ZooKeeper ACLs Best Practices: YARN
YARN related ZooKeeper ACLs are automatically created using Cloudera Manager. Review the list of default ACLs to ensure they are set as recommended for YARN.
Cloudera Manager automatically sets some ZooKeeper ACLs related YARN
properties that are used by the YARN service to set up the default ZooKeeper ACLs. That means no
manual configuration step is needed. However, customized principles are set by Cloudera Manager only at first launch. For any later launches Clouder Manager
checks only the root znodes.
- ZooKeeper Usage:
-
/yarn-leader-election- used for RM leader election -
/rmstore- used for storing RM application state
-
-
Default ACLs:
-
/yarn-leader-election-sasl:[***customized principle upon first launch***]:cdrwa -
/rmstore-sasl:[***customized principle upon first launch***]:cdrwa
-
If default ACLs are set incorrectly, perform one of the following workarounds:
-
Delete the znode and restart the YARN service.
-
Use the reset ZK ACLs command. This also sets the znodes below
/rmstore/ZKRMStateRoottoworld:anyone:cdrwawhich is less secure.
