Configure TLS/SSL for YARN

If you enabled TLS/SSL for HDFS, you must also enable it for YARN.

If you enable TLS/SSL for HDFS, you must also enable it for YARN.

Cloudera recommends to enable Web UI authentication for YARN.

  1. In Cloudera Manager, select the YARN service.
  2. Click the Configuration tab.
  3. Search for TLS/SSL.
  4. Find and edit the following properties according to your cluster configuration:
    Property Description
    Hadoop TLS/SSL Server Keystore File Location Path to the keystore file containing the server certificate and private key.
    Hadoop TLS/SSL Server Keystore File Password Password for the server keystore file.
    Hadoop TLS/SSL Server Keystore Key Password Password that protects the private key contained in the server keystore.

If you want to override the cluster-wide defaults set by the HDFS properties, do the following:

  1. Configure the following TLS/SSL client truststore properties for YARN.
    Property Description
    TLS/SSL Client Truststore File Location Path to the client truststore file. This truststore contains certificates of trusted servers, or of Certificate Authorities trusted to identify servers.
    TLS/SSL Client Truststore File Password Password for the client truststore file.

If you want to enable Web UI authentication for YARN, do the following:

  1. Searh for web consoles.
  2. Find the Enable Authentication for HTTP Web-Consoles property.
  3. Check the property to enable web UI authentication.
  4. Click Save Changes.
  5. Go back to the home page, by clicking the Cloudera Manager logo.
  6. Select the HDFS service.
  7. Click the Configuration tab.
  8. Search for Hadoop SSL Enabled.
  9. Find and select the Hadoop SSL Enabled property.
    The SSL communication for HDFS and YARN is enabled.
  10. Click Save Changes.
  11. Click the Stale Service Restart icon that is next to the service to invoke the cluster restart wizard.
  12. Click Restart Stale Services.
  13. Select Re-deploy client configuration.
  14. Click Restart Now.