ZooKeeper ACLs Best Practices: YARN
YARN related ZooKeeper ACLs are automatically created using Cloudera Manager. Review the list of default ACLs to ensure they are set as recommended for YARN.
Cloudera Manager automatically sets some ZooKeeper ACLs related YARN properties that are used by the YARN service to set up the default ZooKeeper ACLs. That means no manual configuration step is needed.
- ZooKeeper Usage:
-
/yarn-leader-election
- used for RM leader election -
/rmstore
- used for storing RM application state
-
-
Default ACLs:
-
/yarn-leader-election
-sasl:rm:cdrwa,sasl:yarn:cdrwa
-
/rmstore
-sasl:rm:cdrwa,sasl:yarn:cdrwa
-
-
Delete the znode and restart the YARN service.
-
Use the reset ZK ACLs command. This also sets the znodes below
/rmstore/ZKRMStateRoot
toworld:anyone:cdrwa
which is less secure.