hadoop-mapreduce-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Karthik Kambatla <ka...@cloudera.com>
Subject Re: Yarn HA - Zookeeper ACLs
Date Thu, 12 Jun 2014 07:20:47 GMT
Hi Manoj

Firstly, one can choose to leave that config alone. If not set, the ACLs
are automatically generated such that all RMs have shared admin access but
exclusive create-delete access. For the exclusive create-delete access, the
RMs use username:password where the username is
yarn.resourcemanager.address and the password is a secure random number.
One should use that config only when they are not happy with this implicit
default mechanism.

Now, coming to your actual question, imagine something along these lines:

RM1: yarncluster:shared-password:rwa,rm1:secret-password:cd
RM2: yarncluster:shared-password:rwa,rm2:secret-password:cd

Hope that helps.


On Thu, May 29, 2014 at 1:26 PM, Manoj Samel <manojsameltech@gmail.com>
wrote:

> (reposting since no reply first time) ...
>
> Hi,
>
> For yarn.resourcemanager.zk-state-store.root-node.acl, the
> yarn-default.xml says "For fencing to work, the ACLs should be carefully
> set differently on each ResourceManger such that all the ResourceManagers
> have shared admin access and the Active ResourceManger takes over
> (exclusively) the create-delete access."
>
> Can someone give actual example of such permissions ?
>
> Thanks,
>
>

Mime
View raw message