YARN Configuration
Note | |
---|---|
The following steps must be performed on all nodes that launch the ResourceManager. |
Create a new configuration file called
yarn_jaas.conf
in the directory that contains the Hadoop Core configurations (typically,/etc/hadoop/conf
).Client { com.sun.security.auth.module.Krb5LoginModule required useKeyTab=true storeKey=true useTicketCache=false keyTab="$PATH_TO_RM_KEYTAB" (such as "/etc/security/keytabs/rm.service.keytab") principal="rm/$HOST"; (such as "rm/xuan-sec-yarn-ha-1.novalocal@EXAMPLE.COM";) };
Add a new property to the
yarn-site.xml
file.<property> <name>yarn.resourcemanager.zk-acl</name> <value>sasl:rm:rwcda</value> </property>
Note Because
yarn-resourcemanager.zk-acl
is set tosasl
, you do not need to set any value foryarn.resourcemanager.zk-auth
. Setting the value to sasl also means that you cannot run the commandaddauth<scheme><auth>
in the zkclient CLI.Add a new YARN_OPTS to the
yarn-env.sh
file and make sure this YARN_OPTS is picked up when you start your ResourceManagers.YARN_OPTS="$YARN_OPTS -Dzookeeper.sasl.client=true -Dzookeeper.sasl.client.username=zookeeper -Djava.security.auth.login.config=/etc/hadoop/conf/yarn_jaas.conf -Dzookeeper.sasl.clientconfig=Client"