Apache ZooKeeper ACLs
Also available as:
PDF

ZooKeeper ACLs Best Practices: YARN

Best practices for tightening the ZooKeeper ACLs/permissions for YARN when provisioning a secure cluster.

  • ZooKeeper Usage:
    • /yarn-leader-election - used for RM leader election

    • /rmstore - used for storing RM application state

  • Default ACLs:

    • /yarn-leader-election - world:anyone:cdrwa

    • /rmstore - world:anyone:cdrwa

  • Security Best Practice ACLs/Permissions and Required Steps:

    • /yarn-leader-election - world:anyone:r

    • /yarn-leader-election - sasl:rm:rwcda

    • /rmstore - world:anyone:r

    • /rmstore - sasl:rm:rwcda