Support Questions

Find answers, ask questions, and share your expertise
Announcements
Celebrating as our community reaches 100,000 members! Thank you!

Port range for ApplicationMaster in YARN

avatar
New Contributor

Hello,

 

Everytime we submit a job to YARN, it opens up a new port, it is hard to setup a firewall rule. As there is a need enforcing the security policies in cluster, is there any way to have a port range ApplicationMaster in YARN?

 

What is the best practices interms of setting up firewall in the cluster?

 

I'm using CDH enterprise 5.10

 

Thanks in advance

Arun

1 REPLY 1

avatar
Mentor
Please see this prior post comment on AM ranges: http://community.cloudera.com/t5/Batch-Processing-and-Workflow/Where-is-the-setting-for-the-port-ran...

As to firewalls, the general practice I've observed is to setup rules at points of external access into the cluster (such as from user or other cluster networks) but leave the intra-cluster network open for the services within.

Our port range has a classification of internal/external if that would help you build your rules: https://www.cloudera.com/documentation/enterprise/latest/topics/cm_ig_ports.html