Configure Additional Changes for HDP and ODP

This page describes how to configure services with Access Control Lists (ACLs) or older service versions so that Pulse can access required metrics and communicate securely with Hadoop components.

To enable this, you must apply the following changes.

Steps for Configuration

Update the YARN ACL settings

Check whether ACLs are enabled:
- Property: yarn.acl.enable
If enabled, add the following property to custom yarn-site.xml: yarn.timeline-service.read.allowed.users=hdfs
- Replace hdfs with any specific user created for Pulse if required.
Restart the YARN service to apply changes.

Update Kafka Protocol Settings

In Ambari > Kafka, modify:
- Listeners → Set to SASL_PLAINTEXT://localhost:6667
- Interbroker Protocol → Set to SASL_PLAINTEXT
Verify all listeners are updated to use SASL_PLAINTEXT.

Add Kafka ACL Permissions

Grant Kafka ACL permissions to the HDFS user by running the following command as the Kafka user.

Example command to grant Describe and Read permissions.

Bash
    
​x
    
/usr/hdp/current/kafka-broker/bin/kafka-acls.sh --authorizer-properties zookeeper.connect=<zk_hostname>:2181 --add --allow-principal User:hdfs --operation All --topic '*' --cluster​/usr/hdp/current/kafka-broker/bin/kafka-acls.sh --authorizer-properties zookeeper.connect=<zk_hostname>:2181 --add --allow-principal User:hdfs --operation All --group '*' --cluster
Copy

(Replace <ZK_HOST:PORT> with your ZooKeeper connection string.)

Result

YARN and Kafka services allow Pulse to read the required metrics.
All communication uses SASL_PLAINTEXT for secure authentication.
ACL permissions ensure Pulse can access Kafka topics without manual intervention.

Last updated on

Was this page helpful?