@ctrl_alt_delete, I have reached out to you with further details.  ... View more

Hi @zero , Did you try out commenting the renew_lifetime parameter in /etc/krb5.conf. I think I too had the same issue and this resolved my error. Mine was a CDP 7.1.4 cluster, but have faced similar issues in HDP also.   https://community.cloudera.com/t5/Support-Questions/HDF-Zookeeper-server-not-starting-after-MIT-Kerberos-is/m-p/291367   Thanks, Vivek ... View more

Could you run the administrator cmd not a normal one? From your error, I think you have not enough privilege to run these commands. ... View more

Sometimes, This occurs if the agent cannot write data under /opt/cloudera/parcels/.flood, if your parcel is using by the other hosts, don't deactivate parcel as first step. Check directory space and delete /opt/cloudera/parcels/.flood folder and restart the agent. ... View more

Hi Wilfried,   I'm sorry to ask again, but i'm facing the same problem and I don't understand how to configure Dynamic Ressource Pool Configuration to work using orginal user groups (me not hive). I'm using CDH 5.13 with Kerberos and Sentry. As I am using Sentry, impersonation is disabled. My configuration is  root |--A |--B On root, submission ACL are set to allow only "sentry" user to submit in this pool On A, submission ACL are set to allow only group A to submit in this pool On B, submission ACL are set to allow only group B to submit in this pool Placement rules are : 1 - "Use the pool Specified at run time, only if the pool exists." 2 - "Use the pool root.[username] and create the pool if it does not exist. "   When I submit a query with a user from the group A, using Hue and setting "set mapred.job.queue.name=A;" I got the error : "User hive cannot submit applications to queue root.A"   If I add hive to allowed user on root, the query is working fine but both A and B user's can submit query If I add hive to only "A" resource pool, then user from A and B group can submit query to ressource pool A, but none can submit to resource pool B   Maybe I am missing an important part, but I don't have the same behavior as you explained and if I add hive in authorized user it will break the ACL's as every user could use all the resource pool.   Can you give us the good configuration to have the same behavior as your's ?  ... View more

Ah, my error was not using HDFS: for the .py.  Thanks! ... View more

I have had authorized_proxy_user_config=hue=* configuration on CM, but for some reason it wasn't being populated on impalad configuration.   after reading the post you provided me, instead of manually adding it to "advanced snippet", I enabled Sentry Authorization on Impala. Now the configuration appears on the impalad, and impersonation works fine.   Thank you for your help Romain Ben ... View more

Ahh.. there it is. thank you very much 🙂 ... View more

Of course if you do this anyone can change resource pool settings using Cloudera Manager REST API or yarn admin command. When you get update error you can check specific user who perform the command from Cloudera Server log, but i didn't bother to check it. ... View more

Thank you for sharing the solution ben123. 🙂 ... View more