Enabling custom Kerberos principal support in a Queue Manager cluster
In a secure Queue Manager cluster, you can enable custom Kerberos principal using
Cloudera Manager.
Ensure your Queue Manager cluster is secure. For that, check if it runs on port
7183.
In Cloudera Manager, navigate to YARN > Configuration.
Search for admin acl.
Find the Admin ACL (yarn_admin_acls)
property.
Add the user you want to use for the Kerberos principal to the list of the
Admin ACL property.
Click Save Changes.
Restart the YARN service to remove stale configurations.
Navigate to Queue Manager > Configuration.
Search for kerberos principal.
Find the Kerberos Principal
(kerberos_princ_name) property.
Add the same user you added to the Admin ACL
property.
Click Save Changes.
Restart the YARN Queue Manager service to remove stale configurations.
If you get the
Exception: Only admins can carry out this operation
error message while doing Queue Manager operations, ensure that the principal name is
added to the YARN Admin ACL list.