Apache ZooKeeper ACLs: YARN
The authentication method is different in CDP than it was in CDH. As a result the znodes
under /yarn-leader-election
and /rmstore
most likely
do not have the safest ACLs set after the upgrade.
You can resolve this situation in two ways:
- Delete the znodes. In this case application history will be lost.
- Temporary disable the ZooKeeper security, and set the ACLs using the ZooKeeper CLI. This is a less intrusive option.
When YARN recreates the znode they will have the correct ACLs.
If the znode have sasl:principal
then name:cdrwa
is the
safest option, meaning that only YARN's user has read and write access to the
znodes.