Hi All,   Resolved using below steps: 1) To observe the Datanode threads: Created a widget in Ambari under HDFS for DataNode Threads (Runnable, Waited, Blocked) Monitored that from a particular date the threads went in wait stage. Exported the graph widget CSV file to view the exact time of wait threads. 2) Restart all Datanodes manually and observed that the wait threads were released. 3) With default 4096 threads the DataNode is running properly.   Still unable to understand: 1) How to check the wait threads are in which DataNode? 2) Which task or process tend to threads in the wait stage?   Would like to know if anyone comes across this and able to find in detail.   Else the above steps are the only solution for wait threads. ... View more

@Rohit Sharma Thats exactly how it was designed to function.When you create a Kerberos database kdb5_util create -s and generate keytabs, you are creating a something a private and public key it's the DNA database the keytab is like a biometric passport (keytab) that you present to the airport and its check against the passport database (kdc) to check whether it's really you or someone's passport that's exactly what's happening !!!! The KDC database is checking the keytabs against the ABC.COM yet you are trying to present a wrong passport. So there is no way your Kafka is going to function unless. Recreate the KDC database Regenerate the keytabs Edit the kdc.conf,krb5.conf and kadm5.acl HTH , @Rohit Sharma Whe ... View more

@Rohit Sharma Please find below answer to your question though I didn't understand exactly what you meant!!! 1. What are kerberize zone advantages. ? You can't Kerberize a zone but a cluster, but you can create an encryption zone those are 2 different things. The primary design goal of Kerberos is to eliminate the transmission of unencrypted passwords across the network. If used properly, Kerberos effectively eliminates the threat that packet sniffers would otherwise pose on a network. 2. Which services should i considered to keep in that zone? Again some confusing here. An encryption zone is a special directory whose contents will be transparently encrypted upon write and transparently decrypted upon read.You can store for example HR salary scheme, or just about any document you deem needs protection You either Kerberize the whole cluster or not, 3. Which approach is good to use other the this.? You need Kerberos if you're serious about security. AD/LDAP will cover only a fraction of components, many other systems will require Kerberos for identity. One can still keep users in the LDAP, but the first line in the infrastructure will be Kerberos. Kerberos is the defacto standard for securing your hadoop environment couple with SSL/SASL and the traditional firewalls and physical protection (Caged nodes in a datacenter) 4. If it's HA and Prod environment what are best practices.? HA and prod I don't see the link. HA is basically having a redundant system which is fault tolerant. And Prod environment is self-explanatory 5. How to implement and configure if I am planning to add ranger poorly? For authentication, there is no alternative for Kerberos. Once your cluster is Kerberized, you can make it easier for certain access path by using AD/LDAP. Example, access to HS2 via AD/LDAP authentication or accessing various services using Knox Authorization can be done via Ranger or using the natively supported ACL. Except for Storm and Kafka, having Kerberos is not mandatory. Without reliable authentication, authorization and auditing is meaningless. Common use case as yours: User A logs into the system with his AD credentials, HDFS or Hive ACL's kicks in for authorization. 6. If it is integrated with HDP and HDF cluster what would be administraror good practice? Now HDP & HDF are both managed by Ambari so that sort of simplifies so admin task for more info 7. Study materials if any in HDP? Better start off with HDP or HDF sandboxes see HDP HDF ... View more