Configure Timeline Server Security
You can configure Kerberos authentication for the Timeline Server. In addition, you can configure ACLs and SSL for the Timeline Server.
-
Configure Kerberos Authentication
To configure Kerberos Authentication for the Timeline Server, add the following properties to the
yarn-site.xmlfile.<property> <name>yarn.timeline-service.http-authentication.type</name> <value>kerberos</value> </property> <property> <name>yarn.timeline-service.http-authentication.kerberos.principal</name> <value>HTTP/localhost@EXAMPLE.COM</value> </property> <property> <name>yarn.timeline-service.http-authentication.kerberos.keytab</name> <value>/etc/krb5.keytab</value> </property> -
Configure Timeline Server Authorization (ACLs)
Timeline Server ACLs are configured in the same way as other YARN ACLs. To configure Timeline Server authorization with ACLs, add the following properties to the
yarn-site.xmlfile.<property> <name>yarn.acl.enable</name> <value>true</value> </property> <property> <name>yarn.admin.acl</name> <value> </value> </property> -
Configure Timeline Server SSL
Timeline Server SSL is configured in the same way as other Hadoop components. To configure Timeline Server SSL, add the following properties to the
core-site.xmlfile.<property> <name>hadoop.ssl.require.client.cert</name> <value>false</value> </property> <property> <name>hadoop.ssl.hostname.verifier</name> <value>DEFAULT</value> </property> <property> <name>hadoop.ssl.keystores.factory.class</name> <value>org.apache.hadoop.security.ssl.FileBasedKeyStoresFactory</value> </property> <property> <name>hadoop.ssl.server.conf</name> <value>ssl-server.xml</value> </property> <property> <name>hadoop.ssl.client.conf</name> <value>ssl-client.xml</value> </property>