You are viewing a plain text version of this content. The canonical link for it is here.

Posted to hdfs-user@hadoop.apache.org by Karthik Kambatla <ka...@cloudera.com> on 2014/06/12 09:20:47 UTC

Re: Yarn HA - Zookeeper ACLs

Hi Manoj

Firstly, one can choose to leave that config alone. If not set, the ACLs
are automatically generated such that all RMs have shared admin access but
exclusive create-delete access. For the exclusive create-delete access, the
RMs use username:password where the username is
yarn.resourcemanager.address and the password is a secure random number.
One should use that config only when they are not happy with this implicit
default mechanism.

Now, coming to your actual question, imagine something along these lines:

RM1: yarncluster:shared-password:rwa,rm1:secret-password:cd
RM2: yarncluster:shared-password:rwa,rm2:secret-password:cd

Hope that helps.

On Thu, May 29, 2014 at 1:26 PM, Manoj Samel <ma...@gmail.com>
wrote:

> (reposting since no reply first time) ...
>
> Hi,
>
> For yarn.resourcemanager.zk-state-store.root-node.acl, the
> yarn-default.xml says "For fencing to work, the ACLs should be carefully
> set differently on each ResourceManger such that all the ResourceManagers
> have shared admin access and the Active ResourceManger takes over
> (exclusively) the create-delete access."
>
> Can someone give actual example of such permissions ?
>
> Thanks,
>
>