Behavioral Changes

Behavioral changes denote a marked change in behavior from the previously released version to this version of software. In HDP 3.0.0, behavioral changes affect the following Hadoop components.

Table 1. Behavioral Changes
Hortonworks Bug ID	Apache Component	Apache JIRA	Summary	Details
RMP-10355	HDFS	HDFS-13081	Now a secure DataNode can be started without privileged ports by setting SASL for RPC and SSL for HTTP.	Scenario:New blacklist based RPC encryption negotiation is introduced to allow flexible deployment of RPC encryption. Previous behavior: In a secure cluster, Datanode required privileged RPC/HTTP ports even if SASL QoP is configured for RPC and SSL is configured for HTTP, respectively. SASL QoP encryption negotiation supports WhitelistBasedTrustedChannelResolver: only client/server in the whitelist file are trusted (unencrypted). Everything else is encrypted by default. New behavior: DFS-13081: In secure cluster, DataNode can be configured to use non-privileged RPC port, secured by SASL QoP and non-privileged HTTP port, secured by SSL. HDFS-13060: SASL QoP encryption negotiation now supports BlacklistBasedTrustedChannelResolver: only client/server NOT in the blacklist file are trusted(unencrypted). Workaround/Expected Customer Action: Configure the secure Dataode by setting SASL (QOP) for RPC and SSL for http without privilege ports. Remove HDFS_DATANODE_SECURE_USER from hadoop-env to remove the privileged port. Configure RPC wire encryption using blacklist or whitelist approach as required.
RMP-9793	Oozie	N/A	Oozie will not run Hive actions anymore. Please use Hive2 actions instead.	Scenario: Hive CLI is removed in HDP 3.0.0 because it is a security risk. You can only use HiveServer2 actions now . Oozie should make this explicit by disallowing Hive action. Previous behavior: You do use a Hive action. New behavior: Hive CLI is removed, you can only use HiveServer2 actions. Workaround/Expected Customer Action: Modify old workflows to use Hive2 actions.
BUG-104280	Oozie	Oozie-1624	Oozie can be configured to do not use dependencies from share lib which matches for the defined pattern.	Scenario: It is possible to have different versions of a specific dependency on share lib in different directories. When it causes incompatibility failures user can exclude the unwanted ones. Previous behavior: You can use a Hive action. New behavior: In your job.properties file, you can now provide a pattern for different actions. For example, `oozie.action.sharelib.for.hive2.exclude=./`unwanted-1.0.0.jar* means that any file that matches will not present on distributed cache so will not be available in the started MapReduce job when user runs their Hive2 action. Workaround/Expected Customer Action: Exclude pattern can be defined for more action.
BUG-95538	HBase	N/A	Delete markers no longer incorrectly masks newer data.	Scenario: `copyTable` command with `allCells` option shows deleted row from original table Previous behavior: A delete marker would eclipse all writes to that same row until a compaction occurs, at which time the compaction runs over that row. New behavior: A delete marker will only eclipse writes to that same row which are at a timestamp older than the delete marker's timestamp. Workaround/Expected Customer Action: Restructure applications to account for this change.
RMP-11005	Ranger, Atlas	Ranger-2019	Ranger's Atlas service definition has been updated.	Scenario: In Ranger, the Atlas service definition has been updated. When looking at the home page of Ranger (Resource Based Policies / Service Manager), there will appear to be two Atlas services. Previous behavior: There was one Atlas service labeled "Atlas". New Behavior: The old service definition is labeled "Atlas-V1", and the new service definition is labeled "Atlas".