Configuring Drill-on-Yarn on a Secure Cluster
If you intend to run Drill on YARN on a secure cluster, you must manually enable SASL for the Apache ZooKeeper client.
About this task
This task provides instructions on how to properly enable SASL for the Apache ZooKeeper client, allowing YARN to enable Apache Zookeeper authentication.
NOTE Zookeeper authentication is enabled by default on secure clusters with core
releases 6.1.1, 6.2.0, and 7.0.0.
Procedure
-
Open the
distrib-env.sh
file indrill_home/conf
. (If you use--site
, then use your site directory). -
In
DRILL_JAVA_OPTS
, change-Dzookeeper.sasl.client
fromfalse
totrue
. -
Export the new property:
export SQLLINE_JAVA_OPTS="${SQLLINE_JAVA_OPTS} - Ddrill.customAuthFactories=org.apache.drill.exec.rpc.security.maprsasl.MapRSaslFactory -Dzookeeper.sasl.client=true -Djava.security.auth.login.config=/opt/mapr/conf/mapr.login.conf -Dzookeeper.saslprovider=com.mapr.security.maprsasl.MaprSaslProvider