venkata91 commented on PR #22509: URL: https://github.com/apache/flink/pull/22509#issuecomment-1607986144
> Thanks for working on improving the security of YARN integration. This PR already looks pretty good to me and I just left some minor comments. > > I have tried to verify this PR in a real YARN cluster with version `3.2.1`. Unfortunately, it does not take effect both for "viewing the logs" and "kill application". The `yarn.acl.enabled = true` and `yarn.admin.acl = hadoop` has already configured for the YARN cluster. Do I miss something else? > > Update: When I enabled the `kerberos` for YARN, the acl mechanism seems to work now. I not sure whether this is related. @wangyang0918 Based on the [documentation](https://docs.cloudera.com/documentation/enterprise/6/6.3/topics/cm_mc_yarn_acl.html#concept_activate_yarn_ACLs) here, it looks like `yarn.acl.enable` should be set to true to enable YARN ACLs. Just curious, it is set in your yarn-site.xml? Interesting, that it works after enabling Kerberos, is it because the other cluster or environment have this config set? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
