diff --git hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/resources/yarn-default.xml hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/resources/yarn-default.xml index ead11eb..7753e90 100644 --- hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/resources/yarn-default.xml +++ hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/resources/yarn-default.xml @@ -357,7 +357,7 @@ By default, when this property is not set, we use the ACLs from yarn.resourcemanager.zk-acl for shared admin access and - rm-address:cluster-timestamp for username-based exclusive create-delete + rm-address:random-number for username-based exclusive create-delete access. This property allows users to set ACLs of their choice instead of using diff --git hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/recovery/ZKRMStateStore.java hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/recovery/ZKRMStateStore.java index 579fa77..4d6bdca 100644 --- hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/recovery/ZKRMStateStore.java +++ hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/recovery/ZKRMStateStore.java @@ -27,6 +27,7 @@ import java.util.ArrayList; import java.util.Collections; import java.util.List; +import java.util.Random; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; @@ -136,6 +137,8 @@ private String fencingNodePath; private Op createFencingNodePathOp; private Op deleteFencingNodePathOp; + private String zkRootNodeUsername; + private String zkRootNodePassword = Long.toString(new Random().nextLong()); @VisibleForTesting List zkRootNodeAcl; @@ -145,9 +148,6 @@ private final String zkRootNodeAuthScheme = new DigestAuthenticationProvider().getScheme(); - private String zkRootNodeUsername; - private String zkRootNodePassword; - /** * Given the {@link Configuration} and {@link ACL}s used (zkAcl) for * ZooKeeper access, construct the {@link ACL}s for the store's root node. @@ -172,7 +172,6 @@ zkRootNodeUsername = HAUtil.getConfValueForRMInstance( YarnConfiguration.RM_ADDRESS, YarnConfiguration.DEFAULT_RM_ADDRESS, conf); - zkRootNodePassword = Long.toString(ResourceManager.getClusterTimeStamp()); Id rmId = new Id(zkRootNodeAuthScheme, DigestAuthenticationProvider.generateDigest( zkRootNodeUsername + ":" + zkRootNodePassword));