Configure TLS/SSL for YARN
If you enabled TLS/SSL for HDFS, you must also enable it for YARN.
If you enable TLS/SSL for HDFS, you must also enable it for YARN.
Cloudera recommends to enable Web UI authentication for YARN.
- In Cloudera Manager, select the YARN service.
- Click the Configuration tab.
- Search for TLS/SSL.
-
Find and edit the following properties according to your cluster
configuration:
Property Description Hadoop TLS/SSL Server Keystore File Location Path to the keystore file containing the server certificate and private key. Hadoop TLS/SSL Server Keystore File Password Password for the server keystore file. Hadoop TLS/SSL Server Keystore Key Password Password that protects the private key contained in the server keystore.
If you want to override the cluster-wide defaults set by the HDFS
properties, do the following:
-
Configure the following TLS/SSL client truststore properties for YARN.
Property Description TLS/SSL Client Truststore File Location Path to the client truststore file. This truststore contains certificates of trusted servers, or of Certificate Authorities trusted to identify servers. TLS/SSL Client Truststore File Password Password for the client truststore file.
If you want to enable Web UI authentication for YARN, do the
following:
- Search for web consoles.
- Find the Enable Authentication for HTTP Web-Consoles property.
-
Check the property to enable web UI authentication.
- Click Save Changes.
- Go back to the home page, by clicking the Cloudera Manager logo.
- Select the HDFS service.
- Click the Configuration tab.
- Search for Hadoop SSL Enabled.
-
Find and select the Hadoop SSL Enabled property.
The SSL communication for HDFS and YARN is enabled.
- Click Save Changes.
- Click the Stale Service Restart icon that is next to the service to invoke the cluster restart wizard.
- Click Restart Stale Services.
- Select Re-deploy client configuration.
- Click Restart Now.
