Yesha Vora created AMBARI-22956:

             Summary: Fix hadoop-policy.xml and YARN_OPTS property values for 
secure yarn cluster       
                 Key: AMBARI-22956
             Project: Ambari
          Issue Type: Bug
    Affects Versions: 2.7.0
            Reporter: Yesha Vora

Few misconfigurations were found in secure Hadoop cluster

* Hadoop-policy.xml is configured to allow hadoop user to use 
security.admin.operations.protocol.acl. However, the proper syntax should be 
users blank groups. For example:
hdfs,yarn hadoop
Ambari side is misconfiguring the hadoop-policy 

* In addition, we also found the cluster is configured with which 
-Dzookeeper.sasl.clientconfig=Client $YARN_OPTS{code}
This does not look correct because YARN does not have zookeeper principal. The 
sasl client username should be either rm or yarn. Ideally, this is set in 
yarn_jaas.conf to use client supplied name instead of trying to be zookeeper 

This message was sent by Atlassian JIRA

Reply via email to