Details
-
Bug
-
Status: Open
-
Major
-
Resolution: Unresolved
-
2.5.0
-
None
-
None
-
HDP 2.6.0.3 on SLES 12.1
Description
Ambari seems to have deployed /etc/hadoop/2.6.0.3/0/ssl-client.xml and ssl-server.xml with permissions 600 hdfs:hadoop resulting in Yarn RM getting permission denied in it's logs.
This should be set to 640 to allow the yarn process to use the hadoop group to read the files, or because it contains jks passwords use a new group containing only yarn (since yarn is only in the hadoop group), or set an extended ACL to permit just the yarn user read permissions.