Hortonworks Docs » Hortonworks Data Platform 3.1.4 » Apache ZooKeeper ACLs
Apache ZooKeeper ACLs
Also available as:
PDF

ZooKeeper ACLs Best Practices: WebHCat

You must follow the best practices for tightening the ZooKeeper ACLs or permissions for WebHCat when provisioning a secure cluster.

  • ZooKeeper Usage:

    • /templeton-hadoop - WebHCat stores status of jobs that users can query in zookeeper (if ZooKeeperStorage is configured to find out the status of jobs - it can also use HDFS for this storage). WebHCat typically will create three znodes inside this root : “jobs”, “overhead” and “created”. This root node is exposed via config : templeton.storage.root. In addition, whether or not ZooKeeperStorage is used is configured by another config parameter : templeton.storage.class. Both these parameters are part of webhcat-site.xml. These nodes are altered from launcher map task as well, which runs as the end user.

  • Default ACLs:

    • /templeton-hadoop - world:anyone:cdrwa

  • Security Best Practice ACLs/Permissions and Required Steps:

    • /templeton-hadoop - world:anyone:cdrwa

© 2012–2019, Hortonworks, Inc.
Document licensed under the Creative Commons Attribution ShareAlike 4.0 License.
Hortonworks.com | Documentation | Support | Community