Adding security to a YARN cluster
Hadoop provides a few methods that add security layers to a cluster. YARN inherits those methods and enables security for YARN services.
The following are the methods a cluster administrator can implement while configuring a secure Hadoop-YARN cluster:
Using a dedicated user group for Hadoop-YARN daemons
Before starting the Hadoop-YARN services, an administrator needs to ensure that a dedicated user group is created on all the nodes of the cluster and all Hadoop-YARN daemons run as the dedicated user only. Hadoop-dedicated users—hdfs, yarn, and mapred must be created on all the nodes and these must belong to a common user group called hadoop.
All the Hadoop-YARN daemons, the ResourceManager, NodeManager, and the Application Timeline server should run under the YARN user. The MapReduce JobHistoryServer service should run as a mapred user.
To create a new group and add new users to the group in Linux, you need to execute the following commands:
- Create a...
