentication to occur before timing + out and giving up. + </td> </tr> </table> |