Hello @luisfeg,   The files are only listed in the security scan out if the cgroups feature is in effect (CM -> Hosts -> Configuration -> "Enable Cgroup-based Resource Management"). The default permission of the cgroup_event_control files are indeed world writable without any other permission bit set. However, this has not too much effect in accordance with this document which explains why cgroup files are typically world writable: https://www.kernel.org/doc/Documentation/cgroup-v1/memory.txt   This seems to be created by the supervisor code cgroups feature, and Red Hat appears to have a subscription article on a similar concern elsewhere on the file system: https://access.redhat.com/solutions/377043.   These files being world writable is an inherent part of Linux cgroups and users being able to use the cgroup API.  Cloudera can only use this cgroup feature if the user configures it explicitly thru Cloudera Manager.  As Red Hat states in the document mentioned above:   "Changing the world writable bit is not recommended on these files as it would break notification features of the cgroup API. Changing the permissions would have no effect. Cgroups has it's own pseudo-file-system and manages all the files therein. Each time the cgconfig init script is run, the world writable bit will be set on these files. The cgroup.event_control files are world writeable. This is because they are used in conjunction with the cgroups notification API to allow notifications to be sent about a changing status in the control group." ... View more

Hi @Harish19 , the best place for information regarding TCP-DS tests on Impala would be (follow the README.md):   https://github.com/cloudera/impala-tpcds-kit   Once the data is populated in HDFS and tables are created, you likely can run most the same queries in tree/master/queries/ on Hive and/or Hive on Spark to test.   IBM and Databricks have githubs with some SparkSQL tests, which you can Google for, but I have not personally evaluated them, or know if they work.   Thanks, ... View more

@Prav ,   This appears to have been listed as a bug (which is actually a longstanding limitation due to the definition of files and directories with _ and . being considered as "hidden" in FileInputFormat in Hadoop) of Hive since the 0.12 version:   https://issues.apache.org/jira/browse/HIVE-6431 https://stackoverflow.com/questions/19830264/which-files-are-ignored-as-input-by-mapper   If these files are needed to be seen, please consider using a pre-process script to rename them after loading.   Thanks, ... View more

Thanks to everyone who replied. It turns out that references to truststores and server keys, etc., and associated passwords may be cached, so when we changed these after moving the cluster, creating new cerrts and replacing the passwords in CDH was insufficient.    So, after DELETING all fields containing passwords, cert locations, key locations, etc.,unchecking SSL, restarting the cluster, and adding the references back in, everything works. Uugghhh - who knew! 🙂   B ... View more

Typically, we see this type of stack trace when the keytab for the service principals do not match the principals in the KDC.   Also, occasionally, the enctypes for the KDC do not match up with encryption types in your krb5.conf on the client side, with something like arcfour-hmac missing, but this is less likely the cause.   https://web.mit.edu/kerberos/kfw-4.1/kfw-4.1/kfw-4.1-help/html/encryption_types.htm   Our first suggestion would be to:    Stop all services on the cluster Regenerating all of the existing principals beneath: Administration > Security > Kerberos Credentials > Select all > Regenerate Selected Start all services on the cluster   ... View more