7.3. Configuring Accumulo on YARN on Secure Clusters

As previously mentioned, the Accumulo-on-Slider application package includes both non-secure (appConfig-default.json) and secure (appConfig-secured-default.json) versions of the application specification. On secure clusters, you should use the secure version of the application specification.

To configure Accumulo for Kerberos, the following properties should be changed in the appConfig.json file to specify a keytab and principal for Accumulo processes to use. You must generate the keytabs on all the hosts and provide their location to Accumulo in the keytab property. If the keytab is not headless, the recommended form for the principal is accumulo/_HOST@<realm>, with the realm for your system. The Slider Application Master also needs a keytab and a principal, which can be (but does not need to be) the same one used for the Accumulo processes.

"global": { 
     "site.accumulo-site.general.kerberos.keytab": "", 
     "site.accumulo-site.general.kerberos.principal": "",
   }, 
   "components": { 
      "slider-appmaster": { 
         "slider.am.keytab.local.path": "", 
         "slider.keytab.principal.name": ""
     }
   }
 

should be changed to:

"global": { 
   "site.accumulo-site.general.kerberos.keytab": <keytab file abs path>, 
   "site.accumulo-site.general.kerberos.principal": <principal name>,
   }, 
   "components": { 
      "slider-appmaster": { 
         "slider.am.keytab.local.path": <keytab file abs path>, 
         "slider.keytab.principal.name": <principal name>
    }
  }
  
[Note]Note

For more information on configuring Accumulo-on-Slider on secure clusters, including information about keytab-associated properties and the available keytab distribution options, see Apache Slider Security.


loading table of contents...