Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Port range for ApplicationMaster in YARN

Port range for ApplicationMaster in YARN

New Contributor

Hello,

 

Everytime we submit a job to YARN, it opens up a new port, it is hard to setup a firewall rule. As there is a need enforcing the security policies in cluster, is there any way to have a port range ApplicationMaster in YARN?

 

What is the best practices interms of setting up firewall in the cluster?

 

I'm using CDH enterprise 5.10

 

Thanks in advance

Arun

1 REPLY 1
Highlighted

Re: Port range for ApplicationMaster in YARN

Master Guru
Please see this prior post comment on AM ranges: http://community.cloudera.com/t5/Batch-Processing-and-Workflow/Where-is-the-setting-for-the-port-ran...

As to firewalls, the general practice I've observed is to setup rules at points of external access into the cluster (such as from user or other cluster networks) but leave the intra-cluster network open for the services within.

Our port range has a classification of internal/external if that would help you build your rules: https://www.cloudera.com/documentation/enterprise/latest/topics/cm_ig_ports.html
Don't have an account?
Coming from Hortonworks? Activate your account here