Configure YARN with Kerberos

Make sure that the following tasks are already completed, as directed in earlier sections of this guide:

Now complete the following tasks.

Configure the yarn-site.xml File

Add the following properties to the yarn-site.xml file on every node in the cluster.

/opt/mapr/hadoop/hadoop-<version>/etc/hadoop/yarn-site.xml

Note that you need to use /opt/mapr/conf/mapr.keytab for the keytab property and mapr instead of yarn for the principal property.

<!-- ResourceManager security configs -->
<property>
 <name>yarn.resourcemanager.keytab</name>
 <value>/opt/mapr/conf/mapr.keytab</value>    <!-- path to the YARN keytab -->
 
</property>
<property>
 <name>yarn.resourcemanager.principal</name>
 <value>mapr/_HOST@YOUR-REALM.COM</value>
</property>
 
<!-- NodeManager security configs -->
<property>
 <name>yarn.nodemanager.keytab</name>
<value>/opt/mapr/conf/mapr.keytab</value>    <!-- path to the YARN keytab -->
 
</property>
<property>
 <name>yarn.nodemanager.principal</name>
 <value>mapr/_HOST@YOUR-REALM.COM</value>
</property>
<property>
 <name>yarn.nodemanager.container-executor.class</name>
 <value>org.apache.hadoop.yarn.server.nodemanager.LinuxContainerExecutor</value>
</property>
<property>
 <name>yarn.nodemanager.linux-container-executor.group</name>
 <value>mapr</value>
</property>

Configure the mapred-site.xml File

Add the following properties to the mapred-site.xml file on every node in the cluster.

/opt/mapr/hadoop/hadoop-2.7.0/etc/hadoop/mapred-site.xml

Note that you need to use /opt/mapr/conf/mapr.keytab for the keytab property and mapr instead of yarn for the principal property.


        <!-- MapReduce Job History Server security configs -->
        <property>
          <name>mapreduce.jobhistory.address>/name>
          <value>host:port>/value> <!-- Host and port of the MapReduce Job History Server; default port is 10020  -->
        </property>
        <property>
          <name>mapreduce.jobhistory.keytab>/name>
          <value>/opt/mapr/conf/mapr.keytab>/value>    <!-- path to the YARN keytab -->          
        </property>
        <property>
          <name>mapreduce.jobhistory.principal>/name>
          <value>mapr/_HOST@YOUR-REALM.COM>/value>
        </property>

Restart ResourceManager, NodeManager, and JobHistoryServer

Restart the NodeManager, ResourceManager, and JobHistoryServer services, using either the maprcli node services command (with the name option) or the MCS. After restarting the services, make sure you can run simple Hadoop jobs by running:

hadoop jar /opt/mapr/hadoop/hadoop-<version>/hadoop-<version>-dev-examples.jar pi