The Migration into CM would entail manually translating your non-default CDH configurations into cloudera managers configuration for CDH.  There is not an automated way to do that.   Other than that, the CDH upgrade is documented, here:   http://www.cloudera.com/content/cloudera/en/documentation/core/latest/topics/cdh_ig_upgrade_command_line.html     ... View more

so realize the reason there was a */admin@REALM in the kadm5.acl file before you changed it...  that generic entry was in there so that any principal that has a name that ends with /admin is granted administrative rights over the KDC database.   Your cloudera manager principal is named cloudera-scm/admin@JNJ.COM, but your acl file restricts admin to ONLY a user named "admin@JNJ.COM"   From the script output you gave, none of the commands are working through kadmin becase the CM server user has no rights.   Either update the kadm5.acl file to include */admin@JNJ.COM, or explicitly set and entry for the CM server scm-server/admin@JNJ.COM.  At that point you should be able to configure cluster principals through CM in the KDC.   Todd ... View more

Also, what is in your KDC's kadm5.acl file? ... View more

What KDC is in use?  What OS and Release Version is the KDC running on? ... View more

What version of Cloudera Manager are you using in the example you provided?   ... View more

The networking and security requirements for installation are listed here, make sure you have read through and configured based on this discussion.   http://www.cloudera.com/content/cloudera/en/documentation/core/latest/topics/cm_ig_cm_requirements.html#cmig_topic_4_3_3_unique_1   each host must be able to perform forward and reverese lookup of the others.   if /etc/hosts is how you are managing dns, make sure they reflec the proper IP/Hostname   The other thing to verify is that your cloned vm's have unique MAC addresses for their network interfaces, you should be able to look at the physical (MAC) address on each node with the ifconfig command. ... View more

Cloudera Manager passes configuration and those keytabs through the agent at startup of the CDH processes configured to run on that cluster server.   Those are correct keytabs to be distributed to those services.   The monitoring services re-use the hue keytab for their activity with cluster nodes.   For the HDFS keytab present that is for functionality within reports manager that requires access to hdfs information.   The principal names are described within the SCM management DB, as well as the merged keytabs for the roles as gathered from the credentials table.   Todd ... View more