YARN Configuration
![[Note]](../common/images/admon/note.png) | Note |
|---|---|
The following steps must be performed on all nodes that launch the ResourceManager. |
Create a new configuration file called
yarn_jaas.confin the directory that contains the Hadoop Core configurations (typically,/etc/hadoop/conf).Client { com.sun.security.auth.module.Krb5LoginModule required useKeyTab=true storeKey=true useTicketCache=false keyTab="$PATH_TO_RM_KEYTAB" (such as "/etc/security/keytabs/rm.service.keytab") principal="rm/$HOST"; (such as "rm/xuan-sec-yarn-ha-1.novalocal@EXAMPLE.COM";) };Add a new property to the
yarn-site.xmlfile.<property> <name>yarn.resourcemanager.zk-acl</name> <value>sasl:rm:rwcda</value> </property>
Note Because
yarn-resourcemanager.zk-aclis set tosasl, you do not need to set any value foryarn.resourcemanager.zk-auth. Setting the value to sasl also means that you cannot run the commandaddauth<scheme><auth>in the zkclient CLI.Add a new YARN_OPTS to the
yarn-env.shfile and make sure this YARN_OPTS will be picked up when you start your ResourceManagers.YARN_OPTS="$YARN_OPTS -Dzookeeper.sasl.client=true -Dzookeeper.sasl.client.username=zookeeper -Djava.security.auth.login.config=/etc/hadoop/conf/yarn_jaas.conf -Dzookeeper.sasl.clientconfig=Client"