Enabling custom Kerberos principal support in a Queue Manager cluster

In a secure Queue Manager cluster, you can enable custom Kerberos principal using Cloudera Manager.

Ensure your Queue Manager cluster is secure. For that, check if it runs on port 7183.

  1. In Cloudera Manager, navigate to YARN > Configuration.
  2. Search for admin acl.
  3. Find the Admin ACL (yarn_admin_acls) property.
  4. Add the user you want to use for the Kerberos principal to the list of the Admin ACL property.
  5. Click Save Changes.
  6. Restart the YARN service to remove stale configurations.
  7. Navigate to Queue Manager > Configuration.
  8. Search for kerberos principal.
  9. Find the Kerberos Principal (kerberos_princ_name) property.
  10. Add the same user you added to the Admin ACL property.
  11. Click Save Changes.
  12. Restart the YARN Queue Manager service to remove stale configurations.
If you get the Exception: Only admins can carry out this operation error message while doing Queue Manager operations, ensure that the principal name is added to the YARN Admin ACL list.